Report Format ll-int-apk

This analysis report format applies to a dynamic analysis run on a Android platform (Deprecated). This type extends the Analysis Report Format type.

Report contents

  • api_level: (optional).

    Type: Integer.

    Example: 3.

    Android API level used by this analysis run.

  • analysis_subjects.

    Type: List of analysis subjects; see Android Analysis Subject Format.

    A list of programs monitored during the analysis run.

Android Analysis Subject Format

The analysis engine will monitor all analysis subjects, such as the originally started program and all child processes or processes that a monitored program interacts with, and then list any security relevant data.

This type extends the Analysis Subject Format type with additional information on Android analysis subjects.

Analysis subject contents

  • overview.

    Type: Dictionary.

    Overview of the analysis subject. In addition to the base format contents, the following elements are extracted:

    • program_name.

      Type: String.

      Name of the analyzed program.

  • valid_manifest: (optional).

    Type: Boolean.

    True if the Android package has a valid manifest.

  • valid_zipfile: (optional).

    Type: Boolean.

    True if the Android package is a valid ZIP file.

  • valid_androguard_zipfile: (optional).

    Type: Boolean.

    True if the Android package is a valid ZIP file that can be processed by AndroGuards analysis tool.

  • uses_native_code: (optional).

    Type: Boolean.

    True if the Android package makes use of native code.

  • uses_dynamic_code: (optional).

    Type: Boolean.

    True if the Android package makes use of dynamic code.

  • uses_reflection: (optional).

    Type: Boolean.

    True if the Android package makes use of reflection.

  • uses_crypto: (optional).

    Type: Boolean.

    True if the Android package makes use of crytographic functionality.

  • certificate: (optional).

    Type: Dictionary.

    The certificate included in the Android pacakge.

    • valid_from: (optional).

      Type: String.

      Example: “Sat Jan 01 00:00:00 GMT 2011”.

      The certificate validity start-date as extracted from the certificate.

    • valid_until: (optional).

      Type: String.

      Example: “Sat Dec 23 01:23:45 GMT 2045”.

      The certificate validity end-date as extracted from the certificate.

    • owner: (optional).

      Type: String.

      Example: “CN=John Doe, OU=android, O=My Apps, L=Dallas, ST=TX, C=US”.

      The certificate owner as extracted from the certificate.

    • issuer: (optional).

      Type: String.

      Example: “CN=John Doe, OU=android, O=My Apps, L=Dallas, ST=TX, C=US”.

      The certificate issuer as extracted from the certificate.

    • serial_number: (optional).

      Type: String.

      Example: “4d1a9bb1”.

      The certificate serial-number as extracted from the certificate.

    • md5: (optional).

      Type: Hexadecimal string/hash.

      Example: “AA:CC:12:FE:BB:C1:87:3E:08:44:DF:12:D4:6F:39:43”.

      The certificate MD5 hash as extracted from the certificate.

    • sha1: (optional).

      Type: Hexadecimal string/hash.

      Example: “AA:CC:12:FE:BB:C1:87:3E:08:44:DF:12:D4:6F:39:43:BB:C4:46:F9”.

      The certificate SHA1 hash as extracted from the certificate.

  • required_features: (optional).

    Type: List of strings.

    Example: “android.hardware.touchscreen”,”android.hardware.location.gps”.

    A list of Android features (by name) required by the Android application.

  • permissions: (optional).

    Type: List of permissions; see below.

    Permissions required/used by the Android application.

    • permission: (optional).

      Type: String.

      Example: “android.permission.WRITE_EXTERNAL_STORAGE”.

      Name of the permission.

    • calls: (optional).

      Type: List of calls; see Android Function Call.

      Function calls inside the Android application that indicate the use of the given permission.

  • activities: (optional).

    Type: List of activities; see below.

    Activities supported by the Android application.

    • name: (optional).

      Type: String.

      Example: “MainLogin”.

      Name of the activity.

    • intent_filters: (optional).

      Type: List of intent-filters; see Android Intent Filter.

      Intent-filters registered on the activity.

  • broadcast_receivers: (optional).

