Every day more Android users use their smartphones to access our company’s email, do business, make purchases, access social networks or even to bank accounts through their bank apps. All these services make use of sensitive information of each user. However, the vast majority of these devices are not secure. Additionally, typical users lack extensive security knowledge, which means that their personal data could be at the mercy of various security problems.
Today’s devices, to make things difficult, are connected and periodically sync to information clouds or sync directly to the computer. All this means that the keys and sensitive data are stored in unsafe places, and the user has no control over them. We are basically vulnerable to large amounts of malware.
In order to show you the importance of being cautious about how do we utilize our smartphones, and how easy is to develop an Android app that retrieves personal information about its user, we present this easy practice. A very basic knowledge of Java will be necesary to be able to unsertand it.
TOOLS THAT WILL BE USED
1 An IDE, such as Eclipse, to be able to use the JDK or Java Development Kit (Eclipse IDE for Java Developers): http://www.eclipse.org/downloads/packages/
2 Android development tools or SDK. It is also possible to use the Android development environment based on Eclipse or ADT, from which it is possible to use an emulator or AVD that allows you to run an Android “virtual machine”: http://developer.android.com/sdk/index.html?hl=sk
There is the possibility of using an emulator much faster than this one, that comes with the Android SDK already installed. It’s called Genymotion and it has a free version.
https://shop.genymotion.com/index.php?controller=order-opc
3 A smartphone with Android operating system to be able to test those functionalities that do not work in an emulator. To make use of it, you must activate the option “Developer option” within the settings menu and connect the device to the computer for the IDE to recognize it.
If you do not find this option in your mobile, do not worry. Just find the option Build number under Settings > System > About phone > Software info, and tap it seven times. After the first few taps, you should see the steps counting down until you unlock the developer options.
INTRODUCTION TO THE PRACTICE
The following practice intends to show how easy is to develop an application stores data from us, like a malware. Some of these Java code examples will be shown.
GETTING THE TYPE OF DEVICE
The following piece of code is intended to show a way of knowing the victim’s device, with two possible outcomes: smartphone or tablet.
static MainActivity context = this; public static String guessTypeOfDevice() { TelephonyManager manager = (TelephonyManager) context.getSystemService(context.TELEPHONY_SERVICE); if(manager.getPhoneType() == TelephonyManager.PHONE_TYPE_NONE){ return " ·∙ TYPE: Tablet"; }else{ return " ·∙ TYPE: Mobile"; } }
First of all, define a static variable of the class we are working on called context. Once inside the method, a call is made to getSystemService () in order to know if the victim’s device is a phone or not. The result that is returned is stored in the manager variable of type TelephonyManager. Therefore, if the returned result is TelephonyManager.PHONE_TYPE_NONE (if part of the if-else), it would be indicating that it is not a mobile phone. Otherwise (else part of the if-else), if we would be talking about a phone.
This simple code has been quite useful when smartphones and tablets did not share the same version of the same Android operating system, since it allowed different actions to be carried out depending on the device on which the application was running. However, and although from Android 4.0 both devices share the same version of Android, this functionality continues to be used a lot.
GETTING ANDROID’S VERSION
The following simple piece of code is intended to show a way to find out the version of the victim’s Android device.
private String getAndroidVersion(){ return " ·∙ VERSION: " + Build.VERSION.RELEASE; }
Its description is as simple as using the Build.VERSION.RELEASE attribute and returning it as String so that you can work with it.
Its usefulness is very important when it comes to choosing the actions to carry out according to the version of the device in hand, since there are multiple versions of Android on the market, and of course, there is functionality that is not supported by many versions prior to current ones.
GETTING THE IMEI NUMBER
The following piece of code is intended to show how to get the IMEI number of an Android device.
private String getMyPhoneIMEI() { TelephonyManager mTelephonyMgr; mTelephonyMgr = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE); String imei = mTelephonyMgr.getDeviceId(); return " ·∙ IMEI: " + imei; }
The code for this case simply makes a call to the getSystemService (Context.TELEPHONY_SERVICE) method that was used previously, to obtain an object of type TelephonyService, with which we can obtain information about the telephone services of the telephone under investigation. In addition, we will also use the getDeviceId() method within the class of the TelephonyService type object to return the IMEI number.
Its usefulness lies in the importance of the IMEI number. This is a unique identification number for each terminal. Through this number, telephone operators can know, apart from whom and from where, the telephone terminal that was used to make each call, and even lock the device in case of theft. In fact, it is also responsible for identifying each terminal globally when it connects to the network.
