Smalien – Information Flow Analysis Tool For Android Applications [BlackHat Tool]

Smalien - Information Flow Analysis Tool For Android Applications BlackHat Tool xploitlab

Android developer is a new big deal to earn money from applications, in google play store millions of applications that we can installs on smartphones, but attacker can hide virus on real applications espically if you download the apps not from play store. Attacker can spy on with games applications that you install in your phone. We need to analyze which android application contains a virus.

Overview

Smalien is an information flow analysis and information leakage detection tool for Android application analysis. Smalien performs static taint analysis of Android applications on a Linux machine as well as dynamic taint analysis, detection of information leakage due to implicit information flows, and privacy policy enforcement on an Android device at runtime.

Black Hat USA 2019 Arsenal

Currently, we are working on another branch, demo-master. Please check it out to get programs that we have used at the Arsenal.

Smalien has following functions

  • Analyzing an Android application statically and gathers information of classes, methods, variables, etc.
  • Presenting the results of the analysis graphically such as a method call graph and an information flow diagram.
  • Performing dynamic taint analysis on an Android device.
  • Enforcing privacy policy specified by an analyst.
  • Detecting information leakage due to implicit information flows.
  • Logging actual information operated by any bytecode or API call, such as http request, at runtime to encourage an analyst in his/her inspection.

Required Tools

Usage

Check our Wiki for full instructions.

Run static analysis

python main.py

It generates parsed_data.json and data_flows.json as the results.

Generate graphs

python generate_graphs.py parsed_data.json data_flows.json

It generates output_class_calls.md and output_data_flows.md as the results. These files includes scripts for mermaid. You may use a markdown viewer such as Haroopad to check the graphs.

Run dynamic analysis

New apk file implanted.apk is placed in smalien/hive/workspace/. Install it to your Android device by following command and run it.

adb install -g hive/workspace/implanted.apk

Currently, Smalien is a prototype of our academic research and doesn’t have full-function. We are working on it!


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

17 − 13 =