Android Settings hardening automation

hts · July 13, 2020, 9:45am

Tool for Hardening Android settings, check/dump Apps Installed on it and list dangerous permissions used by each App

Android Mobile device Hardening (AMDH) is a tool written with python3 that automate the permissions checks for applications installed on Android and can dump the APKs for the first part. The second part of the tool check and harden the settings (global and secure).

The settings hardening follow some CIS (Center of Internet Security) benchmark checks recommendations and Android documentation.

Usage

$ python amdh.py -h
usage: amdh.py [-h] [-H] [-a ADB_PATH] [-t {e,d,3,s}] [-D APKS_DUMP_FOLDER] [-rar] [-R]

Android Mobile Device Hardening
By default the script will scan the Android system and Apps without any modification

optional arguments:
  -h, --help            show this help message and exit
  -H                    Harden system settings /!\ Developer Options and ADB will be disabled /!\ 
  -a ADB_PATH, --adb-path ADB_PATH
                        Path to ADB binary
  -t {e,d,3,s}          Type of applications:
                                e : enabled Apps
                                d : disabled Apps
                                3 : Third party Apps
                                s : System Apps
  -D APKS_DUMP_FOLDER, --dump-apks APKS_DUMP_FOLDER
                        Dump APKs from device to APKS_DUMP_FOLDER directory
  -rar                  Remove admin receivers: Remove all admin receivers if the app is not a system App
  -R                    For each app revoke all dangerous permissions

The next part
The next part is to detect malwares based on permissions analysis and add a nice GUI.

Screenshots:

Applications check:

image1085×770 137 KB
Settings check:

image941×861 87.3 KB

Hope it will help. Ideas and feedback are very welcome.

c0z · July 14, 2020, 5:41am

I’d say the only thing missing would be a little more in-depth look into how it works, like a before and after. I think it’s really cool. Kind of reminds me of Linenum for Android. I haven’t done any google dorking to see if there was already something like this, I think there might of been years ago from my fragmented memory but it, whatever it was (if it was even real), it’s probably not being developed anymore.

Anyway good shit man. I do recommend though you change the last part of the readme to add in that anyone can help with the codebase or just donate. Sounds more inviting lol

Testing
I do recommend that when you python3 amdh.py with no arguments that if the ADB path is not in the environment settings or cannot be found that you just throw them the help menu. When selecting a choice from the device list if the user doesn’t input a number the number should be a default value like the first choice, if there is no device it should show the help menu. I’m assuming the color-codes are for linux only, and that’s fine, but maybe adding some detection for the operating system would help with the output that I’m getting.

Would also be nice to have a logging option since redirecting output doesn’t work since adb will prompt you for which device you want to connect to. Also when you choose to dump your APK’s to a folder I shouldn’t be getting any output about permissions, since the command I issued was just to dump APKs.

Other than that cool script!

hts · July 14, 2020, 6:08am

Many thanks for the feedback. I update the readme. I thought that it goes without saying and sure any participating are welcome.

c0z · July 14, 2020, 6:13am

I updated my post. No problem man this community is for the bettering of everyone involved!

hts · July 14, 2020, 2:49pm

I update the tool by adding support for windows, screenshots to the readme and solved the issue if you have only one device connected.
Thanks again.

c0z · July 15, 2020, 7:17am

Here is the project that I was talking about before twiga, and here’s the blog post describing it.

statusredox · July 23, 2020, 12:36pm

Is it yours project??

hts · September 10, 2020, 8:18pm

Hey all,

Some updates about the implemented features:

[x] Check and harden system’s settings based on some CIS (Center of Internet Security) benchmark checks for Android devices and Android master’s branch settings documentation (Global settings and Secure settings)
[x] List current users processes and kill selected ones
[x] Analyze current installed applications on the device:
- [x] list dangerous permissions and revokes them
- [x] compare with permissions used by malware
- [x] generate report.json
[x] List applications:
- [x] uninstall/disable App
- [x] revoke admins receivers
[x] Dumps APKs of installed applications
[x] Check if the system has pending updates
[x] Extract packed APKs if exists
[x] Static analysis for malware detection. Current detected malware:
- [x] ActionSpy
- [x] WolfRat
- [x] Anubis
[x] Snapshot the current phone state to a JSON file:
- [x] Applications (including system and disabled Apps):
  - [x] first install time
  - [x] last update time
  - [x] current permissions
  - [x] is the app device admin
- [x] SMS: current SMS messages
- [x] Contacts: current list of contacts
- [x] Backup applications that has backup enabled
[x] Snapshots comparison with the current phone state
- [x] Applications
- [x] Settings
[ ] Restore Snapshot
[ ] HTML report

system · November 12, 2020, 1:52am

This topic was automatically closed after 121 days. New replies are no longer allowed.