The usage of mobile phones is increasing so are the apps for mobile phones. But with these comes a big problem or putting your data at risk.
Security researchers all around the world are continuously finding vulnerabilities. But it's a hard task.
Scanning android apps for vulnerabilities can be challenging and also time-consuming.
These mobile apps are putting you at risk if they are not tested properly.
Some of the dangers are leaking personal data and having no encryption over communication, these put your sensitive files to world readable and writable, code execution, and malware.
Android app is the most commonly used OS in the world. And there is no doubt that any company running an android app must take security seriously.
As we all know, hacking is not really a new idea. This whole world has been hacked from time to time and almost every website does it sometimes.
But there are certain types of hackers who can hack your very own android app without your knowledge! Now that sounds scary!
Scanning android apps for vulnerabilities is not easy due to the lack of available tools.
So in this article, we are going to talk about a tool that will help you as a security researcher to scan mobile apps for vulnerabilities.
The tool we are going to talk about is Appshark.
Appshark is a static taint analysis platform to scan vulnerabilities in an Android app.
What do you require to run the app?
Appshark requires a specific version of JDK -- JDK 11. After testing, it does not work on other LTS versions, JDK 8 and JDK 16, due to the dependency compatibility issue.
Compiling the tool
For that, you need to have root privileges and then
type the command
After executing the above command, you will see an artifact file AppShark-0.1.1-all.jar in the directory build/libs.
How to run the tool
You can run the tool with
The config.json5 has the following configuration contents.
Each JSON field is explained below.
apkPath: the path of the apk file to analyze
out: the path of the output directory
rules: the path(s) of the rule file(s), can be more than 1 rules
maxPointerAnalyzeTime: the timeout duration in seconds set for the analysis started from an entry point
debugRule: specify the rule name that enables logging for debugging
If you provide a configuration JSON file that sets the output path as out in the project root directory, you will find the result file out/results.json after running the analysis.