Dear Folks,
I am trying to pentest in my Android device in order to dive into depth of Operating System in order to analyze services. This is for to make sure whether there is any malicious app having access to microphone, camera and other services in my phone. Do you know what is the best way to do that? Can anyone show me an exact guide to it? Or, anyone who knows other methods to detect malicious apps in Android?
Look inside here:
A detection method for android application security based on TF-IDF and machine learning
Android is the most widely used mobile operating system (OS). A large number of third-party Android application (app) markets have emerged. The absence of third-party market regulation has prompted research institutions to propose different malware detection techniques. However, due to...
journals.plos.org
Related
Hello,
Seeing that latest HTC EVO scandal I'm beginning to understand how crappy Android security is.
Are you guys familiar with known mobile security products today? Such as Good?
My question is this:
Say I got an android platform (phone, tablets, etc.) that has a mobile security product implemented into it. For the sake of the argument, lets say its Good - a sandbox operated within the android OS implementing encryption and data protection.
Now, lets say that the device has vulnerabilities similar to the HTC issue. In fact, lets make it even worse - an unrooted device has an extreme vulnerability which may allow a user to take control of the system as IF the device was rooted.
Is there any theoretical scenario, in which someone who can take such control of the device, also takes control of the mobile security product processes and by doing so - manages to compromise the sandbox, as in - extract data from it?
Hi all,
I want to start android application development. Can you suggest a low budget way of doing that?
Can any android supported cell phone can be used for App development or there are some restrictions in phones for Development? If yes, then i can buy any low series basic used android phone and do App development.
Do i need to root and ROM access any phone to develop, load and test application?
Where can i find Android application framework architecture and basics of application development documents/ articles? I know developer.android.com has it but it is not starting from broader level to micro level. It is just talking about specific issues and directly starting Hello World. But i want to study about android architecture and fundamentals before starting.
Thanks.
The android SDK comes with an emulator, so that will help on the phone aspect. You definitely want to be able to enable sideloading of apps (install non-market apps), I've heard some carriers disable this. Root can be helpful in many situations.
Assuming you know java and are familiar with Eclipse, you mainly need to learn about the Android API.
Hello,
First off, apologies if I have posted this in the incorrect forum.
The company I work for is looking to update one of it's product lines and has been toying with the idea of using Android as a development platform. Up until now the philosophy has always been to develop simple, bespoke embedded software that provides only the functionality that is needed at the time. The device itself will be a medical device, and as such will have no telephony requirements (and associated things like contacts, calander and the large majority of the pre-installed Android apps).
I have read, and understand it is possible to re-compile Android from source and remove all of these non-required functionality. My question is really if that is worth doing? i.e. stripping out all un-needed applications that get build into a stock ROM. Or would it be a more efficient to use some form of OTS embedded Linux platform?
Something in Android 4.0 that does seem to be useful is the support for Bluetooth HDP.
Kind Regards,
Simon
Well there are other devices that aren't phones that use Android. Take the motoactv for example. It's a fitness watch that runs a stripped version of Android, but it's still Android and applications can still be programmed and installed to it.
When are we getting a XPrivacy port or equivalent? I thought the homebrew scene would have been the first to make something like this,considering how far HaRET and Root Tools went as far as accessing functionality.
We only know how to do a handful of those things right now. The same hacks that Heathcliff74 used for Root Tools policy editing could be used for other policy editing, such as removing specific permissions from apps, but you'd have to either reverse engineer the policy database yourself or get him to write the tool or document the reverse engineering he did. For homebrew apps, permissions could be edited out of the manifest pre-installation - I seriously considered coding this into my XapHandler app - but decided the likelihood of crashes made it not worthwhile.
Unfortunately, that approach would likely just cause a lot of apps to crash. To instead actually modify the way the apps work (i.e. hook their call to the location services and return a bogus address) should be possible with enough work - a normal app couldn't do it because the .NET runtime on the phones doesn't allow modifying system functionality that way, but a custom ROM or high-privilege app could work around that - but it would not be easy.
I suspect the true answer is that nobody has bothered yet.
The simple genius in achieving privacy through data spoofing is something I was mulling a way back,long before the recent scandals. My method,of course,extended way beyond the device and could render all digital information useless,technically speaking. Im gonna nominate this app for one of these awards that keep popping up,even if im not using Android.
How can I get around apps that crash when using emulators?
How much of a task would it be to patch the apk or is there something simpler I could do?
Look inside here:
Defeating Android Emulator Detection - Virtue Security
At some point while performing vulnerability assessments on android applications you will encounter apps that don’t want to be run within an emulator. We can’t blame application owners for wanting to ensure that the user interaction they see comes from genuine devices, but it doesn’t help us do...
www.virtuesecurity.com