Android Permissions

01. Introduction

Goal of this exercise is to get an overview of different tools how you can check and read out android permissions of a given apk file:

69KB

sample-video-player.apk

Open

02. Classy Shark

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries and executables.

Download:

Releases · google/android-classysharkGitHub

You can simply start classyshark with the followin command:

java -jar classyshark.jar

Load package , select AndroidManifest.xml and check permissions:

03. Jadx-gui

Howto build Jadx from scratch is decribed in the first Lab Setup.

./jadx-gui

04. AAPT

We can also use Android Asset packaging tool to dump the permissions:

aapt dump permissions sample-video-player.apk

05. Mobile Security Framework

We can also use mobsf to analyze android packages.

GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.GitHub

We can try the online version:

https://mobsf.live/mobsf.live

06. Ressources

Android PermissionsAndroid Permissions

PreviousAndroid Manifest NextAPP Tracing with Frida

Last updated 3 years ago

hashtag01. Introduction

hashtag02. Classy Shark

hashtag03. Jadx-gui

hashtag04. AAPT

hashtag05. Mobile Security Framework

hashtag06. Ressources