Automated Security Analysis
This tool was created for research purposes; as a part of my paper, Simple Scripts Evaluate Android Application Security.
For the research paper, 100 applications were examined. 50 were pulled from the Google Play Store randomly by a script. 50 were chosen from the Google Play Store's selection of IOT apps.
Sample output is available; describing vulnerabilities found in:
Functionality
- searches through disassembled android applications to find
- security vulnerabilities, like:
- SSL API misuse
- unprotected interfaces
- potentially dangerous combinations of requested permissions
- security vulnerabilities, like:
- creates detailed output
- shows the context around the potential vulnerabilities it finds
- shows where the functions or classes containing the concerning code are invoked
Setup
- I created the main script (analyze.sh) and most of the helper scripts so they could execute on a fresh installation of Ubuntu 16.04 with no additional packages installed.
- However, apk files need to be disassembled with apktool.
- disassemble.sh automates this if apktool is installed.
- However, apk files need to be disassembled with apktool.
- The helper scripts are unnecessary; you can just run analyze.sh in a disassembled app's folder.
Made Using
- bash scripting
- common utilities like:
- find
- grep
- awk
- sed
- no external libraries
- no third party programs
Helper Scripts
- The helper scripts expect to find disassembled apps' folders in ./apps/
- run.sh
- Creates and executes copies of analyze.sh for each application.
- Uses xargs to run them in parallel across multiple CPU cores.
- Once all analyze.sh scripts finish, it:
- removes the copies of analyze.sh
- moves and renames the output files for convenience
- Creates and executes copies of analyze.sh for each application.
- disassemble.sh
- Uses apktool to disassemble any apk files in the apps folder.
- clear-output.sh
- Deletes all output files.
- Also removes copies of analyze.sh that may be left behind if run.sh is stopped midway.
- read-outputs.sh
- Prints all output files to the terminal.
- Recommended to run as "./read-outputs.sh | less" for easier reading.