【Android】Mobile-Security-Framework-MobSF Manifest 静态扫描规则

news2024/12/25 13:57:24

前言

移动安全框架(MobSF)是一个自动化的一体化移动应用程序(Android/iOS/Windows)测试、恶意软件分析和安全评估框架,能够执行静态和动态分析。MobSF支持移动应用程序二进制文件(APK、XAPK、IPA和APPX)以及压缩源代码,并提供REST API,可与您的CI/CD或DevSecOps管道无缝集成。动态分析器可帮助您执行运行时安全评估和交互式仪器测试。

通过分析源码中对manifest的检测规则,来学习其可能存在的安全风险。

正文

源码位置views/android/manifest_analysis.py的manifest_analysis函数

 high*6

规则名条件级别描述
a_clear_textandroid:usesCleartextTraffic=truehighThe app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
a_debuggableandroid:debuggable=truehighDebugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.
a_testonlyandroid:testOnly=truehighIt may expose functionality or data outside of itself that would cause a security hole.
a_launchmodeandroid:launchMode = singleInstance or singleTaskhighAn Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
a_not_protectedandroid:exported=truehighA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
a_improper_providerandroid:pathPrefix == /highA content provider permission was set to allows access from any other app on the device. Content providers may contain sensitive information about an app and therefore should not be shared.

warning*28

规则名条件级别描述
a_allowbackupApplication Data can be Backed up [android:allowBackup=true]warningThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_allowbackup_missApplication Data can be Backed up [android:allowBackup] flag is missing.warningThe flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_taskaffinityTaskAffinity is set for ActivitywarningIf taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
a_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the  permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.  It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknown_applis Protected by a permission at the application, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_not_protected_filteris not Protected.An intent-filter exists.warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the %s is explicitly exported.
c_not_protectedis not Protected.[[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is a Content Provider that targets an API level under 17, which makes it exported by default, regardless of the API level of the system that the application runs on.
c_not_protected2would not be Protected if the application ran on a device where the the API level was less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s %s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would be shared with other apps on the device therefore leaving it accessible to any other application on the device.
c_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_applis Protected by a permission at application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_newis Protected by a permission, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_new_applis Protected by a permission at the application level should be checked, but the protection level of the permission if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_dailer_codeDailer Code: Found <br>[android:scheme="android_secret_code"]warningA secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
a_sms_receiver_portData SMS Receiver Set on Port: Found<br>[android:port]warningA binary SMS receiver is configured to listen on a port. Binary SMS messages sent to a device are processed by the application in whichever way the developer choses. The data in this SMS should be properly validated by the application. Furthermore, the application should assume that the SMS being received is from an untrusted source.
a_high_intent_priorityHigh Intent Priority [android:priority]warningBy setting an intent priority higher than another intent, the app effectively overrides other requests.
a_high_action_priorityHigh Action Priority [android:priority]warningBy setting an action priority higher than another action, the app effectively overrides other requests.

info*14

规则名条件级别描述
a_boot_awareApp is direct-boot aware [android:directBootAware=true]infoThis app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
a_network_secApp has a Network Security Configuration [android:networkSecurityConfig]infoThe Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. 
a_prot_signis Protected by a permission.[android:exported=true]infoA%s %s is found to be exported, but is protected by permission.
a_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
a_prot_sign_applProtected by a permission at the application level.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level.
a_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_signis Protected by a permission.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission.
c_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission at the application level.
c_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_newis Protected by a permission.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_newis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_new_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

后话

上述的48个manifest的风险项应该是比较全的了,可以当做学习资料和风险checklist进行查询。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/905296.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

JavaScript:DOM (5) 节点的CRUD - 修改、删除

修改(替换)节点 替换子项 replaceChild()可以将指定元素的某个子节点换成新的节点&#xff0c;语法为指定元素.replaceChild(新节点, 旧节点)。 范例&#xff1a; 原始结构&#xff1a; <ul><li>第一项</li><li>第二项</li><li>第三项&l…

