12

Recently, i have been trying to understand how some apps manage to change android browser settings by code like the homepage. This is how "far" i have come. It is not support by the android api and normal code. You have to use native code. I analysed a advertising sdk which was the way most of the apps managed to change the settings. My first thoughts were that it may did some kind of root exploiting to get full access to shared preferences where the settings are stored.

I did som research and analysing on the sdk and found similarities beetwen the sdk and a malware called Plankton. Both the malware and the SDK collects device info and sends a request to a C&C server and downloads a jar file with native code. It "exploits Dalvik class loading capability to stay stealthy" instead of using root exploits. It supports some commands like setting homepage, shortcuts, and bookmarks and collecting browser history.

I have tried to manually download the jar from the server by using the url and adding the post data to it from the sdk but i didnt get it to work. Maybe i have messed with the post data. How can it change the settings without having root access and instead using dalivk exploit? Any thoughts would be appreciated.

Link for SDK

Ukjent
  • 823
  • 2
  • 9
  • 26
  • "i have been trying to understand how some apps manage to change android browser settings by code like the homepage" -- name any app that does this successfully on Android 4.x. – CommonsWare Nov 04 '12 at 16:12
  • @CommonsWare I have tried several apps that have manage to do it on my Samsung s2 running 4.0.4. Internet connection is required for it to work because of the jar download. Have a look at this app: http://goo.gl/9PZQn – Ukjent Nov 04 '12 at 16:36
  • That app does not modify the home page on a Nexus S running Android 4.1. – CommonsWare Nov 04 '12 at 19:34
  • 1
    Hmm, maybe the exploit have been fixed in 4.1. Also a thing to be aware is that it is not always it changes if the settings have alleredy been changed before. I downloaded an app and the settings changed. I deleted the settings and downloaded another app but nothing happends. I reseted the device and innstall the same app. Then it changed :) – Ukjent Nov 04 '12 at 19:40
  • you shouldn't do this. http://stackoverflow.com/questions/9524494/how-to-change-the-default-android-browsers-homepage-within-an-app – deefactorial Nov 08 '12 at 17:39

2 Answers2

1

Not really on topic, but 'collecting browser history' is a supported function of the stock browser. There is a permission needed as can be seen on: http://developer.android.com/reference/android/Manifest.permission.html#READ_HISTORY_BOOKMARKS

public static final String READ_HISTORY_BOOKMARKS Added in API level 4 Allows an application to read (but not write) the user's browsing history and bookmarks. Constant Value: "com.android.browser.permission.READ_HISTORY_BOOKMARKS"

Hope this helps a bit

FrankkieNL
  • 711
  • 9
  • 22
  • Yes, it is also possible to set bookmarks and shortcuts. The homepage is stored in a preference file and not avaiable by the api. – Ukjent Nov 02 '12 at 09:08
0
  1. Put your device on wifi
  2. set the system proxy to fiddler
  3. run the app that downloads the jar.
  4. Grab the jar from fiddler.
  5. Profit
j_mcnally
  • 6,928
  • 2
  • 31
  • 46