    Type: List of broadcast-receivers; see below.

    Broadcast-receivers supported by the Android application.

    • name: (optional).

      Type: String.

      Example: “com.amazon.inapp.purchasing.ResponseReceiver”.

      Name of the broadcast-receiver.

    • intent_filters: (optional).

      Type: List of intent-filters; see Android Intent Filter.

      Intent-filters registered on the broadcast-receiver.

  • service_creates: (optional).

    Type: List of services. See below.

    A list of services created by the analysis subject.

    • service_name: (optional).

      Type: String.

      Example: “com.movend.market_billing.BillingService”

      The name of the service.

    • intent_filters: (optional).

      Type: List of intent-filters; see Android Intent Filter.

      Intent-filters registered on the service.

  • service_starts: (optional).

    Type: List of services. See service_creates.

    A list of services started by the analysis subject.

  • file_reads: (optional).

    Type: List of files. See below.

    A list of files read by the analysis subject.

    • filename: (optional).

      Type: String.

      Example: “/data/data/com.android.mms/shared_prefs/com.android.mms_preferences.xml”

      The name of the file.

  • file_writes: (optional).

    Type: List of files. See file_reads.

    A list of files written by the analysis subject.

  • file_deletes: (optional).

    Type: List of files. See file_reads.

    A list of deleted written by the analysis subject.

  • file_leaks: (optional).

    Type: List of files. See file_reads.

    A list of files read and leaked to an external party by the analysis subject.

  • urls: (optional).

    Type: List of strings.

    Example: “http://test.com”,”https://test.org”.

    A list of URLs embedded inside the Android application.

  • dns_queries: (optional).

    Type: List of DNS queries; see DNS query.

    List of DNS queries done by the analysis subject.

  • network_connections: (optional).

    Type: List of network connections; see network connection.

    List of network connections done by the analysis subject using a protocol that is not parsed into a more specific protocol type.

  • http_conversations: (optional).

    Type: List of HTTP connections; see HTTP connection.

    List of network connections identified to use the HTTP protocol done by the analysis subject.

Android Function Call

Information about a function call.

Function call contents

  • call_site: (optional).

    Type: String.

    Location (module/function name) of the call.

  • called_function: (optional).

    Type: String.

    Called function (module/function name) that requires the given permission.

  • call_site_object: (optional).

    call_site parsed to object. Added for compatibility.

    • function_name: (optional).

      Type: String.

      Example: “disableKeyguard”.

      The call function name.

    • arguments: (optional).

      Type: List of argument dictionaries.

      Example: “[{‘type’: ‘int’}, {‘type’: ‘java.lang.String’}]”.

      Function arguments (types only).

    • return_type: (optional).

      Type: String.

      Example: ‘java/lang/String’.

      Function return type.

    • class_name: (optional).

      Type: String.

      Example: “rnasdvs.addB”.

      Class which function belongs to.

    • module_name: (optional).

      Type: String.

      Example: “com.tartiap.lnnhdatu”.

      Module for class and function.

  • called_function_object: (optional).

    called_function parsed to object. Added for compatibility.

    • function_name: (optional).

      Type: String.

      Example: “disableKeyguard”.

      The call function name.

    • arguments: (optional).

      Type: List of argument dictionaries.

      Example: “[{‘type’: ‘int’}, {‘type’: ‘java.lang.String’}]”.

      Function arguments (types only).

    • return_type: (optional).

      Type: String.

      Example: ‘java/lang/String’.

      Function return type.

    • class_name: (optional).

      Type: String.

      Example: “rnasdvs.addB”.

      Class which function belongs to.

    • module_name: (optional).

      Type: String.

      Example: “com.tartiap.lnnhdatu”.

      Module for class and function.

Android Intent Filter

Intent-filters registered on the Android activities, broadcast-receivers or services.

Intent filter contents

  • action: (optional).

    Type: String.

    Example: “android.intent.action.MAIN”.

    Intent-filter action.

  • category: (optional).

    Type: String.

    Example: “android.intent.category.LAUNCHER”.

    Intent-filter category.