GETTING THE NETWORK PROVIDER
The piece of code below is intended to retrieve the name of the network operator the telephone device is connected to.
private String getMyPhoneOperator() { TelephonyManager mTelephonyMgr; mTelephonyMgr = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE); String opName = mTelephonyMgr.getNetworkOperatorName(); return " · OPERATOR NAME: " + opName; }
The code makes use of the TelephoneManager class again to obtain an object of this type by calling the getSystemService (Context.TELEPHONY_SERVICE) method and then calling the getNetworkOperatorName () method to obtain the name of the operator that is used to access the network.
Its usefulness lies in knowing the network restrictions or personalized configuration of each mobile depending on the operator with which you have contracted a telephone service.
GETTING THE BATTERY LEVEL
The following piece of code aims to get the battery level of the Android device.
private String getBatteryState() { IntentFilter filter = new IntentFilter(Intent.ACTION_BATTERY_CHANGED); Intent intent = this.registerReceiver(null, filter); int level = intent.getIntExtra(BatteryManager.EXTRA_LEVEL, 0); return " ·∙ BATTERY: " + (level) + "%"; }
The code consists of obtaining an object of type IntentFilter with the action ACTION_BATTERY_CHANGED, which will be inserted as a parameter when creating the object of type Intent, from which the method getIntExtra (BatteryManager.EXTRA_LEVEL, 0) will be called, which will return an integer with the current battery level.
Its usefulness lies in executing some actions only allowed with a minimum battery level.
GETTING THE TEMPERATURE LEVEL OF THE DEVICE
The following piece of code aims to measure the battery level of the device.
private String getPhoneTemperature() { IntentFilter filter = new IntentFilter(Intent.ACTION_BATTERY_CHANGED); Intent intent = this.registerReceiver(null, filter); int t = intent.getIntExtra(BatteryManager.EXTRA_TEMPERATURE, 0); return " ·∙ TEMPERATURE: " + (t -‐ 273); }
The code consists, as previously, of creating an IntentFilter object with the Intent.ACTION_BATTERY_CHANGED parameter, and then using it as a parameter when creating an Intent object. Thanks to this newly created object, the getIntExtra (BatteryManager.EXTRA_TEMPERATURE, 0) method can be invoked, which will return the value of the mobile temperature in degrees Kelvin. To obtain the temperature in degrees centigrade, we will subtract the value 273 from the value obtained recently.
It is possible to use it to get an idea of the state of the device, since it is possible that some terminals heat up exponentially with the use of some functionalities.
GETTING THE STORES CONTACTS
The proposed code below is intended to show a way to get all the contacts from an Android device. To better explain and understand the code, several comments have been added to those lines of code that may be more difficult to understand.
private ArrayList> getContacts() { // The ContentResolver manages the mobile information ContentResolver cr = getContentResolver(); // Queries to the structured data set of contact names and telephone numbers Cursor cCur = cr.query(ContactsContract.Contacts.CONTENT_URI, null, null, null, null); Cursor pCur = cr.query(ContactsContract.CommonDataKinds.Phone.CONTENT_URI, null, null, null, null); ArrayList> data = new ArrayList>(); HashMap(); // The name of each contact is saved in HashMap contacts while (cCur.moveToNext()) { String id = cCur.getString(cCur.getColumnIndex( ContactsContract.Contacts.LOOKUP_KEY)); String name = cCur.getString(cCur.getColumnIndex( ContactsContract.Contacts.DISPLAY_NAME)); contacts.put(id, name); } // The name of each contact is retrieved from the previous HashMap and the phone number is retrieved, saving both data together in a HashMap that will be saved in the ArrayList that will be returned. while (pCur.moveToNext()) { String id = pCur.getString(pCur.getColumnIndex( ContactsContract.Contacts.LOOKUP_KEY)); String name = contacts.get(id); String phone = pCur.getString(pCur.getColumnIndex( ContactsContract.CommonDataKinds.Phone.DATA)); HashMap h = new HashMap(); h.put("name", name); h.put("phone", phone); data.add(h); } pCur.close(); cCur.close(); return data; }
This functionality is useful, for example, in so-called SMS Trojans, since they manage to send SMSs to the victim’s mobile contacts. A real example is the Trojan- SMS.AndroidOS.Opfake.a which, apart from its own malicious activities, spread Backdoor.AndroidOS.Obad.a by sending spam with links to this malware to all the addresses in the contact list of the victim.
CONCLUSION
Once the practice is finished, we can conclude by saying that the task of creating a spyware is not complex at all. In addition, it is so easy and simple to perform in terms of computational activity that it is normal to find this type of functionality embedded within another application. The FlexiSpy program is a good real example of spyware whose function was to monitor and send to a remote server the details of the call records, among others. It made its first appearance in 2006, targeting the Symbian OS and BlackBerry Mobile platforms. However, it was not until July 2, 2007 that the antivirus company Symantec detected it for the first time.
This was the only post that helped me understand how easy a spy app can be developed, and how fragile our mobile os can be.