2

I've decided to start doing research into mobile malware, specifically Android, in order to understand it better. I don't have much of a background in Android programming, or in malware creation.

First off, what is the difference between the code of an Android app, and Android malware? I've written a few simple apps, but I'm not sure where to begin on malware.

Second, I know Google offers APIs that can help with a lot of things that Android malware can do, but I'm not very familiar with them. I'd like to write a very simple piece of Android malware that will create a copy of incoming text messages and send them, transparently to another number. Is this difficult to do?

Thanks in advance.

TRAMZ_11
  • 31
  • 1
  • 6

1 Answers1

2

What is the difference between the code of an Android app, and Android malware?

Short: Nothing.

Long: Malware apps usually don't have a great users experience or don't even do anything other than showing ads and stealing data. Sometimes data stealing app are hidden in a simple Android game. Code on the inside of the app is just Java or C++ or whatever code you may like to program Android apps in.

I'd like to write a very simple piece of Android malware that will create a copy of incoming text messages and send them, transparently to another number. Is this difficult to do?

Short: No, depending on your programming skillzzz.

Long:

  1. First find some good reason for potential (dumb) victims to install your app like: "This app makes a backup of your messages" or "Ad-blocker no root, download now!".

  2. Write some code that will read the messages database (See: How can I read SMS messages from the device programmatically in Android?)

  3. Write some code to upload the stolen messages to some server or send them to another phone number (See: Send SMS in android). Sending sms without the sms messages appearing in the messaging app can be done!

Keep in mind that users will see all permissions the (Malware) app has when installing it and they need to accept those. But most users don't even look at them and just press accept ;)

A full list of permissions in Android can be found here: http://developer.android.com/reference/android/Manifest.permission.html

Note: I have written this post based on how most of the Malware apps work on Android.

Community
  • 1
  • 1
Rolf ツ
  • 8,611
  • 6
  • 47
  • 72
  • Alright, awesome! So, basically, I just write this as if I were writing any other application, thank you for your help! – TRAMZ_11 Nov 02 '14 at 22:24