Is your feature request related to a problem? Please describe.
Some APKs seemingly has a different naming scheme for things that usually are prefixed with android:xxxx, this prevents mobsf from properly listing things such as used permissions etc.
At present I am unsure whether this comes from the build process of the APK itself, or if it comes from the tooling underneath mobsf to extract the manifest.
Describe the solution you'd like
Preferably MobSF would read the XMLNS attached to http://schemas.android.com/apk/res/android instead of using the hardcoded android: prefix.
Describe alternatives you've considered
I took a look at the source code to figure out whether the prefix was hard coded in MobSF, and it does seem to be the case looking at
|
minsdk = node.getAttribute('android:minSdkVersion') |
Additional context
I am not sure whether linking APK mirrors here are allowed, but for testing I used Vivaldi Browser 6.1.3035.102 of the x86_64 architecture.
MobSF version: c7578b8 (jun 14)
Is your feature request related to a problem? Please describe.
Some APKs seemingly has a different naming scheme for things that usually are prefixed with
android:xxxx, this prevents mobsf from properly listing things such as used permissions etc.At present I am unsure whether this comes from the build process of the APK itself, or if it comes from the tooling underneath mobsf to extract the manifest.
Describe the solution you'd like
Preferably MobSF would read the XMLNS attached to
http://schemas.android.com/apk/res/androidinstead of using the hardcodedandroid:prefix.Describe alternatives you've considered
I took a look at the source code to figure out whether the prefix was hard coded in MobSF, and it does seem to be the case looking at
Mobile-Security-Framework-MobSF/mobsf/StaticAnalyzer/views/android/manifest_analysis.py
Line 97 in dc0dc27
Additional context
I am not sure whether linking APK mirrors here are allowed, but for testing I used Vivaldi Browser 6.1.3035.102 of the x86_64 architecture.
MobSF version: c7578b8 (jun 14)