Tuesday, 22 May 2018

ANDROID MANIFEST FILE ANALYSIS



ANDROID MANIFEST FILE ANALYSIS


ANDROID MANIFEST File can be obtained by extracting any.APK Files and this file contains the several information’s about the device needs to run the app, and it also includes the information about the component of the applications such as services, content providers, activities and broadcast receivers etc.
It also contains the protected information for an application like

1.1     PERMISSION LEVEL ACCESS

It includes the list of information’s that imply the hardware features it’s available in user feature, user permissions
For example, the code in user features available in the manifest file
  1. < uses - permissionandroid: name = "string"
  2. android: maxSdkVersion = "integer"/ >

1.2     USER PERMISSION:

Specifies system permission that the user must grant to run the app correctly. The user grants permissions when the application is installed (on devices running Android 5.1 and lower) or while the app is running (on devices running Android 6.0 and higher)
For more information’s about the user permissions, you can check on to the “android. Manifest. Permission” to process over the list of permissions that you wish to be enabled
It can be permission defined by the application with the  <permission> element;
one can set one of the standard features (such as "android.permission.CAMERA" 
or "android.permission.READ_CONTACTS") etc.

1.3     ANDROID API INFORMATION:

The API Level expressed by an application will be compared with the given Android version API level is a single integer, and it can vary based on different Android OS version. Here it’s been assigned to based on the minimum, targeted and maximum SDK version and they are based on the developer choice on based on their app requirements.
<uses-sdk android:minSdkVersion="integer"
           android:targetSdkVersion="integer"
           android:maxSdkVersion="integer" />

1.4     APP PERMISSIONS:

APP Permission is used to protect the privacy of the Android user and android apps must request permission to access sensitive user data are like SMS and CONTACTS and also other certain features like (CAMERA, INTERNET and WIFI) etc.
Permission request for any kinds of APP is assigned in the manifest file which is an APK file, and you can see in your day-to-day activities like code for the user permission to send SMS in the manifest file as shown below:
  1. < manifest xmlns: android = "http://schemas.android.com/apk/res/android."
  2. package= "com.example.snappyyapp" >
        < uses - permission android: name = "android.permission.SEND_SMS" / >
        < application... >      ...
    
        < /application> </manifest >
If an app has a typical kind of information, then the lower level of permissions can be used, but if your app contains any sensitive level of information’s then you have to assign the above code for the security purpose

APP PERMISSIONS:


In the above figure tells about the various permissions that have generally been allocated to an app and here I have checked the different authorities that have used for the cliq app.In this list of options you can enable the required option which you need to set the app permission by default and once you select any one of this option than later it will not ask for any user permission
If you did not enable any permissions over here, then it will ask for the app permissions every time like the diagram as follows.

DEFAULT APP PERMISSIONS:

This is the various levels of permissions that are available in manifest file and also on your smartphones.

1.5     ANDROID VULNERABILITY ANALYSIS:

Vulnerability analysis in android can be done by analysing the manifest file, and once you deobfuscated the code, you can manually examine the code to check the vulnerabilities. Many vulnerabilities can occur on the manifest file, and here I have explained some vulnerable code for your reference and what are the various options that can lead to the vulnerabilities

1.5.1      BACKUP MODE ENABLED:

The name usually describes the automatic enabling of the backup data. The backup mode allows backup option as the attacker can take the backup of your data as well as he can also steel some sensitive information’s present in your applications making it a vulnerable. According to the security purpose and by default the google drive is the default destination of the app backup’s and the backup option code available in the manifest file as follows
  1. < application…android: allow Backup = ”true” > < /app>
 Prevention: Backup mode should be set false to prevent this kind of attacks

1.5.2      DEBUG MODE:

The debug mode defines that whether the applications are debuggable or not. Also, when the debug is enabled the attacker can gather plenty of information. In  Staging environment when the app is not in production state, it can be set as true, and once it moves to the final stage for execution it should be set as false, it’s a one of the critical vulnerability which leads anyone to capture sensitive information’s of an applications
Debug code available on manifest file
  1. < application android: debuggable = "false"< /application>

1.5.3      APP COMPONENT VULNERABILITY:

The app component vulnerabilities mainly describe the components present in the manifest file like activity, services, Content provider or Broadcast receiver and they can be either private or public the exported attribute in each component declaration in the manifest file defines that the component is private or public
If the component is public it can be exported to the other apps, if the component is private then it cannot be exported, by exporting option the attacker can export any information’s from the application and this kind of export options depends upon the applications and the severity level of this vulnerability may vary upon the application
  1. android: exported = "true">
  2. < intent-filter> < /intent-filter> < /service>... < /manifest>
  3. < manifest xmlns: android = "http://schemas.android.com/apk/res/android"
  4. package= "com.example.testapps.test1" > ... < service android: name = ".MailListenerService
  5. android: enabled = ""
Prevention:
  • If an application has an exported option, then it should have a permission function for each file that is to be exported

1.6     CONCLUSION:

It is one of the ways to analyse the Android manifest file and by this blog the information about the permission access, backup and debug mode analysis can be done.
Reference Links:

AUTHOR

Ram Kumar
Security Engineer
Briskinfosec Technology and Consulting Pvt Ltd.,
follow me @https://www.linkedin.com/in/ram-kumar-3439b511a/

No comments:

Post a Comment