Android Permissions

01. Introduction

Goal of this exercise is to get an overview of different tools how you can check and read out android permissions of a given apk file:

02. Classy Shark

ClassyShark is a standalone binary inspection tool for Android developers. It can reliably browse any Android executable and show important info such as class interfaces and members, dex counts and dependencies. ClassyShark supports multiple formats including libraries and executables.

Download:

You can simply start classyshark with the followin command:

java -jar classyshark.jar

Load package , select AndroidManifest.xml and check permissions:

03. Jadx-gui

Howto build Jadx from scratch is decribed in the first Lab Setup.

./jadx-gui  

04. AAPT

We can also use Android Asset packaging tool to dump the permissions:

aapt dump permissions sample-video-player.apk 

05. Mobile Security Framework

We can also use mobsf to analyze android packages.

We can try the online version:

06. Ressources

Last updated