Android operating system always occupies the highest market share in mobile operating systems. Security analysis on Android operating systems often focuses on analyzing applications (APK files) when installed on the phone. There are few studies analyzing Android firmware, especially customized Android firmware. In this study, we propose a model to analyze Android firmware using a distribution model. The proposed system can be deployed on a distributed network system, which allows for multiple Android firmware analysis requests at the same time. Experimental results show that the performance of the proposed system is better than the single node model. Besides, we also discovered many malware in preinstalled applications in custom Android firmware in the wild.
