Copyright © 2016 IJECCE, All right reserved 8
International Journal of Electronics Communication and Computer Engineering Volume 7, Issue 1, ISSN (Online): 2249–071X, ISSN (Print): 2278–4209
Android Security (Decompilation of APK File to Check
Permissions)
Hemant Bansal
Vikas Batta
Abstract – The world wide revolution in Android technology is changing our lives in term of the way we learn and use. Android Security fits into this because the technology has been around long enough and can provide various benefits for security in this area. The main objective of this paper is to Decompile the Android App And Check the permissions Used By That App (What The permissions any app is accessing Like reading messages, Using our internet data, reading our call logs). This Research Paper Helps Peoples To aware About the Un necessary Applications and Their Permissions That Are in Our Phone Stealing Our Credit Card details, secret details etc.
Keywords – Android, APK Permissions Checking, Android Security, APK decompilation.
I.
I
NTRODUCTIONAndroid Is Mobile Operating System Developed By Google Based On Linux Kernel. It is Mainly Designed for Touchscreen Handheld Devices. Android has largest installed base of all operating systems. Android was Initially Developed By Android Inc, Then Acquired by Google In 2005. Android has one of the Most Largest Application Base As Compared To Iphones operating systems Or Other Operating Systems. It is mostly used for cell phones, like Google's own Galaxy Nexus, as well as by other phone manufacturers like HTC and Samsung
II.
A
NDROIDV
ERSIONS&
N
AMESBeta versions: Astro and Bender 1.5: Cupcake
1.6: Donut 2.0 and 2.1: Eclair
2.2: Froyo (FROzen YOgurt) 2.3: Gingerbread
3.x: Honeycomb (a tablet-only version) 4.0: Ice Cream Sandwich
4.1: 4.2 and 4.3: Jelly Bean 4.4: KitKat
5.0: and 5.1: Lollipop 6.0: and 6.1: Marshmallow
III.
A
NDROIDS
TRUCTUREThere are Different Layers of Android Architecture. Android is built On top of Linux Kernel.
3.1
Linux Kernel
It Is The Core Operating System For Android. It Takes care Of Memory Management, Process Management, Drivers and Other Similar things.
3.2
Libraries
These Are One Of the Most Important Components Of Android System. SQLite Are the databases Where Our All contacts and messages are Stored and SQLite databases To Work with Android We need these libraries. When Browser Request such As GET http://google.com It Is Rendered as Html Page And that Is Possible Because Of Webkit Libraries. SSL is To Provide Security, Open Gl | Es For graphics.
Fig. 4.1.
3.3
Android Runtime
These Are Core Libraries Again Important Components Contains Libraries That Are Required For Java Program and Android Applications To Work. Java byte code is given to Dex Tool for Optimization Of java Program And dalvik Virtual Machine Run The. Dex File.
3.4
Application Framework
It is Like API's. This Provide Application Programming Interface For Our Application Layer. Android Is Providing Prebuilt API's For Developers To Need Not to Write The Code Again. Example Location System We Need Not To Write The Code For Location System To Track The Location of User. Developers Just Use Location System API.
3.5
Application Layer
This Is The Layer Which We Physically Feel. Home, Contacts, Browser these are the Applications which we physically interact in day to day life. Application Layers Can Contains Applications That Are Preinstalled or Installed By End User.
IV.
P
RESENTW
ORK4.1
Problem Formulation
Copyright © 2016 IJECCE, All right reserved 9
International Journal of Electronics Communication and Computer Engineering Volume 7, Issue 1, ISSN (Online): 2249–071X, ISSN (Print): 2278–4209
Using Open Source Tools Such As MOBSF Developed By AJIN Abraham And UNHACK Developed By Lucideus Technologies.
4.2
Proposed Architecture
Fig. 4.2. Architecture for Interface to Decompile Application
This model is a standard model followed for every Input APK File, this model describes the standard and the necessary steps involved in processing the APK File From start To Stop and getting the results.
4.3
Objective of study
"To decompile The Android apps and checking The Permissions Used By That App Like Internet Data, Reading Of Our Memory Card Contents For the Protection Of Our Secret Details."
As Android Has Become the most Used Operating system in the world and it has some limitations also For Naive users they are losing their secret details by installing untrusted applications on their mobile phone. security is the biggest challenges for android developers. By Installing Antivirus in Android Mobile Does not Means They are safe. Antivirus can reduce the level Of Attacks on Android But does not Guarantees the safety For the Users. Android File Security Can Be Tested By two ways static and dynamic analysis. Static analysis gives all the details of binaries, java libraries and permissions in the APK file whereas dynamic analysis is for function And Activity Security Testing
.
