1

A coworker and I were talking (after a fashion) about an article I read (HTC permission security risk). Basically, the argument came down to whether or not it was possible to log every action that an application was doing. Then someone (an abstract theroetical person) would go through and see if the app was doing what it was supposed to do and not trying to be all malicious like.

I have been programming in Android for a year now, and as far as I know if -- if -- that was possible, you would have to hack Dalvik and output what each process was doing. Even if you were to do that, I think it would be completely indecipherable because of the sheer amount of stuff each process was doing.

Can I get some input one way or the other? Is it completely impractical to even attempt to log what a foriegn application is doing?

EJoshuaS - Stand with Ukraine
  • 11,977
  • 56
  • 49
  • 78
ahodder
  • 11,353
  • 14
  • 71
  • 114
  • Assuming you're willing to modify the Dalvik VM, it would be much easier to look for specific actions. To just do a generic capture is possible but there will be so much noise that using the data you collect will still be a challenge. A better option might be to use apktool and examine the APK's source. – mah Oct 04 '11 at 17:47
  • That is definitely the easier option, and preferably, that is what I would do. – ahodder Oct 04 '11 at 17:50
  • you probably talk about a smartphone version of a key-logger. not very nice of you. and illegal too. – MarianP Oct 04 '11 at 17:56
  • @MarianP, I think you missed the point. I'm not trying to make an app that tracks user input. I want to know if it's feasible to track what an application is doing [behind the scenes] to verify that it is indeed doing it's expected tasks. Not, for instance, sending text messages while all it's suppose to be doing is to display images. User interaction or key logging isn't the issue here. – ahodder Oct 04 '11 at 18:06
  • okay then. I think, we should first try to define what would an 'action' be. Saving stacktrace at each point would probably not be a way to go. – MarianP Oct 04 '11 at 18:15
  • thinking about it little more, AOP (aspect oriented programming) might be an answer in regular Java virtual machine. This post discusses it http://stackoverflow.com/questions/3759232/aspect-oriented-programming-in-android – MarianP Oct 04 '11 at 18:18
  • @MarianP, I read over `Guice`, I'm not sure that would work either under the assumption that you don't have access to the source. If you did, why not just browse it? – ahodder Oct 04 '11 at 21:26

2 Answers2

1

I have been programming in Android for a year now, and as far as I know if -- if -- that was possible, you would have to hack Dalvik and output what each process was doing.

Not so much "hack Dalvik" but "hack the android.* class library, and perhaps a few other things (e.g., java.net).

Even if you were to do that, I think it would be completely indecipherable because of the sheer amount of stuff each process was doing.

You might be able to do some fancy pattern matching or something on the output -- given that you have determined patterns of inappropriate actions. Of course, there is also the small matter of having to manually test the app (to generate the output).

Is it completely impractical to even attempt to log what a foriegn application is doing?

From an SDK app? I damn well hope so.

From a device running a modded firmware with the aforementioned changes? I'd say it is impractical unless you have a fairly decent-sized development team, at which point it is merely expensive.

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
0

This is both possible and practical if you are compiling your own ROM. Android is based on Linux and I know several projects like this for Linux, like Linux Trace Toolkit. I also know of research into visualizing the results and detecting malicious apps from the results as well.

Another thing functionality like this is often used for is performance and reliability monitoring. You can read about the DTRACE functionality in Solaris to learn more about how this sort of stuff is used in business rather than academia.

Lance Nanek
  • 6,377
  • 2
  • 24
  • 19