Android is the most widely used smartphone OS with 82.8% market share in 2015 [1]. It is therefore the most widely targeted system by malware authors. To detect these malicious applications before they are installed on users phones, we need an automated analysis. Researchers rely on dynamic analysis to extract malware behaviors and often use emulators to do so. However, using emulators lead to new issues. Currently emulators cannot emulate SIM card, camera and microphone -components that are likely to be used by malware applications. Moreover, malware may detect emulation and as a result it does not execute the payload to prevent the analysis. Finally, emulation suffers from inherent slowness and causes more application crashes than real devices. Dealing with virtual device evasion is a never-ending war and comes with a non-negligible computation cost [2]. To overcome this state of affairs, we propose a system that does not use virtual devices for analysing malware behavior.Glassbox is a functional prototype for the dynamic analysis of malware applications. It executes applications on real devices in a monitored and controlled environment. It is a fully automated system that installs, tests and extracts features from the application for further analysis. The environment is controlled in a way that Glassbox neither suffers from malware nor becomes an infection vector through the control of web requests, calls and SMS/MMS. The features extracted are Java calls, system calls and both encrypted and non encrypted web requests. In this paper, we present the architecture of the platform and we compare it with existing Android dynamic analysis platforms.Lastly, we evaluate the capacity of Glassbox to trigger application behaviors by measuring the average coverage of basic blocks on the AndroCoverage dataset [3]. We show that it executes on average 13.52% more basic blocks than the Monkey program.