Android exploit dalvik classes: Preferences

Recently, i have been trying to understand how some apps manage to change android browser settings by code like the homepage. This is how “far” i have come. It is not support by the android api and normal code. You have to use native code. I analysed a advertising sdk which was the way most of the apps managed to change the settings. My first thoughts were that it may did some kind of root exploiting to get full access to shared preferences where the settings are stored.

I did som research and analysing on the sdk and found similarities beetwen the sdk and a malware called Plankton. Both the malware and the SDK collects device info and sends a request to a C&C server and downloads a jar file with native code. It “exploits Dalvik class loading capability to stay stealthy” instead of using root exploits. It supports some commands like setting homepage, shortcuts, and bookmarks and collecting browser history.

  • Android application loading screen
  • How to exclude certain messages by TAG name using Android adb logcat?
  • Android Volley access http response header fields
  • How can I check how much free space an SD card mounted on an Android device has?
  • Android: howto parse URL String with spaces to URI object?
  • Comparing two locations using their Longitude and Latitude
  • I have tried to manually download the jar from the server by using the url and adding the post data to it from the sdk but i didnt get it to work. Maybe i have messed with the post data. How can it change the settings without having root access and instead using dalivk exploit? Any thoughts would be appreciated.

    Link for
    SDK

    Related posts:

    Unable to resolve target 'android-16'
    what's design pattern principle in the Android development?
    Android TableLayout Width
    What work has been done on cross-platform mobile development?
    Difference between build.gradle(Project) and build.gradle(Module)
    onLocationChanged is not called automatically
  • play/pause button image in notification ,Android
  • Grant uri permission to uri in EXTRA_STREAM in intent
  • How to collect native stacktrace without a scary READ_LOGS permission up front?
  • Android Studio. Drawables folder and sizes?
  • Why are clicks in my ExpandableListView ignored?
  • Android architecture usage?
  • 2 Solutions collect form web for “Android exploit dalvik classes: Preferences”

    Not really on topic, but ‘collecting browser history’ is a supported function of the stock browser.
    There is a permission needed as can be seen on:
    http://developer.android.com/reference/android/Manifest.permission.html#READ_HISTORY_BOOKMARKS

    public static final String READ_HISTORY_BOOKMARKS Added in API level 4
    Allows an application to read (but not write) the user’s browsing
    history and bookmarks. Constant Value:
    “com.android.browser.permission.READ_HISTORY_BOOKMARKS”

    Hope this helps a bit

    1. Put your device on wifi
    2. set the system proxy to fiddler
    3. run the app that downloads the jar.
    4. Grab the jar from fiddler.
    5. Profit
    Android Babe is a Google Android Fan, All about Android Phones, Android Wear, Android Dev and Android Games Apps and so on.