How can I count method calls inside APK? (using .smali format)

Question

I am trying to develop a tool that basically analyses an Android app APK and counts the number of calls to a specific API method (e.g., android.app.AlarmManager.set())

1. What approach do you recommend?

So far I have used APKTool and now I have.smali files. However, for the same java source, I can have multiple files:

• ExportAsyncTask$1.smali
• ExportAsyncTask$2.smali
• ExportAsyncTask$3.smali
• ExportAsyncTask$4.smali

2. What do these multiple files mean?

3. The resulting .smali files also include external libraries that I would like to leave out the analysis. How can I do that?

Answer 1

1. What approach do you recommend?

Yes, Apktool can be used for your task. Each java class in the APK will be represented by a .smali file in directories tree representing the packages. Smali - is the Android Virtual Machine language. The language is much simpler than Java and hence easier for analysis. In your case you should search for invoke opcodes and Landroid/app/AlarmManager;->set strings. If you are working in Linux, you can for example grep and count them. In Windows you have text editors like Notepad++ that allow text search in multiple files.

2. What do these multiple files mean?

In Java there are internal classes and implicit internal classes. The former will appear in OutherClass$InnerClass.smali and the later, having no name of its own, get numbers, like OuterClass$1.smali. You sometimes even get more deep levels like a$b$c$1.smali.

3. The resulting .smali files also include external libraries that I would like to leave out the analysis. How can I do that?

You have no precise way to do that. But generally speaking, when you look at the packages/directory tree of many samples you usually grasp the pattern. E.g. usually application code is in com.* package and android.*, org.* and uk.* include libraries. After such inspection you simply exclude those directories from your search.