【Android】Mobile-Security-Framework-MobSF Manifest 静态扫描规则

前言

移动安全框架(MobSF)是一个自动化的一体化移动应用程序(Android/iOS/Windows)测试、恶意软件分析和安全评估框架,能够执行静态和动态分析。MobSF支持移动应用程序二进制文件(APK、XAPK、IPA和APPX)以及压缩源代码,并提供REST API,可与您的CI/CD或DevSecOps管道无缝集成。动态分析器可帮助您执行运行时安全评估和交互式仪器测试。

通过分析源码中对manifest的检测规则,来学习其可能存在的安全风险。

正文

源码位置views/android/manifest_analysis.py的manifest_analysis函数

 high*6

规则名条件级别描述
a_clear_textandroid:usesCleartextTraffic=truehighThe app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
a_debuggableandroid:debuggable=truehighDebugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.
a_testonlyandroid:testOnly=truehighIt may expose functionality or data outside of itself that would cause a security hole.
a_launchmodeandroid:launchMode = singleInstance or singleTaskhighAn Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
a_not_protectedandroid:exported=truehighA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
a_improper_providerandroid:pathPrefix == /highA content provider permission was set to allows access from any other app on the device. Content providers may contain sensitive information about an app and therefore should not be shared.

warning*28

规则名条件级别描述
a_allowbackupApplication Data can be Backed up [android:allowBackup=true]warningThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_allowbackup_missApplication Data can be Backed up [android:allowBackup] flag is missing.warningThe flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_taskaffinityTaskAffinity is set for ActivitywarningIf taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
a_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the  permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.  It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknown_applis Protected by a permission at the application, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_not_protected_filteris not Protected.An intent-filter exists.warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the %s is explicitly exported.
c_not_protectedis not Protected.[[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is a Content Provider that targets an API level under 17, which makes it exported by default, regardless of the API level of the system that the application runs on.
c_not_protected2would not be Protected if the application ran on a device where the the API level was less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s %s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would be shared with other apps on the device therefore leaving it accessible to any other application on the device.
c_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_applis Protected by a permission at application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_newis Protected by a permission, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_new_applis Protected by a permission at the application level should be checked, but the protection level of the permission if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_dailer_codeDailer Code: Found <br>[android:scheme="android_secret_code"]warningA secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
a_sms_receiver_portData SMS Receiver Set on Port: Found<br>[android:port]warningA binary SMS receiver is configured to listen on a port. Binary SMS messages sent to a device are processed by the application in whichever way the developer choses. The data in this SMS should be properly validated by the application. Furthermore, the application should assume that the SMS being received is from an untrusted source.
a_high_intent_priorityHigh Intent Priority [android:priority]warningBy setting an intent priority higher than another intent, the app effectively overrides other requests.
a_high_action_priorityHigh Action Priority [android:priority]warningBy setting an action priority higher than another action, the app effectively overrides other requests.

info*14

规则名条件级别描述
a_boot_awareApp is direct-boot aware [android:directBootAware=true]infoThis app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
a_network_secApp has a Network Security Configuration [android:networkSecurityConfig]infoThe Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. 
a_prot_signis Protected by a permission.[android:exported=true]infoA%s %s is found to be exported, but is protected by permission.
a_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
a_prot_sign_applProtected by a permission at the application level.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level.
a_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_signis Protected by a permission.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission.
c_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission at the application level.
c_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_newis Protected by a permission.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_newis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_new_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

后话

上述的48个manifest的风险项应该是比较全的了,可以当做学习资料和风险checklist进行查询。

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/52707.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

线性代数的学习和整理9(草稿-----未完成)

矩阵的乘法的映射图(不属于本文) 矩阵的乘法具有不可交换性 A*B ! B*A A左乘*B ! A右乘*B 假设A!0, B!0, 但是可能存在 A*B0 假设A!0, 但是可能存在 A*A0 如果已知 A*BC&#xff0c;那么 B A-*C ,但是B ! C*A- 线性代数&#xff0c;矩阵&#xff0c;属于代数学&#xff0c;不属…

