Why Androwarn is the best android app source code analyzer

Many Android applications (apps) ask for different kinds of permissions during installation. Currently, there are more than 200 types of Android permissions. A large number of these permissions are related to hardware access functions. However, some of these permissions allow the apps developers to access the sensitive data or perform suspicious activities on the host devices. Androwarn is an open-source tool that can do the static analysis of the Android applications to find out permissions granted and any suspicious/abusive activity being carried out by the application. The analysis performed by Androwarn can be divided into the following categories and this is the reason Androwarn is the best android app source code analyzer.

Application Information

Application name
Version
Package name
Description
Analysis Results

Telephony identifiers leakage information
Device settings information
Location check
Connection interface data
Service abuse check
Audio/Video data leakage check
Pim data leakage check
Code execution test

APK File

APK file name
File hash
Certificate information

ANDROIDMANIFEST.XML

Main activity
SDK version
Activities
Receivers
Permissions
Features

API’s Used

Classes List
Classes Hierarchy
Internal Classes List
Intents Sent

Androwarn can generate output report into three different formats i-e text, JSON, and HTML. Moreover, the report can be of Beginners, Advanced, or Expert level; depending upon the requirement or expertise of the analyst.

Androwarn Installation

Androwarn can be cloned from GitHub using the following command.

clone https://github.com/maaaaz/androwarn.git

androwarn cloning

All the dependencies are included in requirements.txt file. The dependencies can be installed using the following commands.

cd androwarn
pip install –r requirements.txt

androwarn requirements

How Androwarn Works

All the options and available parameters can be explored by running the following help command.

python androwarn.py –h

androwarn help parameters

The target application can be analyzed in the following format.

python androwarn.py –i <target .apk file> –r <desired report format> –v <desired report level>

Here –i represents the INPUT, -r the REPORT, and –v the REPORT LEVEL. The –r can be text, HTML, or JSON. Similarly, -v can be 1(beginners), 2(Advanced), or 3(Expert level). Let’s assume a test.apk Android application file in Androwarns’ directory. The desired file is of expert level in HTML format. The above command takes the following shape.

python androwarn.py –i test.apk –r html –v 3

test apk

The tool analyzes the target test.apk file and generates html report in the same directory where the target test.apk file exists.

test html file

The report contains results according to the aforementioned categories (Application Information, Analysis Results, APK File, ANDROIDMANIFEST.XML, and API’s Used). The following Telephony identifiers leakage information screenshot shows that the application reads a lot of sensitive information, such as SIM’s serial number, device location, and IMEI details,

1-telephone identifiers leakage information

The application records the location of the device from all available providers.

3-location data read

Services abuse is another malicious behavior of the target application. The application is not only able to make phone calls, but it can also send, intercept, and block the incoming messages (SMS).

4-servcie abuse

The test.apk file is also set to record the audios and capture videos by utilizing the available resources.

5-audio video data leak

Suspicious connection establishment is the worsts of activities performed by the analyzed Android application. The application connects to remote IP address to provide a backdoor to the third party listener.

6- remote connection check

The following permissions are given to the said application. Majority of these permissions violate the user privacy and contribute to the sensitive data leakage.

9- file permission

The aging app called FaceApp application is trending in the news not necessarily because of its features but due to the controversies linked with the application. Many people believe that the application is designed to steal users’ data and violate privacy. In the second example, we have analyzed the Faceapp application using Androwarn tool to see if it actually violates users’ privacy.

FaceApp analysis command

Androwarn gathers the following certification information about Faceapp application, confirming the Russian origin of the application.

certificate information

The Telephony identifiers leakage information can be seen in the following screenshot.

telephone identifier leakage check

The only service abuse found in the application is the ability of the application to make phone calls.

service abuse test

Pim data leakage shows that Faceapp not only accesses the data stored in downloads folder but it also accesses the data stored in the clipboard.

data leak check

Faceapp has got the following permissions on millions of Android devices. Majority of these permissions can harm users’ privacy since due to read and write permissions.

faceapp permissions

Summary

Androwarn is a smart tool that can thoroughly analyze the Android application to find out the suspicious activities and sensitive permissions granted to the application.