Python编程从入门到实践_8-8 用户的专辑_答案

Python编程从入门到实践_8-8 用户的专辑_答案 我也看了一些其他人的答案&#xff0c;很多的答案存在问题&#xff0c;每次调用函数 make_album() 后生成一个专辑字典会覆盖上次调用函数 make_album() 生成的字典&#xff0c;不符合题意。 我采取的解决方案是添加一个空列表 …

全局异常捕获

一、创建普获异常的类 二、定义异常处理器 定义全局异常处理器非常简单&#xff0c;就是定义一个类&#xff0c;在类上加上一个注解RestControllerAdvice&#xff0c;加上这个注解就代表我们定义了一个全局异常处理器。 在全局异常处理器当中&#xff0c;需要定义一个方法来捕…

第二章、应用层

文章目录 2.1 应用层原理2.1.1 网络应用程序体系结构2.1.2 进程通信2.1.3 可供应用程序使用的运输服务2.1.4 因特网提供的运输服务2.1.5 应用层协议 2.2.2 Web 和 HTTP2.2.1 HTTP概况2.2.2 非持续连接和持续连接2.2.3 HTTP报文格式2.2.4 用户与服务器的交互&#xff1a;cookie2…

华为ENSP网络设备配置实战6(简单的链路聚合)

题目要求 1、创建聚合组&#xff0c;添加端口成员 2、PC1网段为vlan10&#xff0c;PC2网段为vlan20 3、LSW1为核心网关设备&#xff0c;正确配置PC网关 4、PC1与PC2互通 解题过程 1.1、 按照拓扑图&#xff0c;各个设备起名 sys &#xff08;进入系统视图&#xff09; sy…

OpenCV4环境配置

0.安装mingw64 官网链接&#xff1a;mingw 安装红框标记下载免安装版本&#xff0c;解压可用。 将解压后的mingw64\bin添加到path环境变量cmd中输入gcc -v&#xff0c;出现下图所示即配置成功 1.下载OpenCV源码 源码下载 官网&#xff1a;Releases - OpenCV 运行下载好的ex…

负载均衡下的 WebShell 连接

目录 负载均衡简介负载均衡的分类网络通信分类 负载均衡下的 WebShell 连接场景描述难点介绍解决方法**Plan A** **关掉其中一台机器**&#xff08;作死&#xff09;**Plan B** **执行前先判断要不要执行****Plan C** 在Web 层做一次 HTTP 流量转发 &#xff08;重点&#xff0…

经典组合优化问题

本文根据学习进度不定时更新。 团问题 此处要理解"each pair of which is connected by an edge"的含义&#xff0c;这里的which指的是谁呢&#xff1f;肯定是vertices&#xff0c;即每一对定点都有一条边连接起来。 团问题是NPC问题。 团问题和定点覆盖问题、边覆盖…

LLM提示词工程和提示词工程师Prompting and prompt engineering

你输入模型的文本被称为提示&#xff0c;生成文本的行为被称为推断&#xff0c;输出文本被称为完成。用于提示的文本或可用的内存的全部量被称为上下文窗口。尽管这里的示例显示模型表现良好&#xff0c;但你经常会遇到模型在第一次尝试时无法产生你想要的结果的情况。你可能需…

22.0.6 LEADTOOLS 增加了 Python 支持 -Crack

LEADTOOLS 增加了 Python 支持 Python 开发人员现在可以利用 LEADTOOLS 技术&#xff0c;包括识别、多媒体和成像。 2023 年 7 月 18 日 - 16:40新版本 特征 添加了完整的 Python 支持 LEADTOOLS Python 支持包括高级图像处理功能、OCR、PDF、条形码识别和表单处理&#xff0c;…

FPGA原理与结构——RAM IP核原理学习

目录 一、什么是RAM 二、RAM IP介绍 1、RAM分类简介 2、可选的内存算法 &#xff08;1&#xff09;Minimum Area Algorithm&#xff08;最小面积算法&#xff09; &#xff08;2&#xff09;Low Power Algorithm &#xff08;低功耗算法&#xff09; &#xff08;3&#x…

