An Application Programming Interface (API) is an interface or communication protocol between a client and a server intended to simplify the building of client-side software. It has been described as a “contract” between the client and the server, such that if the client makes a request in a specific format, it will always get a response in a specific format or initiate a defined action. In building applications, an API simplifies programming by abstracting the underlying implementation and only exposing objects or actions the developer needs.
Android uses thousands of APIs to add different functionality in the application. It is a layered architecture. The API lies in the second layer (from the top) called as Application Framework layer.
Application framework layer is on top of native library layer. The application layer provides major Application programming interface (APIs) and higher-level services in the form of java classes. The application developers are allowed to access all the APIs framework for the core programs that make simpler the reuse of APIs components. These APIs are open to everybody to create android applications. There is different type of application components. Each type has a different lifecycle and purpose that describes how the component will be created and destroyed.
There is no definite defination for Sensitive APIs. Sensitive API's are the API's which handles the sensitive information in Android Devices. Now the sensitive information can be personal information rendering, it can be reading of databases, it can be sensing and receiving sms etc.
In this tool the Sensitive API's are the set of APIs which are used to access Sensitive Resources on the Android Device. Sensitive Resources such as Devce ID of the Application, Location of the user, getting the information about Network Type.
There are 10 API classes used as Sensitive API classes. All these API classes will have different API methods which are used to detect the malicious behaviour in an Application.
E.g.-
- Landroid/telephony/TelephonyManager;->listen(Landroid/telephony/PhoneStateListener; I)V
- Landroid/telephony/TelephonyManager;->getNetworkType()I
- Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo;
- Landroid/content/pm/PackageManager;->isSafeMode()Z
In the above examples TelephonyManager, ConnectivityManager, PackageManager are the API classes and listen(), getNetworkType(), getActiveNetworkInfo(), isSafeMode() are the API Methods.
The Tool uses the following Sensitive APIs Classes -
These classes are used to give the list of all Sensitive API calls as an output.
Written in python .
Every Application .apk is having a set of SENSITIVE APIs.
The tool follows the following steps :-
androguard cg 'Application Name'
A callgraph.gml is created using the above command in the same folder where application is placed.
python3 Sensitive_API.py -p [Path of your GML (Callgraph) Application] -g [Name of the GML (Callgraph)]
The code will give you the set of the Sensitive APIs of that particular Android Malware Application-
