Giter Site home page Giter Site logo

extracting-sensitive-api-calls's Introduction

Extracting Sensitive API Calls in Malware Applications

Android

Buy Me a Coffee at ko-fi.com

Python Python Python

An Application Programming Interface (API) is an interface or communication protocol between a client and a server intended to simplify the building of client-side software. It has been described as a “contract” between the client and the server, such that if the client makes a request in a specific format, it will always get a response in a specific format or initiate a defined action. In building applications, an API simplifies programming by abstracting the underlying implementation and only exposing objects or actions the developer needs.

Android uses thousands of APIs to add different functionality in the application. It is a layered architecture. The API lies in the second layer (from the top) called as Application Framework layer.

Python

Application Framework

Application framework layer is on top of native library layer. The application layer provides major Application programming interface (APIs) and higher-level services in the form of java classes. The application developers are allowed to access all the APIs framework for the core programs that make simpler the reuse of APIs components. These APIs are open to everybody to create android applications. There is different type of application components. Each type has a different lifecycle and purpose that describes how the component will be created and destroyed.

Sensitive API

There is no definite defination for Sensitive APIs. Sensitive API's are the API's which handles the sensitive information in Android Devices. Now the sensitive information can be personal information rendering, it can be reading of databases, it can be sensing and receiving sms etc.

In this tool the Sensitive API's are the set of APIs which are used to access Sensitive Resources on the Android Device. Sensitive Resources such as Devce ID of the Application, Location of the user, getting the information about Network Type.

There are 10 API classes used as Sensitive API classes. All these API classes will have different API methods which are used to detect the malicious behaviour in an Application.

E.g.-

  • Landroid/telephony/TelephonyManager;->listen(Landroid/telephony/PhoneStateListener; I)V
  • Landroid/telephony/TelephonyManager;->getNetworkType()I
  • Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo;
  • Landroid/content/pm/PackageManager;->isSafeMode()Z

In the above examples TelephonyManager, ConnectivityManager, PackageManager are the API classes and listen(), getNetworkType(), getActiveNetworkInfo(), isSafeMode() are the API Methods.

The Tool uses the following Sensitive APIs Classes -

SensitiveAPIList

These classes are used to give the list of all Sensitive API calls as an output.

Working

Written in python Python.
Every Application .apk is having a set of SENSITIVE APIs.

The tool follows the following steps :-

Step #1. Use Androguard to create a callgraph :

androguard cg 'Application Name'


A callgraph.gml is created using the above command in the same folder where application is placed.

Step #2. Clone and Download the code as github says - GitHub

Step #3. Use the below command in the command-prompt to run the program Sensitive_API.py

python3 Sensitive_API.py -p [Path of your GML (Callgraph) Application] -g [Name of the GML (Callgraph)]

Step #3. Output

The code will give you the set of the Sensitive APIs of that particular Android Malware Application-

extracting-sensitive-api-calls's People

Contributors

devu-62442 avatar

Watchers

 avatar  avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.