Stable Diffusion web UI 部署详细教程

前言 本文使用 AutoDL 平台进行 Stable Diffusion web UI 云端部署 AutoDL 官网&#xff1a;AutoDL算力云 | 弹性、好用、省钱。租GPU就上AutoDL Stable Diffusion web UI 官网&#xff1a;AUTOMATIC1111/stable-diffusion-webui: Stable Diffusion web UI (github.com) 步…

Android项目如何上传Gitee仓库

前言 最近Android项目比较多&#xff0c;我都是把Android项目上传到Gitee中去&#xff0c;GitHub的话我用的少&#xff0c;可能我还是更喜欢Gitee吧&#xff0c;毕竟Gitee仓库用起来更加方便 一. 创建Gitee仓库 1. 先创建一个Gitee账号&#xff0c;然后登录上去 2. 创建Androi…

leetcode 1035. 不相交的线

2023.8.25 本题可以转化为&#xff1a;求两数组的最长公共子序列。 进而可以用dp算法解决。 方法类似于这题最长公共子序列 。 代码如下&#xff1a; class Solution { public:int maxUncrossedLines(vector<int>& nums1, vector<int>& nums2) {vector<…

腾讯云 CODING 荣获 TiD 质量竞争力大会 2023 软件研发优秀案例

点击链接了解详情 8 月 13-16 日&#xff0c;由中关村智联软件服务业质量创新联盟主办的第十届 TiD 2023 质量竞争力大会在北京国家会议中心召开。本次大会以“聚焦数字化转型 探索智能软件研发”为主题&#xff0c;聚焦智能化测试工程、数据要素、元宇宙、数字化转型、产融合作…

Vue2+Vue3笔记(尚硅谷张天禹老师)day01

只是记录&#xff0c;初心是为了让页面更好看,会有错误 环境准备 下载vue:Vue下载 下面两个是可选的,主要是我想让控制台干净点 vue_dev_tool安装 vue_dev_tool安装 : Vue 控制台出现You are running Vue in development mode. Make sure to turn on production mode when dep…

基于单片机串口控制直流电机调速

一、系统方案 (2)本设计采用STC89C5单片机作为主控器&#xff0c;串口控制直流电机调速&#xff0c;串口助手发送1-8&#xff0c;改变电机速度&#xff0c;数码管显示对应速度。 二、硬件设计 原理图如下&#xff1a; 三、单片机软件设计 1、首先是系统初始化 TMOD0x21;//定…

【数据结构练习】单链表OJ题(二)

目录 一、相交链表二、环形链表1三、环形链表2四、链表分割五、复制带随机指针的链表 一、相交链表 题目&#xff1a; 示例&#xff1a; 注意&#xff1a;不能根据节点的值来比较是否相交&#xff0c;而是根据节点在内存中是否指向相同的位置。 例如以上图&#xff1a; 链表…

SHEIN、OnBuy、FNAC等跨境平台如何搭建自养号环境进行高效测评补单。

SHEIN是一家全球领先的时尚和生活方式在线零售商&#xff0c;通过按需生产的模式赋能供应商共同打造敏捷柔性供应链&#xff0c;从而减少浪费&#xff0c;并向全球消费者提供丰富且具有性价比的时尚产品。目前SHEIN直接服务全球超过150个国家和地区的消费者&#xff0c;并致力于…

n-皇后问题(DFS)

n−皇后问题是指将 n 个皇后放在 nn 的国际象棋棋盘上&#xff0c;使得皇后不能相互攻击到&#xff0c;即任意两个皇后都不能处于同一行、同一列或同一斜线上。 现在给定整数 n&#xff0c;请你输出所有的满足条件的棋子摆法。 输入格式 共一行&#xff0c;包含整数 n。 输出…

