Android Permissions

01. Introduction

Goal of this exercise is to get an overview of different tools how you can check and read out android permissions of a given apk file:

69KB

sample-video-player.apk

02. Classy Shark

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries and executables.

Download:

Releases · google/android-classysharkGitHub

You can simply start classyshark with the followin command:

java -jar classyshark.jar

Load package , select AndroidManifest.xml and check permissions:

03. Jadx-gui

Howto build Jadx from scratch is decribed in the first Lab Setup.

./jadx-gui  

04. AAPT

We can also use Android Asset packaging tool to dump the permissions:

aapt dump permissions sample-video-player.apk 

05. Mobile Security Framework

We can also use mobsf to analyze android packages.

GitHub - MobSF/Mobile-Security-Framework-MobSF: Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.GitHub

We can try the online version:

Mobile Security Framework - MobSF

06. Ressources

Android PermissionsAndroid Permissions