Reputation:
How do anti-virus software programmatically scan code of installed android apps (without root privileges)?
There are several android anti-virus softwares which I know of e.g:
- AVG Mobile
- AVAST Software
- McAfee (Intel Security)
- Norton Mobile
- Kaspersky Lаb
etc.
Each of which offer functionality to scan installed android applications for viruses etc. (even android devices which aren't rooted).
Screenshots proving the above are below:
But from what I know of apps installed on unrooted Android devices, one app can't access another installed app and its associated files e.g:
Pre-Install (i.e. Camera, Calendar, Browser,etc.) APK stored in /system/app/
User Install (ApiDemo, Any.do, etc.) APK stored in /data/app/
Package Manager create data directory /data/data// to store database, shared preference, native library and cache data
So how do applications like those described above, programmatically scan applications and their associated files as described above (Without root access)
Upvotes: 6
Views: 3693
Answers (2)
Reputation: 11
I'm not sure what the anti-virus sotfwares really do, but I know some way to access user install APK files without root access.
If you check /data/app carefully, you can find that although the access permission of /data/app is 771(rwxrwx--x), but the permission of APK files under /data/app is 644(rw-r--r--), which means you can read these APK files without root access.
An acceptable way may be like this:
1.use shell command "pm list packages" or PackageManager.getInstalledPackages() to get packages names of installed app.
2.try to read files in /data/app(com.aaa.bbb-N.apk, N is a number depends on the times the app installed, you can guess it)
tips1: The access permission of /system/app is 644(rw-r--r--), means that you can directly "ls" it. tips2: There is no way to read/write files under /data/data without root access under normal circumstances.
Upvotes: 1
Reputation: 21
It doesn't access the files as in one may think, it does not open them, use them, or scan the file's data in any way. Instead, it just checks the file names.
For AVG lets say: AVG uses a up to date database of viruses past and present. It scans through file names on your phone, checks them against it's database, and then alerts you if a name matches one recorded in the database. Thus, it is not breaking the rules established by android.
How do they get information on these viruses? Well, lucky for you, you probably were not the first one to get it. When a new virus is found, it gets reported, and then AVG adds it to it's database.
So, sadly, you can't access other files programmatically in the way it seems you describe. You can, however, access the file names inside of directories and use the file names to check against a database for viruses and other malware.
Upvotes: 2
Related Questions
- Android apps reverse engineering
- Android root access script
- How and where is Application executable code stored inside a device?
- Anti-Virus Detection on a legitimate program
- How are android intents handled at runtime?
- How some apk are stored by Android
- scanning permissions of an application in android before its installation
- Interception of Installed Applications on android device
- how are android security permissions checked at run-time?
- How would one scan another app (like an antivirus app does)?