Menu
Recently, i have been trying to understand how some apps manage to change android browser settings by code like the homepage. This is how "far" i have come. It is not support by the android api and normal code. You have to use native code. I analysed a advertising sdk which was the way most of the apps managed to change the settings. My first thoughts were that it may did some kind of root exploiting to get full access to shared preferences where the settings are stored.
I did som research and analysing on the sdk and found similarities beetwen the sdk and a malware called Plankton. Both the malware and the SDK collects device info and sends a request to a C&C server and downloads a jar file with native code. It "exploits Dalvik class loading capability to stay stealthy" instead of using root exploits. It supports some commands like setting homepage, shortcuts, and bookmarks and collecting browser history.
I have tried to manually download the jar from the server by using the url and adding the post data to it from the sdk but i didnt get it to work. Maybe i have messed with the post data. How can it change the settings without having root access and instead using dalivk exploit? Any thoughts would be appreciated.
Link for SDK
213
Let us now see the various methods in shared preferences in android: contains ( String key): It checks if the preference contains a preference or not. edit (): It creates a new Editor for preferences, to enable modifications to the data and commit changes back to the SharedPreferences atomically.
This module exploits a privilege escalation issue in Android < 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. ... This module suggests local meterpreter exploits that can be used.
Its use is to access application-level preferences. getDefaultSharedPreference (): It is used on the PreferenceManager, to get the shared preferences that goes with the overall Android preference framework. Before getting started with it, let us first understand its meaning in a better way. So it comes with two words, Shared and Preferences.
In android, string, integer, long, number etc. are considered as primitive data type. Android Shared preferences are used to store data in key and value pair so that we can retrieve the value on the basis of key. It is widely used to get information from user such as in settings. Let's see a simple example of android shared preference.
Not really on topic, but 'collecting browser history' is a supported function of the stock browser. There is a permission needed as can be seen on: http://developer.android.com/reference/android/Manifest.permission.html#READ_HISTORY_BOOKMARKS
public static final String READ_HISTORY_BOOKMARKS Added in API level 4 Allows an application to read (but not write) the user's browsing history and bookmarks. Constant Value: "com.android.browser.permission.READ_HISTORY_BOOKMARKS"
Hope this helps a bit
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
