ARE

Andoroid Reverse Enginnering - CPS 592 LBS

ARE

Goals

Understand what an app does from a high-level point of view

Understand the tech details on how an app does something

Find security vulnerabilities ~> exploit them to gain some advantage

Steal private information, read private file, steal its permissions, etc.

Country App Tech Permissions
Vietnam Bluezone React Native ACCESS_NETWORK_STATE, BLUETOOTH, INTERNET,
FOREGROUND_SERVICE WIFI_STATE, WAKE_LOCK
Germany Corona-Warn Android ACCESS_NETWORK_STATE ,BLUETOOTH, INTERNET,
IGNORE_BATTERY_OPTIMIZATION S, WAKE_LOCK ,CAMERA,
FOREGROUND_SERVICE, RECEIVE_BOOT_COMPLETED
Fiji CareFiji Android @include Vietnam & Germany ,WRITE_EXTERNAL_STORAGE
India Aarogya Setu Android @include Vietnam & Germany ,Camera Hardware,WiFi
Ireland COVID Tracker React Native BLUETOOTH ACCESS_NETWORK & WIFI STATE
Australia COVIDSafe Android @include common & ACCESS_COARSE_LOCATION
Austria Stopp Corona Android @include Vietnam
Hungary Virus Radar Android @include Vietnam

Tools and Websites

APKPure dex2jar Java Decompiler ApkTool Apps

Let's Reverse Engineer an Android App!

Instructions

Take ID of app from playstore

https://play.google.com/store/apps/details?id=com.mic.bluezone

Download app using ApkPure

test.apk

Unzip app using ApkTool

apktool d test.apk

Convert classes.dex to Jar using dex2jar

d2j-dex2jar.sh classes.dex

Run java-decompiler to see whats inside

java -jar jd-gui-1.6.6.jar

For Permissions we need to study AndroidManifest.xml

e.g uses-permission android:name="android.permission.BLUETOOTH"

Android Reverse Enginnering

    ARE

Summary

covid19
  • We are planning to study reverse engineering of Android Applications.Reverse engineering, is a process in which software is deconstructed to extract design information from them.
  • We need to understand how reverse engineering works and what are the potential security issues if that application is being developed in modern JS frameworks like React Native or Ionic JS.
  • We are going to study different COVID-19 android applications developed by different countries around the world.

Objective

  • What is Reverse Engineering in Android?
  • How Reverse Engineering can be used to decompile Android app code.
  • What are some threats of a decompiled Android code?
  • How to avoid Android app decompilation to prevent reverse-engineering
  • How Modern Javascript Frameworks are being used to develop Hybrid and Native android applications.
  • Privacy Policy
  • How we can use AspectJ to study what security policies and permissions are getting used
covid19

Privacy Policy

In a 2018 study, Kaspersky researchers found that more than four million Android apps were sending unencrypted user profile data such as "names, ages, incomes, phone numbers and email addresses -- and, in one example, dates of birth, usernames and GPS coordinates" directly to advertisers' servers

What sensitive data they can access

  • Contacts
  • Location
  • Images
  • Videos
  • Camera
  • A device also transmits personal data in order to identify itself and its owner, such as an IMEI number, IP address and, of course, phone numbe

Privacy Policy e.g Bluezone - Vitenam

ARE ARE ARE ARE

Privacy Policy e.g CovidTracker- Ireland

ARE ARE

Privacy Policy e.g Aaryogya Setu- India

ARE ARE

Approaches Tried

AspectJ

  • It is a Aspect oriented framework well suited for handling many generic middleware and application-specific problems.
  • Used for Logging, transaction management, security, performance monitoring
  • Difficult to use in current apps as they are not allowed to debug specially orginal Apk files downloaded from playstore

mitmproxy

  • mitmproxy is a set of tools that provide an interactive, SSL/TLS-capable intercepting proxy for HTTP/1, HTTP/2, and WebSockets.
  • In this case,the initial plan was to capture network traffic and see if any sensitive information is being sent to a particular server
  • Most of the time data is encrypted , it is difficult to see what data they are collecting.

How data can be accessced using Modern Hybrid Frameworks like React Native

React Native NPM Package

Code Snippets

          

            
Aarogya Setu - Java(India) 

            Source  
          

        
            
                private var locationCallback: LocationCallback = object : LocationCallback() {
                    override fun onLocationResult(locationResult: LocationResult?) {
            
                        locationResult?.let {
                            if (it.lastLocation != null) {
                                val usersLocationData =
                                    BluetoothData(
                                        Constants.EMPTY,
                                        0,
                                        Constants.EMPTY,
                                        Constants.EMPTY
                                    )
                                usersLocationData.latitude = it.lastLocation.latitude
                                usersLocationData.longitude = it.lastLocation.longitude
            
                                CoronaApplication.getInstance().setBestLocation(it.lastLocation)
            
                                Logger.d(
                                    "Retreive location service",
                                    usersLocationData.latitude.toString() + " - " + usersLocationData.longitude.toString()
                                )
                                DBManager.insertNearbyDetectedDeviceInfo(listOf(usersLocationData))
                            }
                        }
            
                    }
                } 
           
            
            

             
            

            

            
Bluezone - React Native(Vietnam)

            Source 
            

            
                onPress() {
                    const {numberPhone} = this.state;
                    const {intl} = this.props;
                    const {formatMessage} = intl;
                    const vnf_regex = /((09|03|07|08|05)+([0-9]{8})\b)/g;
                    if (vnf_regex.test(numberPhone) === false) {
                      Alert.alert(formatMessage(message.phoneEnterNotValid));
                    } else {
                      this.setState({showLoading: true, showErrorModal: false}, () => {
                        CreateAndSendOTPCode(
                          numberPhone,
                          this.createAndSendOTPCodeSuccess,
                          this.createAndSendOTPCodeFail,
                        );
                      });
                    }
                  }
                
                  createAndSendOTPCodeSuccess(response) {
                    const {numberPhone} = this.state;
                    const {setLoading} = this.props;
                    const router = setLoading ? 'VerifyOTPAuth' : 'VerifyOTP';
                
                    this.setState({showLoading: false}, () => {
                      setTimeout(() => {
                        this.props.navigation.replace(router, {
                          phoneNumber: numberPhone,
                        });
                      }, 200);
                    });
                  }
                
            

            

                
COVID-Tracker - React Native(Ireland) 

                Source  
              

              Here they are using this custom Package!
                

                   const getCloseContacts = async () => {
                    try {
                      if (permissions.exposure.status === PermissionStatus.Allowed) {
                        await configure();
                        const contacts = await ExposureNotification.getCloseContacts();
                        setState((s) => ({...s, contacts}));
                        return contacts;
                      }
                      return [];
                    } catch (err) {
                      console.log('getCloseContacts err', err);
                      return null;
                    }
                  };

Contact

Dr.Phu Phung

Kartik