You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want to get all the Android SDK APIs invoked by an Android app. I have the following sample code.
#!/usr/bin/python3
from sys import argv
from androguard.core.bytecodes import dvm
from androguard.core.analysis import analysis
from androguard.misc import AnalyzeAPK, AnalyzeDex
a, d, dx = AnalyzeAPK(argv[1])
print(a.get_package())
pkg = a.get_package()
pkg = pkg.replace(".", "/")
print(pkg)
# Get method in external classes
for cl in list(dx.get_external_classes()):
for mt in cl.get_methods():
# Need to check whether calls are from dev defined class/methods
for cls, call, _ in mt.get_xref_from():
# Check 1:
# if not cls.is_android_api() and not cls.is_external():
# if not cls.is_external():
if pkg in str(cls.name):
print(str(mt.full_name))
print('--> called from ' + str(cls.name))
For Check 1, I tried three options. When using cls.is_android_api() or cls.is_external(), in the output I will see API calls not directly made by my app. For example I will see the following in the output:
Ljava/lang/Object; <init> ()V
--> called from Landroidx/core/view/ViewGroupCompat;
I want to ignore API calls made by AOSP code / libraries and focus on only the calls directly made by the app in Java code. For now I decided to use an approach which checks the package name for caller.
I have the following questions:
(1) Are there any API calls which I will miss if I use the package name check as discussed above ?
(2) The Androguard documentation has the following note.
(2-a) Does the call AnalyzeAPK() ensure all DEX files are loaded ?
(2-b) Classes not defined because they are dynamically loaded later: is there a way to identify this via any API call ?
The text was updated successfully, but these errors were encountered:
I want to get all the Android SDK APIs invoked by an Android app. I have the following sample code.
For Check 1, I tried three options. When using
cls.is_android_api()
orcls.is_external()
, in the output I will see API calls not directly made by my app. For example I will see the following in the output:I want to ignore API calls made by AOSP code / libraries and focus on only the calls directly made by the app in Java code. For now I decided to use an approach which checks the package name for caller.
I have the following questions:
(1) Are there any API calls which I will miss if I use the package name check as discussed above ?
(2) The Androguard documentation has the following note.
(2-a) Does the call
AnalyzeAPK()
ensure all DEX files are loaded ?(2-b) Classes not defined because they are dynamically loaded later: is there a way to identify this via any API call ?
The text was updated successfully, but these errors were encountered: