Mobile Audit SAST and Malware Analysis for APKs
Mobile Audit SAST and Malware Analysis for APKs
Android
·3 min read

Mobile Audit: SAST and Malware Analysis for APKs

MobileAudit – SAST and Malware Analysis for Android Mobile APKs

Django Web application for performing Static Analysis and detecting malware in Android APKs

Components

Components Mobile Audit
Components Mobile Audit
  • db: PostgreSQL 13
  • nginx: Nginx 1.18.0
  • web: Mobile Audit App

Docker Base images

Image is based on python buster. Link to Docker Hub image

ImageTagsBase
mpast/mobile_audit1.2.0python:3.9.1-buster
mpast/mobile_audit1.1.0python:3.9.0-buster
mpast/mobile_audit1.0.0python:3.9.0-buster

Main features

  •  Uses Docker for easy deployment in multiplatform environment
  •  Extract all information of the APK
  •  Analyze all the source code searching for weaknesses
  •  All findings are categorized and follows CWE standards
  •  Also highlight the Best Practices in Secure Android Implementation in the APK
  •  The findings can be edited and the false positives can be triaged and deleted
  •  All scan results can be exported to PDF
  •  User authentication and user management
  •  API v1 with Swagger and ReDoc
  •  TLS
  •  Export to Markdown
  •  Export to CSV
  •  LDAP integration
  •  Dynamic page reload

Integrations

Virus Total (API v3)

It checks if there has been an scan of the APK and extract all its information. Also, there is the possibility of uploading the APK is selected a property in the environment (Disabled by default).

Defect Dojo (API v2)

It is possible to upload the findings to the defect manager.

MalwareDB

It checks in the database if there are URLs in the APK that are related with Malware.

Installation

Using Docker-compose:

The provided docker-compose.yml file allows you to run the app locally in development. To start the container, run:

docker-compose up

If there are changes to the local Application Dockerfile, you can build the image with

docker-compose build

Once the application has launched, you can test the application by navigating to: http://localhost:8888/ to access the dashboard.

Dashboard Mobile Audit
Dashboard Mobile Audit

Also, there is a TLS version running in port 443, so you can test the application by navigating to: https://localhost/ to access the dashboard.

For more information, see TLS

In each of the scans, it would have the following information:

  • Application Info
  • Security Info
  • Components
  • SAST Findings
  • Best Practices Implemented
  • Virus Total Info
  • Certificate Info
  • Strings
  • Databases
  • Files

For easy access there is a sidebar on the left page of the scan:

Sidebar left
Sidebar left

API v1

REST API integration with Swagger and ReDoc.

Usage

  • Endpoint to authenticate and get token: /api/v1/auth-token/
  • Once authenticated, use header in all requests: Authorization: Token <ApiKey>

Swagger

Swagger API
Swagger API

ReDoc

See also
ReDoc API
ReDoc API

Endpoints

  • A JSON view of the API specification at /swagger.json
  • A YAML view of the API specification at /swagger.yaml
  • A swagger-ui view of your API specification at /swagger/
  • A ReDoc view of your API specification at /redoc/

TLS

Pre-requirements

  • Add the certificates into nginx/ssl
  • To generate a self-signed certificate:
openssl req -x509 -nodes -days 1 -newkey rsa:4096 -subj "/C=ES/ST=Madrid/L=Madrid/O=Example/OU=IT/CN=localhost" -keyout nginx/ssl/nginx.key -out nginx/ssl/nginx.crt

Nginx configuration

  • TLS – port 443: nginx/app_tls.conf
  • Standard – port 8888: nginx/app.conf

Docker configuration

There are two volumes in docker-compose.yml with the configurations. By default both 443 and 8888 ports will be available, but use only TLS configuration for production deployments.

- ./nginx/app.conf:/etc/nginx/conf.d/app.conf
- ./nginx/app_tls.conf:/etc/nginx/conf.d/app_tls.conf

Environment variables

All the environment variables are in a .env file, there is an .env.example with all the variables needed. Also there are collected in app/config/settings.py:

CWE_URL = env('CWE_URL', 'https://cwe.mitre.org/data/definitions/')

MALWAREDB_ENABLED = env('MALWAREDB_ENABLED', True)
MALWAREDB_URL = env('MALWAREDB_URL', 'https://www.malwaredomainlist.com/mdlcsv.php')

VIRUSTOTAL_ENABLED = env('VIRUSTOTAL_ENABLED', False)
VIRUSTOTAL_URL = env('VIRUSTOTAL_URL', 'https://www.virustotal.com/')
VIRUSTOTAL_FILE_URL = env('VIRUSTOTAL_FILE_URL', 'https://www.virustotal.com/gui/file/')
VIRUSTOTAL_API_URL_V3 = env('VIRUSTOTAL_API_URL_V3', 'https://www.virustotal.com/api/v3/')
VIRUSTOTAL_URL_V2 = env('VIRUSTOTAL_API_URL_V2', 'https://www.virustotal.com/vtapi/v2/file/')
VIRUSTOTAL_API_KEY = env('VIRUSTOTAL_API_KEY', '')
VIRUSTOTAL_UPLOAD = env('VIRUSTOTAL_UPLOAD', False)

DEFECTDOJO_ENABLED = env('DEFECTDOJO_ENABLED', False)
DEFECTDOJO_URL = env('DEFECTDOJO_URL', 'http://defectdojo:8080/finding/')
DEFECTDOJO_API_URL = env('DEFECTDOJO_API_URL', 'http://defectdojo:8080/api/v2/')
DEFECTDOJO_API_KEY = env('DEFECTDOJO_API_KEY', '')
Dark Mode

mobileAudit (this link opens in a new window) by mpast (this link opens in a new window)

Django application that performs SAST and Malware Analysis for Android Mobile APKs

1 Subscriber 4 Watchers 1 Fork Check out this repository on GitHub.com (this link opens in a new window)

Privacy settings

Decide which cookies you want to allow. You can change these settings at any time. However, this can result in some functions no longer being available. For information on deleting the cookies, please consult your browser’s help function. Learn more about the cookies we use.

With the slider, you can enable or disable different types of cookies:

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected

This website won't

  • Remember your login details
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country

This website won't

  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Essential: Remember your cookie permission setting
  • Essential: Allow session cookies
  • Essential: Gather information you input into a contact forms newsletter and other forms across all pages
  • Essential: Keep track of what you input in a shopping cart
  • Essential: Authenticate that you are logged into your user account
  • Essential: Remember language version you selected
  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions

This website won't

  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website will

  • Functionality: Remember social media settings
  • Functionality: Remember selected region and country
  • Analytics: Keep track of your visited pages and interaction taken
  • Analytics: Keep track about your location and region based on your IP number
  • Analytics: Keep track of the time spent on each page
  • Analytics: Increase the data quality of the statistics functions
  • Advertising: Tailor information and advertising to your interests based on e.g. the content you have visited before. (Currently we do not use targeting or targeting cookies)
  • Advertising: Gather personally identifiable information such as name and location

This website won't

  • Remember your login details
Save & Close