I am developing a custom Antivirus app, which will need Storage Permission, Root Access and having a custom Recovery like TWRP installed.
For granting Storage Permission, I can easily use ContextCompat or EasyPermissions. I would rather use EasyPermissions, since it is way easier for me.
Well, I searched almost the whole internet to find any library to check for Root Access. I literally found two libraries by Stericson. Now I have the RootTools and RootShell on my Android Studio Project. I can handle for Root Access. For those two permissions (Storage, Root): I can handle it.
Now, I know that somewhere in /dev/block can have the recovery image. But how can I determine, which one is installed? I mean, if my Antivirus App fails to scan and deletes critical files without even noticing it, then Android can say "goodbye". That's why I want to check if a custom Recovery (for example: TWRP) is installed or not, so it can recover deleted files.
Is there any dependency for it to check custom recovery or other way? I would really need it because I can't have all these reports on me saying that I made an app telling about it, that I damaged someone's device and need to pay for example, $200 away. Look, if I get a report saying that my app damaged that preloader / bootloader file on someone's device, then I would need to send any motherboard / phone replacement to that one, that got damaged. I would need to ask that person the address to send the replacement. Really, if I get a report coming from telling me that any kind of system or other image got broken, I'm outta here!
Related
I am hoping to implement some security for an Android app to prevent people from using the code unless it was installed on the correct device by the company. My first choice would be to make sure the app was installed through the Google Play Store, but this app will not be available there.
I have determined that one security measure that will work for my use case is checking some of the information in the Build class. I am concerned that there could be the possibility that some of the fields in the class may not stay the same, even if the same model of device is always used.
What portions of the Build class are subject to change for a specific model of device and what fields should never change?
In the end all of these system configs are just .xml files residing on the device somewhere around /data/system/sysconfig which you can modify in any way you want if you have write access (aka root) so I would recommend starting from making sure that the user running your app does not have root privileges. There are some FOSS libraries for it, you can start from there.
I would like to write an Android app (not a PC program) that has a subset features of Android Device Monitor (ADM), ie. select a process and trace its method calls, with detailed information (all the information that ADM can get, like stack trace and time), while the phone is not connected to any computer nor does it have any network access.
I've searched into android.os.Debug.startMethodTracing*, but it seems can only trace current process and the result can only be written into a file (I need the info in memory).
Digging its implementation, I found dalvik.system.VMDebug.startMethodTracing*, but it seems cannot be used by apps and I didn't find a way to specify pids, neither. Looks like it's calling JNI functions, but I didn't find the implementation.
Maybe I can get the information by lower level way by using Linux perf events (perf_event_open(2)). But before doing that, I would like to know if such kind of feature possible to implement purely in Java (maybe by talking to some "system manager" process or "debugging server" process, or by calling some CLI tools then get its stdout)?
These capabilities can only be accessed by the shell user (the user that adb runs as), or the root user of course. By design, a normal android application cannot access these features, because this would completely break the application sandbox that is the basis of the application security model in Android.
Sometimes I really need to know if anybody has used my phone while I wasn't home? Is there any app to reveal such a thing? something like "launched apps history".
I don't believe that there is a built in provision for achieving this, but there are a number of available applications that allow you to monitor this, such as KidLogger. KidLogger is somewhat outdated, but I think there are other apps available too.
The other option is to download a log viewing program (or export the logs to your computer) like CatLog so that you can view the system logs. Application calls should be visible in the logs. I do believe that this requires root access though.
I need to develop an auto answering (GSM call) Android application.
I searched internet and learned that 3rd party applications do not have permission "android.permission.MODIFY_PHONE_STATE", because of which my application can not auto answer a call.
Then, I read about these AT commands. After reading different links I am still unsure about two things which I want to ask:
Can a 3rd party application use these AT commands to auto answer phone call...?
Does it require root access?
I think it needs root access (but I need to confirm), because on my unrooted phone I used command
"busybox microcom -t 5000 /dev/ttyGS0"
but I got
"busybox: permission denied"
( I tried to root the phone but because of some problem I am unable to root it.)
Since, I don't have any background of working with AT commands,So, before starting to write complete code for AT command, I need to confirm those above two points, to make sure that I 'm going in the right direction.
(I'm confused because, I wrote simple code to get the names of ports but program did not show any output (for my unrooted phone)...)
I am performing some experiments where I want to replay a previously captured packet trace from Android. So far I have written my own application to replay the trace and get then answer back from the server. Timing accuracy is not a big problem as long as is within reasonable bounds (e.g., some milliseconds).
However, I would prefer to use a tested tool like tcpreplay. Is there any project that have ported tcpreplay to Android? Given that libpcap is available, there should be something available, but I could not find anything.
Thanks for your help
I'm the author of tcpreplay, and I can't say I'm aware of an Android port. Never owned an Android device so can't say one is coming anytime soon.
I've got it running on my tab, you need to install GNUroot and Debian no root, they are both from the same developer... After get it, open GNUroot, check emulate new root, create rootfs and run the rootfs, after this "apt-get install tcpreplay". If you want to capture use TpacketCapture in the play store, you can also get Tpacketcapture Pro to use the capture in only one app.
If you are planning to hack games don't publish it, cause this vulnerability can be easily patched...
any question email me.