在豌豆荚安卓应用市场查找ES文件管理器,这是android平台比较流行的文件管理软件。找到一个如下的图所示的:
网址在http://www.wandoujia.com/apps/com.amaze.filemanagersyj,app名字叫“ES文件管理器”,来源是“绍兴小马奔奔广告策划有限公司”。
在模拟器上安装好,如下图,第一个粉红色的图标就是ES文件管理,第二个蓝颜色的图标是正版的amaze文件管理器。
点击第一个ES文件管理器,然后发现左上角的图标是amaze,下面有58的广告,同时没有任何提示、不停的下载游戏。用返回键还无法退出,只要强杀才能关掉。
后来我在网上找到真正的、开源的amaze文件管理器,点击后,apk界面如下:注意广告没有下载
那么这个es文件管理器就是抄袭amaze文件管理器的代码,然后加入了恶意的广告、游戏下载代码,伪装成ES文件管理器,发布到豌豆荚上的。那么继续挖一下,在豌豆荚的下载页面,找到制作这个apk的公司叫做“绍兴小马奔奔广告策划有限公司”,在百度上搜索“小马奔奔广告策划有限公司 豌豆荚官网”,结果如下
这个公司在豌豆荚上发布了10款安卓应用。
作为程序员,再分析一下这款流氓软件里面的代码吧,通过 apktool和dex2jar进行反编译,找到AndroidManifest.xml文件,这是申请的权限
<uses-permission android:name="android.permission.READ_SMS"/>
<uses-permission android:name="android.permission.RECEIVE_SMS"/>
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS"/>
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS"/>
<uses-permission android:name="android.permission.USE_CREDENTIALS"/>
<uses-permission android:name="android.permission.READ_SETTINGS"/>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.SEND_SMS"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
<uses-permission android:name="android.permission.MOUNT_UNMOUNT_FILESYSTEMS"/>
<uses-permission android:name="android.permission.INTERNET"/>
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
<uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_WIFI_STATE"/>
<uses-permission android:name="android.permission.CHANGE_WIFI_MULTICAST_STATE"/>
<uses-permission android:name="android.permission.SET_WALLPAPER"/>
<uses-permission android:name="android.permission.SET_WALLPAPER_HINTS"/>
<uses-permission android:name="android.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.CAMERA"/>
<uses-permission android:name="android.permission.FLASHLIGHT"/>
<uses-permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT"/>
<uses-permission android:name="com.android.launcher.permission.UNINSTALL_SHORTCUT"/>
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
<uses-permission android:name="android.permission.MODIFY_AUDIO_SETTINGS"/>
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW"/>
<uses-permission android:name="android.permission.ACCESS_SUPPERUSER"/>
<uses-permission android:name="android.permission.GET_PACKAGE_SIZE"/>
<uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"/>
<uses-permission android:name="android.permission.CLEAR_APP_CACHE"/>
<uses-permission android:name="com.android.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.android.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.android.launcher3.permission.READ_SETTINGS"/>
<uses-permission android:name="com.android.launcher3.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.meizu.flyme.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.meizu.flyme.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="org.adw.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="org.adw.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.qihoo360.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.qihoo360.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.lge.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.lge.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="net.qihoo.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="net.qihoo.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="org.adwfreak.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="org.adwfreak.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.huawei.launcher3.permission.READ_SETTINGS"/>
<uses-permission android:name="com.huawei.launcher3.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.fede.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.fede.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.sec.android.app.twlauncher.settings.READ_SETTINGS"/>
<uses-permission android:name="com.sec.android.app.twlauncher.settings.WRITE_SETTINGS"/>
<uses-permission android:name="com.anddoes.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.anddoes.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.lenovo.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.lenovo.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.google.android.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.google.android.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.oppo.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.oppo.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.yulong.android.launcher3.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.yulong.android.launcher3.permission.READ_SETTINGS"/>
<uses-permission android:name="com.huawei.android.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.huawei.android.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.htc.launcher.permission.READ_SETTINGS"/>
<uses-permission android:name="com.htc.launcher.permission.WRITE_SETTINGS"/>
<uses-permission android:name="com.bbk.launcher2.permission.READ_SETTINGS"/>
<uses-permission android:name="com.bbk.launcher2.permission.WRITE_SETTINGS"/>
<uses-permission android:name="android.permission.WAKE_LOCK"/>
<uses-permission android:name="android.permission.BROADCAST_PACKAGE_ADDED"/>
<uses-permission android:name="android.permission.BROADCAST_PACKAGE_CHANGED"/>
<uses-permission android:name="android.permission.BROADCAST_PACKAGE_INSTALL"/>
<uses-permission android:name="android.permission.BROADCAST_PACKAGE_REPLACED"/>
<uses-permission android:name="android.permission.RESTART_PACKAGES"/>
<uses-permission android:name="android.permission.GET_TASKS"/>
<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED"/>
<uses-permission android:name="android.permission.CHANGE_NETWORK_STATE"/>
<uses-permission android:name="android.permission.GET_ACCOUNTS"/>
<uses-permission android:name="android.permission.VIBRATE"/>
<uses-permission android:name="android.permission.BIND_ACCESSIBILITY_SERVICE"/>
<uses-permission android:name="android.permission.READ_CONTACTS"/>
<uses-permission android:name="android.permission.WRITE_CONTACTS"/>
<uses-permission android:name="android.permission.CALL_PHONE"/>
<uses-permission android:name="android.permission.WRITE_SMS"/>
<uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
<uses-permission android:name="android.permission.READ_CALL_LOG"/>
<uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
<uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
<permission android:name="com.wandoujia.phoenix2.permission.MIPUSH_RECEIVE" android:protectionLevel="signatureOrSystem"/>
<uses-permission android:name="com.wandoujia.phoenix2.permission.MIPUSH_RECEIVE"/>
<uses-permission android:name="android.permission.PACKAGE_USAGE_STATS"/>
<uses-feature android:name="android.hardware.camera" android:required="true"/>
<uses-feature android:name="android.hardware.camera.autofocus" android:required="true"/>
<uses-feature android:name="android.hardware.camera.flash" android:required="false"/>
<instrumentation android:name="android.test.InstrumentationTestRunner" android:targetPackage="com.wandoujia.phoenix2" android:label="Tests for com.example.android.testingfun"/>
<uses-permission android:name="android.permission.PERSISTENT_ACTIVITY"/>
<uses-permission android:name="android.permission.ACCESS_MTK_MMHW"/>
这是定义的activity
<activity android:name="com.pp.assistant.activity.PPExpressionDetailActivity" android:screenOrientation="portrait"/>
<activity android:name="com.pp.assistant.activity.PPCloudBackupActivity" android:screenOrientation="portrait"/>
<activity android:name="com.pp.assistant.activity.PPKaleidoscopeWebActivity" android:screenOrientation="portrait"/>
<activity android:name="com.pp.assistant.activity.PPCommonWebActivity" android:screenOrientation="portrait"/>
看起来直接调用了PP助手的activity,请问做应用商店的同学们,这些正常吗?