Many Android applications (apps) ask for different kinds of permissions during installation. Currently, there are more than 200 types of Android permissions. A large number of these permissions are related to hardware access functions. However, some of these permissions allow the apps developers to access the sensitive data or perform suspicious activities on the host devices. Androwarn is an open-source tool that can do the static analysis of the Android applications to find out permissions granted and any suspicious/abusive activity being carried out by the application. The analysis performed by Androwarn can be divided into the following categories and this is the reason Androwarn is the best android app source code analyzer.
Application Information
Application name
Version
Package name
Description
Analysis Results
Telephony identifiers leakage information
Device settings information
Location check
Connection interface data
Service abuse check
Audio/Video data leakage check
Pim data leakage check
Code execution test
APK File
APK file name
File hash
Certificate information
ANDROIDMANIFEST.XML
Main activity
SDK version
Activities
Receivers
Permissions
Features
API’s Used
Classes List
Classes Hierarchy
Internal Classes List
Intents Sent
Androwarn can generate output report into three different formats i-e text, JSON, and HTML. Moreover, the report can be of Beginners, Advanced, or Expert level; depending upon the requirement or expertise of the analyst.
Androwarn Installation
Androwarn can be cloned from GitHub using the following command.
clone https://github.com/maaaaz/androwarn.git
All the dependencies are included in requirements.txt file. The dependencies can be installed using the following commands.
cd androwarn pip install –r requirements.txt
How Androwarn Works
All the options and available parameters can be explored by running the following help command.
python androwarn.py –h
The target application can be analyzed in the following format.
python androwarn.py –i <target .apk file> –r <desired report format> –v <desired report level>
Here –i represents the INPUT, -r the REPORT, and –v the REPORT LEVEL. The –r can be text, HTML, or JSON. Similarly, -v can be 1(beginners), 2(Advanced), or 3(Expert level). Let’s assume a test.apk Android application file in Androwarns’ directory. The desired file is of expert level in HTML format. The above command takes the following shape.
python androwarn.py –i test.apk –r html –v 3
The tool analyzes the target test.apk file and generates html report in the same directory where the target test.apk file exists.
The report contains results according to the aforementioned categories (Application Information, Analysis Results, APK File, ANDROIDMANIFEST.XML, and API’s Used). The following Telephony identifiers leakage information screenshot shows that the application reads a lot of sensitive information, such as SIM’s serial number, device location, and IMEI details,
The application records the location of the device from all available providers.
Services abuse is another malicious behavior of the target application. The application is not only able to make phone calls, but it can also send, intercept, and block the incoming messages (SMS).
The test.apk file is also set to record the audios and capture videos by utilizing the available resources.
Suspicious connection establishment is the worsts of activities performed by the analyzed Android application. The application connects to remote IP address to provide a backdoor to the third party listener.
The following permissions are given to the said application. Majority of these permissions violate the user privacy and contribute to the sensitive data leakage.
The aging app called FaceApp application is trending in the news not necessarily because of its features but due to the controversies linked with the application. Many people believe that the application is designed to steal users’ data and violate privacy. In the second example, we have analyzed the Faceapp application using Androwarn tool to see if it actually violates users’ privacy.
Androwarn gathers the following certification information about Faceapp application, confirming the Russian origin of the application.
The Telephony identifiers leakage information can be seen in the following screenshot.
The only service abuse found in the application is the ability of the application to make phone calls.
Pim data leakage shows that Faceapp not only accesses the data stored in downloads folder but it also accesses the data stored in the clipboard.
Faceapp has got the following permissions on millions of Android devices. Majority of these permissions can harm users’ privacy since due to read and write permissions.
Summary
Androwarn is a smart tool that can thoroughly analyze the Android application to find out the suspicious activities and sensitive permissions granted to the application.