4.4
Research Methodology
The Figure Gives Us The Idea How Installing A Malicious Application Can Leads To Hacking Of Our All Details Our Emails, Our CC details . One Big Example Is When Sometimes Internet Bill Is Increased The Reason Behind That Is These malicious Apps Who Are Using Our Internet Data And Sending Our Details To Malicious Hackers.
V.
I
MPLEMENTATIONScanning Or Decompilation of APK Files can Be Done By tools like UNHACK For Handheld Devices Developed by lucideus and available On Play Store and MOBSF for
Laptops If We Want Deep Scan of That APK File with some more details[1].
5.1
Requirements
UNHACK Requirements:-1. UNHACK Application from Play Store MOBSF Requirements are:-
1. Python 2. Django
3. Mobsf Security Framework 4. JDK
5. PyOpenSSL==0.15 6. Tornado==4.1 7. Xhtml2pdf==0.0.6 8. psutil==3.2.1
5.2
Check and start the interface
When everything is done copy the Mobsf framework files in the python folder and follow the steps
Open Command Prompt
CD to Python Directory Folder and Type the Command Command – python manage.py runserver
Python manage.py runserver is to start the Server On The http://localhost:8000 .All The Process Remains On Local Computer There Is no Interaction With Internet While Performing Static Analysis. Next Step Is To Give The Input To The Mobsf Security Framework.
Visit:- 127.0.0.1:8000
5.3
Input the Apk file
For Input Click On Upload And Analyze .
Copyright © 2016 IJECCE, All right reserved 10
International Journal of Electronics Communication and Computer Engineering Volume 7, Issue 1, ISSN (Online): 2249–071X, ISSN (Print): 2278–4209
5.4
Analysis
By Clicking Upload And analyse Apk File Starts Decompiling On Background All The Java Binaries , All Strings, All Code Aanalysis will be automatically done And We Get the Results On the Foreground.
Decompilation :
5.5
Results
Application information
Permissions used by application
5.6
Unhack permission checking steps
Just Install Apk File From Play Store1. Click Analyse Apps.
2. 2. Check the Details Of Apps Using Particular
Content.
Check the details of apps who are ascessing Our
Location
VI.
C
ONCLUSION ANDF
UTUREW
ORKIn this paper, we have tried to explain how we can Decompile The Android App And check the Permissions Allowed By User On His/Her Android Mobile. The Research methodology explained in this paper has implemented its results with maximum extent. But there are lot of Other Security Mechanisms like Dynamic Analysis which are still in underprogress. We believe that the method given in this paper To Check The Permissions Of Any Android App Helps The User To Protect Their Secret Details And As Well As Helps The Users To Reduce Their Internet Bill By Uninstalling Such apps That Are Ascessing Internet Data Whole day. But due to black hacker’s strategy, further investigation in this domain will be required and we will try to survey continuously for this domain and find the new protection measures for new protocols.
R
EFERENCES[1] Owasp (https://www.owasp.org/index.php/Main_Page) (Open Web Application Security Project)
[2] Lucideus Tech (Founder of Unhack Application) [3] Ajin Abraham (Founder of Mobsf Framework ) [4] Rafay Baloch (www.rafayhackingarticles.net)
Copyright © 2016 IJECCE, All right reserved 11
International Journal of Electronics Communication and Computer Engineering Volume 7, Issue 1, ISSN (Online): 2249–071X, ISSN (Print): 2278–4209
A
UTHORSP
ROFILEHemant Bansal did his B.Tech in Computer Science
E n g i n e e r i n g f r o m B G IE T , P u n j a b T e c h n i c a l University, Punjab. I am a Sr. Security Specialist working for a reputed company in the field of cyber security and Penetration Testing and published more than 10 E-Books on IT related subjects like Manual Approach To Sql Injection, All In One Wordpress Security, and Backtrack Operating System etc. I Have Been acknowledged By Giants Of Information Technology Like Google, Microsoft For Reporting Valid Security Bugs In Their Websites. I Have Been Awarded 2100 USD For Finding Security Issues In Reputed Company Based On Russia I conducted more than 10 workshops on topics like “Ethical Hacking” at various institutions/ colleges/ companies all across the India.
Vikas Batta An experienced Business management