How would you find out what kind of information an Android app is sending back to the "mothership"? For example, if an app is sending your ID, gender, etc. to advertisers.
Is there a way to do this in an Android app? Or would it have to be done via a packet sniffer over Wi-Fi?
Root your device.
Find a copy of tcpdump for Android
Launch tcpdump, capture a dump file.
Analyze offline with something like Wireshark.
You might check Android packet sniffer.
Unfortunatelly, you have to be root on your phone, and have the "su" command installed.
The TaintDroid project does exactly this. Installing it isn't as simple as just installing an app (of course), but they provide pretty detailed instructions. This tool has been used for exactly the purpose of detecting what kind of information an app is accessing and sending to some external source. They also provide the source code if you want to modify it for particular purposes.
The permissions tell you what data it is accessing, for example "Phone State" means getting the phones ID, Coarse or Fine Location is a permission to, so for network or gps location you need to be made aware.
Other data is behind other permissions. So if they aren't cheating you can somewhat figure out what they are using.
Related
I am developing a parental kind of App in which there is a requirement to block specific urls from all the browsers in the Device. I think this is an old question but couldn't find any solution yet on stack.
Do you have any working solutions. Assumption - The device is rooted.
Regards,
sha
I have two resources for you:
Since the device is rooted you can work directly with iptables. iptables will give you very precise control over all coming and going data packets. Check out open source projects like AFWall+ on GitHub for iptables in action.
If you want to be able to run your app on unrooted devices look into creating a fake VPN. You don't send any data to an actual VPN server, you simply use the VPN API to filter all the information coming and going. Check out Disconnect (whenever they actually share their open source code...) or OpenVPN which is what Disconnect builds on.
I'm making an app for a client, and they are experiencing bugs that no one else can reproduce. They are not close to us, so I can't physically go to them and hook their device up to my laptop.
Is there a way that they can get hold of their logcat files without having to install adb on a machine first, i.e. can they email them straight from their device? I'm not sure how tech-savvy they are, and ideally I don't want to spend too much time telling them how to install adb if I can get the files some other way.
Obviously I'm looking to do it with their permission (and I'm expecting that installing adb is going to be the only way).
Edit: I should add that I'm using Corona SDK, so will not be able to access the logs from directly inside the app. Also, all devices are 4.1+ so the various log collector apps have not worked.
You can redirect the logcat to a file and send it by email using your app.
Check here how to save the logcat into a file.
I would like to programatically make my device answer to broadcast pings (i.e pinging 192.178.1.255) while connected to a wifi network.
Is there a way i can do that ? Maybe a listener that will ping back, or a flag to set somewhere?
Thanks.
Is there a way i can do that ?
In short: Yes. But it will take some good effort to integrate the necessary components.
The key problem is that you need to listen for ICMP network packets. Such functionality is not accessible from Java and would require either JNI code or an external program. (To my knowledge, it also requires a rooted device.)
You will need a library or program that can process network traffic, such as Jpcap (which would require some modification to work on Android). You could also install and run an instance of tcpdump in the background and parse its output.
It's not possible for an app to send/receive ICMP Echo Requests on Android. (Maybe there is a way on rooted devices)
But if your basic goal is to implement some kind of local device discovery functionality (and your code runs on all devices), you can use UDP broad/multicast messages instead.
I know this question is quite old now, but I came across this looking to for an answer and managed to work it out myself.
What I did was download a root file explorer (I used Root Browser from JRummy Apps) and navigate to /proc/sys/net/ipv4 edit icmp_echo_ignore_all so that it is a 1-line, 1-character file that simply says 0 (when I opened the file, it was set to 1)
No reboot, ICMP requests started working upon saving.
I have Users with rooted Android 2.2+ smartphone devices.
Whenever any on-device App accesses the device's Contacts List, Microphone or Camera resource, I want to Suspend that App, pop up a warning message to the User, and let the User decide whether to Abort or Continue.
Even though at App install-time the User might have (blindly) granted those Apps permission to access those Resources.
So, I want to write an Android System Service to continuously scan the File Descriptors (or whatever) representing the Contacts List, Microphone and Camera.
If any other application or service/process/thread attempts to open any of the above file descriptors, I suspend it and pop up a Toast message to the User, something like:
"Application "CHESS" is trying to access the CAMERA!!! Close the app, or Continue?";
I could find absolutely nothing on the Android SDK or NDK which would help me achieve my above goal.
Not even a quick-and-dirty-and-dangerous Linux command approach like "./data/lsof -w | grep audio" inserted and run on the device was of any help whatsoever -- I don't know what precise Android resource names to grep for, and moreover the Resources' file descriptors seem to be open all the time whether they are being accessed or not!
Thank you, any advice would be greatly appreciated.
I would agree with the previous posts saying it might not be possible. But if you were deploying your own kernel, then this has a good suggestion thread here: Android Kernel modifying
also this thread here is along similar low level hooking that you want: http://groups.google.com/group/android-developers/browse_thread/thread/821e5a413f0014d9
Here is how to write a driver for android: http://www.kandroid.org/online-pdk/guide/display_drivers.html. Possibly you need to write a driver that is generic and just replaces the existing drivers that you want. that driver would then point to a backed up location of the old drivers, effectively wrapping the old driver. This way you should hopefully keep a generic driver that you write, and the same behavior and nice abstraction the manufacturer drivers provide.
new to android and lovin it so far. I have this issue which i need to solve and it may need a simple solution.
Intrinsic Destinator software has a feature of receiving an sms with location info which it can recognise. However when the software is installed in the mobile device (HTC desire-Z), it gets installed directly in the SD card. This disables this feature as it has no access to the sms folder of the phone.
On a windows mobile phone it is possible to install the software on the main memory and the maps on the SD card and it works that way.
Is something similar possible to do on the android phone? OR is it a matter of the destinator developers to alter the way the software gets installed?
Can the android sms folder be linked to the destinator software somehow?
A bit of a different approach - in Android you can subscribe to the event for when an SMS is received. This way your application will receive a notification when a message is received by the phone, after which you can basicly do whatever you need to so with the received message. No need to manually access anything like an SMS folder.
Take a peek at the 'receive' SMS Part of http://mobiforge.com/developing/story/sms-messaging-android