【C++11】future和async等

C11的future和async等关键字 1.async和future的概念 std::async 和 std::future 是 C11 引入的标准库功能&#xff0c;用于实现异步编程&#xff0c;使得在多线程环境中更容易处理并行任务。它们可以帮助你在不同线程中执行函数&#xff0c;并且能够方便地获取函数的结果。 在…

20230822 Windows上使用find_package引入OpenCV报错

报错信息 打开Cmake项目时&#xff0c;find_package 报错&#xff1a; Found OpenCV Windows Pack but it has no binaries compatible with yourconfiguration.You should manually point CMake variable OpenCV_DIR to your build of OpenCVlibrary.原因 大概率原项目是在 …

三次握手四次挥手之全连接半连接队列

什么是全连接半连接 在 TCP 三次握手的时候&#xff0c;Linux 内核会维护两个队列&#xff0c;分别是&#xff1a; 半连接队列&#xff0c;也称 Listen 队列&#xff1b;全连接队列&#xff0c;也称 accept 队列&#xff1b; 工作原理 每一个socket执行listen时&#xff0c…

arm:day6

实现UART通信&#xff1a; 1.键盘输入一个字符a,串口工具显示b 2.键盘输入一个字符串"nihao",串口工具显示"nihao" uart.h #ifndef __UART4_H__ #define __UART4_H__#include "stm32mp1xx_uart.h" #include "stm32mp1xx_gpio.h" #in…

vr游乐场项目投资方案VR主题游乐馆互动体验

VR文旅景区沉浸互动体验项目是指利用虚拟现实技术在文旅景区中创建沉浸式的互动体验项目。通过虚拟现实技术&#xff0c;游客可以身临其境地体验景区的风景和文化&#xff0c;与虚拟场景中的元素进行互动。 普乐蛙VR设备 普乐蛙VR设备案例分享 这种项目可以为游客带来全新的旅游…

【C++】iota函数 + sort函数实现基于一个数组的多数组对应下标绑定排序

目录 一、iota函数 1. 函数解析 ​① 迭代器类型(补充) ② 头文件 ③ 参数 2. 函数用途与实例 二、sort函数 1、 函数解读 2、实现倒序排列 2.1 greater 与 less 模板参数 2.2 lambda表达式 三、下标绑定排序&#xff08;zip&#xff09; --- 833.字符串中的查找与替换 一、…

ubuntu18.04复现yolo v8环境配置之CUDA与pytorch版本问题以及多CUDA版本安装及切换

最近在复现yolo v8的程序&#xff0c;特记录一下过程 环境&#xff1a;ubuntu18.04ros melodic 小知识&#xff1a;GPU并行计算能力高于CPU—B站UP主说的 Ubuntu可以安装多个版本的CUDA。如果某个程序的Pyorch需要不同版本的CUDA&#xff0c;不必删除之前的CUDA&#xff0c;…

Java快速入门体验

Java快速入门体验 一、环境信息1.1 硬件信息1.2 软件信息 二、Maven安装2.1 Maven介绍2.2 Maven安装包下载2.3 Maven安装2.4 Maven初始化 三、Java安装3.1 JDK下载3.2 JDK安装3.3 JDK初始化 四、开发环境搭建4.1 安装开发工具4.2 关联Maven环境4.2.1 新建JAVA项目4.2.2 Maven与…

DataWhale夏令营第三期-CV赛道-第三次打卡

第三次打卡 使用resnet18训练精度&#xff1a;评分0.74 使用resnet34精度&#xff1a;评分0.74 使用resnet50精度&#xff1a;评分0.21&#xff0c;不知道为什么网络层数高反而准确度下降&#xff0c;猜测层数多丢失了一些特征信息。

2023年国赛 高教社杯数学建模思路 - 案例:异常检测

文章目录 赛题思路一、简介 -- 关于异常检测异常检测监督学习 二、异常检测算法2. 箱线图分析3. 基于距离/密度4. 基于划分思想 建模资料 赛题思路 &#xff08;赛题出来以后第一时间在CSDN分享&#xff09; https://blog.csdn.net/dc_sinor?typeblog 一、简介 – 关于异常…