BSides Canberra 2026

Inside of an Android
2026-09-24 , Off-Main Track

Have you ever been curious what really happens inside a mobile device? How often are different syscalls used? Are syscall errors common? What binaries are executed, and when? Whose actually making all these network requests? Do these behaviours change when not connected to USB? If "yes", then you're not alone. This talk is a tour of modifications I made to Android to enable answering these questions, and more. Starting from source code, I'll discuss different Android technologies and the changes made to include a range of system and endpoint monitoring tools, as well as the services used to collect, analyse and alert on behaviour from both emulated and physical devices.

Aaron has spent 20 years developing and maintaining security systems from within or on behalf of governments. More recently, those skills and experience have also been invested into home lab and hobby projects. One of which is the subject of a BSides Canberra 2026 talk.