ChatGPT-4: 半年的深度使用思考

几个月的时间一直在使用 ChatGpt-4&#xff0c;以口述语音转文字的形式说一下自己的体会。 1、选择版本 大前提&#xff1a;我使用的都是 GPT4 的版本。也就是说至少每个月要付费20$。 因为 3.5 的版本&#xff0c;实际上使用体验是非常差的&#xff0c;主要体现在答非所问上。…

【C++习题集】-- 堆

&#xff08;用于复习&#xff09; 目录 树概念及结构 名词概念 二叉树概念及结构 特殊的二叉树 满二叉树 完全二叉树 运算性质 二叉树存储结构 顺序存储 链式存储 堆 - 顺序存储 堆的性质 堆的实现 堆的应用 堆排序 直接建堆法 树概念及结构 概念&#xff1a…

shell脚本——文件三剑客之sed

目录 一.sed基本用法及选项 ​二.sed脚本语法及命令 三.sed的查找替换使用 四.后向引用 五.变量 一.sed基本用法及选项 sed [选项]... {自身脚本语法};.... [input file...] seq 10 |sed #生成1-10数字传给sed #该格式报错&#xff0c;基本格式中的{自身脚本语法}不…

Stable Diffusion的使用以及各种资源

Stable Diffsuion资源目录 SD简述sd安装模型下载关键词&#xff0c;描述语句插件管理controlNet自己训练模型 SD简述 Stable Diffusion是2022年发布的深度学习文本到图像生成模型。它主要用于根据文本的描述产生详细图像&#xff0c;尽管它也可以应用于其他任务&#xff0c;如…

【SA8295P 源码分析】06 - SA8295P XBL Loader 阶段 sbl1_main_ctl 函数代码分析

【SA8295P 源码分析】06 - SA8295P XBL Loader 阶段 sbl1_main_ctl 函数代码分析 一、XBL Loader 汇编源码分析1.1 解析 boot\QcomPkg\XBLLoader\XBLLoader.inf1.2 boot\QcomPkg\XBLDevPrg\ModuleEntryPoint.S&#xff1a;跳转 sbl1_entry 函数1.3 XBLLoaderLib\sbl1_Aarch64.s…

shell脚本之循环语句

循环语句 循环含义 将某代码段重复运行多次&#xff0c;通常有进入循环的条件和退出循环的条件 for循环语句 一般知道循环次数使用for循环 第一类 格式1&#xff1a; for名称 in 取值次数;do;done; 格式2&#xff1a; for 名称 in {取值列表} do done# 打印20次 for i i…

docker安装redis7-分片集群

说明 系统&#xff1a;CentOS7.9 redis&#xff1a;7.0.5 因资源有限所有节点部署在一台宿主机上&#xff0c;总共启动6个redis实例&#xff0c;实例对应端口分别从6380-6385&#xff0c;文章中给的有执行脚本&#xff0c;方便配置redis和操作redis实例 下载镜像 docker …

JVM的元空间了解吗?

笔者近期在面试的时候被问到了这个问题&#xff0c;元空间也是Java8当时的一大重大革新&#xff0c;之前暑期实习求职的时候有专门看过&#xff0c;但是近期秋招的时候JVM相关的内容确实有点生疏了&#xff0c;故在此进行回顾。 结构 首先&#xff0c;我们应了解JVM的堆结构&a…

c++——引用(语法、引用特性、常引用、函数返回值引用和指针与引用的不同点)

c中的引用 一、引用 1、引用的概念&#xff1a;给变量取别名。 形式&#xff1a;原类型名& 别名 引用实体旧名&#xff1b; 2、特性&#xff1a; ①引用定义时必须初始化 ②引用一旦初始化之后就不能再改变引用的指向 ③不能引用NULL ④&再等号的左边为引用&…