Building a God’s Eye Android App: Part 1 - Collecting Installed Android Apps

hacking
android
tutorial

(Sergeant Sploit) #1

Greetings my fellow hackers,

In the previous tutorial Introduction to Amunet , we learnt Amunet would be a spying Android App. I wouldn’t waste much time as I’ll get straight to the point.

In this tutorial, we will only collect installed applications and their associated information but not send them to an external server since we are yet to setup our server and databases. I believe that will be the next tutorial ( Setting up Web Server and Databases ).

I assume you have already installed Android Studio and have the environment running smoothly. If not, just head over to Google and search “installing and setting up android studio” or simply follow the tutorial from this external website Android Studio for beginners, Part 1: Installation and setup ( I am in no way affiliated with them ). That being said, we can move on and create an android project.

CREATE A NEW ANDROID PROJECT

Start up Android Studio and create a new android project.

Enter the application name of your choice, Amunet for me. Domain name can be anything of your choice. Next.

Now the minimum phone target API is 19 ( KitKat ). Next.

With the activity, go ahead and choose a Basic Activity. Next.

We will leave the activity as “MainActivity” and click Finish.

Our project should be created successfully. We won’t do much with the interface as most of the codes will be written in background threads, services and Broadcast Receiver. We will probably use the UI for asking for permissions ( on 23 + )

COLLECTING INFORMATION ABOUT INSTALLED APPS

Head over to the

MainActivity.java

Feel free to remove the code for the FloatingActionButton in the onCreate method and add this code

new Thread(new Runnable() {
            @Override
            public void run() {
                collect_installed_apps();
            }
}).start();

As you might have probably guessed, we are running a thread in the onCreate method and calling a method ( function ) collect_installed_apps. You’ll also find that the function has been underlined with color red showing that we have not created the function yet. Lets move on and create the function.

COLLECT_INSTALLED_APPS

In this method, we import ApplicationInfo, PackageManager, Log and List. Go to the very top of the file but below the package line ( Line 1 ) and add this import statements.

import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import java.util.List;
import android.util.Log;

Now, lets create our method collect_installed_apps

    private void collect_installed_apps() {
    final PackageManager pm = getPackageManager();
    List<ApplicationInfo> packages = pm.getInstalledApplications(PackageManager.GET_META_DATA);
    for (ApplicationInfo packageInfo : packages) {
        if(pm.getLaunchIntentForPackage(packageInfo.packageName) != null)
        {
            String app_name = packageInfo.loadLabel(getPackageManager()).toString();
            String app_package = packageInfo.processName;

            Log.i("0x00sec", "App name: " + app_name + " Package Name: " + app_package);
        }
    }
}

Using the packager manager, the code loops through the installed apps and gets their information. The information we are gathering here is the application name and package name. There are alot of information available but we are limiting ourselves to only these two. You can however go ahead and collect other information. Since we have not setup our web server and database, we will instead log the information to the console using the Log.i.

CONFIGURING LOGCAT

You can read more about Logcat but in simple terms, the system and other apps dump messages like errors, warnings and other information into this stream. It is ever changing and not constant. Our android app also dumps information into this stream with the Log.i call. Since there are alot of information being pushed, it will be hard to find our information so we instead configure our Android Studio to show only messages with a specific tag. If you noticed in the Log.i code, we passed two parameters: tag and message respectively. We tell Android Studio to only show messages with our defined tag that is 0x00sec. With this way, we don’t see other messages not related to our android app. To the lower left of Android Studio, we will find the Logcat tab. Do yourself the honors and click on it.

Follow the steps in the image and another Log dialog will pop up. Fill in the correct information, otherwise the appropriate message will not be shown.

  1. Enter your own filter name.
  2. In the Log Tag, use 0x00sec ( or whatever you used as the first parameter in the Log.i code ).
  3. Enter the package name ( located on the first line of MainActivity.java )

37

Click Ok. Now we are ready to run our android app. You first have to ensure USB Debugging is enabled on your testing device. Follow this link How to Enable USB Debugging Mode on Android - KingoRoot if you’ve not enabled it.

LETS RUN OUR ANDROID APPLICATION

Click on the green play button beside app at the top of the android studio or use Control + R ( Mac ) and Shift + F10 ( Windows/Linux ). Make sure your device is connected and usb debugging enabled.

When the app runs, the console should populate our installed apps and their package names.

As you noticed, our logcat filter is working great.

LETS END IT HERE

In today’s tutorial, we’ve learnt how to populate installed android apps. In the next tutorial, we will design our database and set up our web server. In meantime, our code corrections, suggestions, app designs, etc are welcome. Thank you for the opportunity to share and until we meet again, I’m out.

Checkout the github repo: https://github.com/sergeantexploiter/Amunet

#Sergeant


Building a God’s Eye Android App: Part 2 - Sending Information to a Web Server
Building a God’s Eye Android App: Part 3 - Permission Granting
Building a God’s Eye Android App: Part 4 - Persistently Collecting Contacts, Call Logs and Text Messages ( SMS )
(system) #2

This topic was automatically closed after 30 days. New replies are no longer allowed.