tomliamlynch / androguard

Automatically exported from code.google.com/p/androguard
Apache License 2.0
0 stars 0 forks source link

incorrect permissions analysis #70

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Use display_PERMISSION() method in demos/androguard_ANALYSIS.py
2.
3.

What is the expected output? What do you see instead?
expected to see the right permissions: SEND_SMS and CALL_PHONE, but see 
ACCESS_NETWORK_STATE and SEND_SMS without CALL_PHONE

What version of the product are you using? On what operating system?
1.5, Mac OSX 10.6.8

Please provide any additional information below.
My sample is attached:)

Original issue reported on code.google.com by kel...@gmail.com on 9 Aug 2012 at 9:42

Attachments:

GoogleCodeExporter commented 8 years ago
Hi,

yes show_Permissions will show to you the links between the permission and the 
associated methods.

In your sample, you perform a call:

public void testPhoneCall()
    {
        android.util.Log.v("APKILTest", "[*] testPhoneCall()");
        v0 = new android.content.Intent("android.intent.action.CALL");
        v0.setData(android.net.Uri.parse("tel:10010"));
        this.startActivity(v0);

but the action is a string which can be easily modify in the fly by a classical 
malware.

If you would like that in the show_Permissions, we need a deeper analysis.

Original comment by anthony....@gmail.com on 9 Aug 2012 at 9:47

GoogleCodeExporter commented 8 years ago
You didn't use the manifest file?
How did you do permission analysis in the current version?

Is it based on http://www.android-permissions.org/permissionmap.html?
Sorry I didn't read your code in detail.

Kun

Original comment by kel...@gmail.com on 9 Aug 2012 at 10:06

GoogleCodeExporter commented 8 years ago
Of course, get the permission from the manifest file with:

a = APK("yourfile.apk")
a.get_permissions()

but the method you talked used the android-permissions.org filemap to get the 
associated methods/perms

Original comment by anthony....@gmail.com on 9 Aug 2012 at 11:56