A set of scripts to check Android device security configuration.
The check-device-props.py
script checks security configuration based on system properties
and some basic system commands.
Requires ADB connection.
Set ANDROID_SERIAL
and/or ADB_VENDOR_KEYS
if more than one device is connected to host,
or if ADB authentication is required.
./check-device-props.py
WARN
messages mark potential configuration issues.A simple script to check security configuration of system APKs for Android-based devices. Mainly targeted towards IoT-style devices, probably not that useful for phones/tablets. Not meant to be a replacement for CTS or other extensive test suites.
Checks are focused on permissions, code signing and component configuration. This script does not attempt to perform static analysis of executable code.
The following assumptions are made:
system/
and system-priv/
are accessible
(either by downloading from live device or from build output)The following security configuration is tested:
android.uid.system
android.uid.system
/system/app
and /system/priv-app
download-apks.py
helper script:
$ ./download-apks.py apks/
check-system-apps.py
script against the APK directory from 1.
--show-apk-details
flag to show permissions and components declared in each APK.
./check-system-apps.py apks/ com.example.package