Spyware Reverse Engineering

Android App Structure

Tools

• jadx – Dex to Java decompiler

• Apktool – Decode & Rebuild Apk

• APK EDITOR STUDIO – Free, Open source & Cross-platform APK editor

• Uber Apk Signer – Signing and zip aligning Apk

• dex2jar – Tools to work with android .dex and java .class files

• GDA – Android Reversing Tool

• JD-GUI – Displays Java sources from CLASS files

• Dexplorer – Explore apk from Android Device

• Ghidra

Android Permissions

Please reference this permissions overview ↗ for descriptions of the listed permissions that are considered dangerous.

READ_CALENDAR
WRITE_CALENDAR
READ_CALL_LOG
WRITE_CALL_LOG
PROCESS_OUTGOING_CALLS
CAMERA
READ_CONTACTS
WRITE_CONTACTS
GET_ACCOUNTS
ACCESS_FINE_LOCATION
ACCESS_COARSE_LOCATION
RECORD_AUDIO
READ_PHONE_STATE
READ_PHONE_NUMBERS
CALL_PHONE
ANSWER_PHONE_CALLS
ADD_VOICEMAIL
USE_SIP
BODY_SENSORS
SEND_SMS
RECEIVE_SMS
READ_SMS
RECEIVE_WAP_PUSH
RECEIVE_MMS
READ_EXTERNAL_STORAGE
WRITE_EXTERNAL_STORAGE

Important Android Components

• Activities A key component of most Android apps, activities can handle unexpected changes, device rotation, and data saving

• Services Run in the background of an app to perform long-running tasks without a user interface

• Broadcast receivers Respond to system-wide broadcast announcements, known as Intents, to perform functions like alerting the user when the battery is low

• Intents A frequently used component that allows users to call other app components, activities, or applications on the phone

• Fragments A reusable portion of an app's UI that manages its own layout, lifecycle, and input events

• Lists A key UI element that represents a range of information

• RecyclerView A commonly used Android component for displaying a list of items

• Android architecture The foundation of the Android mobile operating system, which is essential for creating high-quality and scalable apps

• Jetpack Compose A tool that simplifies the process of building complex UIs, saving developers time and reducing errors

Android Services and Receivers

Services

Services are critical application components that can perform long-time operations. For example, Spotify services can play music in the background even if the app is closed.

Broadcast Receivers

They respond to broadcast messages from another application or system, for example, a low battery message, or a no wifi connection message. They can respond to these types of messages. They can receive messages from other apps. They have various types, such as SMS broadcast receiver, Battery state, etc. You can create your own custom broadcast receiver.

Decompiling an APK

Jadx-GUI

Install Jadx Using

sudo apt install jadx

REFERENCES

• https://rene-manqueros.medium.com/reverse-engineering-an-android-app-40996ab29122

• https://github.com/user1342/Awesome-Android-Reverse-Engineering

• https://medium.com/@brotheralameen/malware-analysis-of-pegasus-spyware-70fe090f7cc2

• https://www.corellium.com/blog/android-mobile-reverse-engineering

• https://epic.blog/reverse-engineering/2020/07/27/reverse-engineering-android-app.html

• https://developer.android.com/guide/topics/permissions/overview

• https://mas.owasp.org/MASTG/tests/android/MASVS-PLATFORM/MASTG-TEST-0024/#android-permissions

• https://www.techaheadcorp.com/blog/exploring-android-app-components-creating-dynamic-user-experiences/

• https://medium.com/@eren.mollaoglu/components-in-android-ea0a3f56aa42