【Android】Mobile-Security-Framework-MobSF Manifest 静态扫描规则

前言

移动安全框架(MobSF)是一个自动化的一体化移动应用程序(Android/iOS/Windows)测试、恶意软件分析和安全评估框架,能够执行静态和动态分析。MobSF支持移动应用程序二进制文件(APK、XAPK、IPA和APPX)以及压缩源代码,并提供REST API,可与您的CI/CD或DevSecOps管道无缝集成。动态分析器可帮助您执行运行时安全评估和交互式仪器测试。

通过分析源码中对manifest的检测规则,来学习其可能存在的安全风险。

正文

源码位置views/android/manifest_analysis.py的manifest_analysis函数

 high*6

规则名条件级别描述
a_clear_textandroid:usesCleartextTraffic=truehighThe app intends to use cleartext network traffic, such as cleartext HTTP, FTP stacks, DownloadManager, and MediaPlayer. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
a_debuggableandroid:debuggable=truehighDebugging was enabled on the app which makes it easier for reverse engineers to hook a debugger to it. This allows dumping a stack trace and accessing debugging helper classes.
a_testonlyandroid:testOnly=truehighIt may expose functionality or data outside of itself that would cause a security hole.
a_launchmodeandroid:launchMode = singleInstance or singleTaskhighAn Activity should not be having the launch mode attribute set to "singleTask/singleInstance" as it becomes root Activity and it is possible for other applications to read the contents of the calling Intent. So it is required to use the "standard" launch mode attribute when sensitive information is included in an Intent.
a_not_protectedandroid:exported=truehighA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.
a_improper_providerandroid:pathPrefix == /highA content provider permission was set to allows access from any other app on the device. Content providers may contain sensitive information about an app and therefore should not be shared.

warning*28

规则名条件级别描述
a_allowbackupApplication Data can be Backed up [android:allowBackup=true]warningThis flag allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_allowbackup_missApplication Data can be Backed up [android:allowBackup] flag is missing.warningThe flag [android:allowBackup] should be set to false. By default it is set to true and allows anyone to backup your application data via adb. It allows users who have enabled USB debugging to copy application data off of the device.
a_taskaffinityTaskAffinity is set for ActivitywarningIf taskAffinity is set, then other application could read the Intents sent to Activities belonging to another task. Always use the default setting keeping the affinity as the package name in order to prevent sensitive information inside sent or received Intents from being read by another application.
a_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the  permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device.  It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
a_prot_unknown_applis Protected by a permission at the application, but the protection level of the permission should be checked.[android:exported=true]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_not_protected_filteris not Protected.An intent-filter exists.warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. The presence of intent-filter indicates that the %s is explicitly exported.
c_not_protectedis not Protected.[[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is a Content Provider that targets an API level under 17, which makes it exported by default, regardless of the API level of the system that the application runs on.
c_not_protected2would not be Protected if the application ran on a device where the the API level was less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s %s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would be shared with other apps on the device therefore leaving it accessible to any other application on the device.
c_prot_normalis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_dangeris Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknownis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to normal. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at the application level. However, the protection level of the permission is set to dangerous. This means that a malicious application can request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_applis Protected by a permission at application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]warningA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by a permission at application level which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17 [Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_newis Protected by a permission, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_newis Protected by a permission, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
c_prot_normal_new_applis Protected by a permission at the application level should be checked, but the protection level of the permission if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider (%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to normal. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_danger_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to dangerous. This means that a malicious application could request and obtain the permission and interact with the component. If it was set to signature, only applications signed with the same certificate could obtain the permission.
c_prot_unknown_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked  if the application runs on a device where the the API level is less than 17.[Content Provider, targetSdkVersion >= 17]warningThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. In that situation, it would still be protected by a permission which is not defined in the analysed application. As a result, the protection level of the permission should be checked where it is defined. If it is set to normal or dangerous, a malicious application can request and obtain the permission and interact with the component. If it is set to signature, only applications signed with the same certificate can obtain the permission.
a_dailer_codeDailer Code: Found <br>[android:scheme="android_secret_code"]warningA secret code was found in the manifest. These codes, when entered into the dialer grant access to hidden content that may contain sensitive information.
a_sms_receiver_portData SMS Receiver Set on Port: Found<br>[android:port]warningA binary SMS receiver is configured to listen on a port. Binary SMS messages sent to a device are processed by the application in whichever way the developer choses. The data in this SMS should be properly validated by the application. Furthermore, the application should assume that the SMS being received is from an untrusted source.
a_high_intent_priorityHigh Intent Priority [android:priority]warningBy setting an intent priority higher than another intent, the app effectively overrides other requests.
a_high_action_priorityHigh Action Priority [android:priority]warningBy setting an action priority higher than another action, the app effectively overrides other requests.

info*14

规则名条件级别描述
a_boot_awareApp is direct-boot aware [android:directBootAware=true]infoThis app can run before the user unlocks the device. If you're using a custom subclass of Application, and if any component inside your application is direct - boot aware, then your entire custom application is considered to be direct - boot aware.During Direct Boot, your application can only access the data that is stored in device protected storage.
a_network_secApp has a Network Security Configuration [android:networkSecurityConfig]infoThe Network Security Configuration feature lets apps customize their network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app. 
a_prot_signis Protected by a permission.[android:exported=true]infoA%s %s is found to be exported, but is protected by permission.
a_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
a_prot_sign_applProtected by a permission at the application level.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level.
a_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[android:exported=true]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_signis Protected by a permission.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission.
c_prot_sign_sysis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be shared with other apps on the device therefore leaving it accessible to any other application on the device. It is protected by permission at the application level.
c_prot_sign_sys_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion < 17]infoA%s %s is found to be exported, but is protected by a permission at the application level. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_newis Protected by a permission.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_newis Protected by a permission, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.
c_prot_sign_new_applis Protected by a permission at the application level.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the the API level was less than 17. Nevertheless, it is protected by a permission.
c_prot_sign_sys_new_applis Protected by a permission at the application level, but the protection level of the permission should be checked.[Content Provider, targetSdkVersion >= 17]infoThe Content Provider(%s) would be exported if the application ran on a device where the API level was less than 17. In that situation, it would still be protected by a permission. However, the protection level of the permission is set to signatureOrSystem. It is recommended that signature level is used instead. Signature level should suffice for most purposes, and does not depend on where the applications are installed on the device.

后话

上述的48个manifest的风险项应该是比较全的了,可以当做学习资料和风险checklist进行查询。

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值