Convert Figma logo to code with AI

linkedin logoqark

Tool to look for several security related Android application vulnerabilities

3,192
643
3,192
78

Top Related Projects

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

Quick Overview

QARK (Quick Android Review Kit) is an open-source tool designed to detect security vulnerabilities in Android applications. It performs static code analysis on Android source code and compiled APKs, identifying potential security issues and providing detailed reports to help developers improve their app's security.

Pros

  • Comprehensive security analysis for Android apps
  • Supports both source code and compiled APK analysis
  • Provides detailed reports with explanations and remediation suggestions
  • Integrates well with CI/CD pipelines for automated security checks

Cons

  • May produce false positives, requiring manual verification
  • Limited updates and maintenance in recent years
  • Can be resource-intensive for large projects
  • Requires some setup and configuration for optimal use

Getting Started

To get started with QARK, follow these steps:

  1. Install QARK using pip:

    pip install qark
    
  2. Run QARK on an Android project:

    qark --apk path/to/your/app.apk
    

    Or for source code analysis:

    qark --java path/to/your/project/src
    
  3. Review the generated report in the output directory for identified vulnerabilities and recommendations.

For more advanced usage and configuration options, refer to the QARK documentation on GitHub.

Competitor Comparisons

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Pros of owasp-mastg

  • Comprehensive mobile app security testing guide covering both Android and iOS
  • Regularly updated with community contributions and industry best practices
  • Includes detailed explanations and practical examples for various security testing scenarios

Cons of owasp-mastg

  • Primarily a documentation project, not a standalone tool like qark
  • Requires more manual effort to implement security testing based on the guidelines
  • May have a steeper learning curve for beginners due to its extensive content

Code Comparison

While a direct code comparison is not relevant due to the different nature of these projects, here's an example of how they approach security issues:

owasp-mastg (describing a security best practice):

### Verifying Root Certificate
To ensure secure communication, always verify the root certificate:

1. Obtain the server's certificate chain
2. Extract the root certificate
3. Compare it with a trusted root certificate authority

qark (automated code analysis):

def check_root_detection(self):
    root_detection_methods = [
        "getRuntime().exec('su')",
        "RootTools.isRootAvailable()",
        "RootManager.isDeviceRooted()"
    ]
    for method in root_detection_methods:
        self.find_method(method)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Pros of Mobile-Security-Framework-MobSF

  • Comprehensive analysis for both Android and iOS applications
  • User-friendly web interface for easy interaction and result visualization
  • Supports dynamic analysis in addition to static analysis

Cons of Mobile-Security-Framework-MobSF

  • Requires more system resources due to its extensive features
  • Setup process can be more complex, especially for beginners
  • May have a steeper learning curve for users new to mobile security testing

Code Comparison

MobSF example (Python):

def scan_file(app_path):
    scan_results = StaticAnalyzer.scan(app_path)
    return scan_results

QARK example (Python):

def scan_app(app_path):
    scanner = Scanner(app_path)
    issues = scanner.scan()
    return issues

Both tools use similar approaches for scanning mobile applications, but MobSF offers a more comprehensive analysis with its web interface and additional features. QARK, being more focused on Android, provides a simpler and more lightweight solution for quick vulnerability assessments. The choice between the two depends on the specific requirements of the project, such as the need for iOS analysis, dynamic testing, or a more user-friendly interface.

AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.

Pros of AndroBugs Framework

  • More comprehensive analysis of Android-specific vulnerabilities
  • Faster scanning speed for large-scale applications
  • Better support for custom rules and plugins

Cons of AndroBugs Framework

  • Less frequent updates and maintenance
  • Limited documentation and community support
  • Steeper learning curve for beginners

Code Comparison

AndroBugs Framework:

def get_signature_name(self):
    return self.signature_name

def get_severity(self):
    return self.severity

def get_description(self):
    return self.description

QARK:

def __init__(self, category, name, description, severity, file_object):
    self.category = category
    self.name = name
    self.description = description
    self.severity = severity
    self.file_object = file_object

Both frameworks use similar approaches for defining vulnerability objects, but AndroBugs Framework focuses on signature-based detection, while QARK uses a more general approach with categories and file objects. AndroBugs Framework's code is more concise, reflecting its specialized focus on Android vulnerabilities. QARK's implementation allows for broader application across different types of security issues.

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

Pros of android-vts

  • More focused on specific Android vulnerabilities and exploits
  • Includes a user-friendly mobile app interface for running tests
  • Regularly updated with new vulnerability checks

Cons of android-vts

  • Limited to Android platform-specific issues
  • Less comprehensive in terms of overall application security analysis
  • Requires more technical knowledge to interpret results

Code Comparison

QARK (Java):

public static void getDB(Context context) {
    String dbName = context.getDatabasePath(DATABASE_NAME).getAbsolutePath();
    File dbFile = new File(dbName);
    if (dbFile.exists()) {
        // Database file exists
    }
}

android-vts (Java):

public void testForVulnerability() {
    VulnerabilityTest test = new VulnerabilityTest();
    test.setName("CVE-2014-7911");
    test.setVulnerabilityType(VulnerabilityType.SYSTEM);
    test.setDescription("Android < 5.0 Integer Overflow");
    test.execute();
}

Both repositories focus on Android security, but QARK provides a broader static analysis tool for identifying security issues in Android applications, while android-vts concentrates on testing specific Android vulnerabilities and exploits. QARK offers more comprehensive code analysis, whereas android-vts excels in identifying known platform-level vulnerabilities through its mobile app interface.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Quick Android Review Kit

This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds. There is no need to root the test device, as this tool focuses on vulnerabilities that can be exploited under otherwise secure conditions.

Requirements

Tested on Python 2.7.13 and 3.6 Tested on OSX, Linux, and Windows

Usage

For more options please see the --help command.

APK::

~ qark --apk path/to/my.apk

Java source code files::

~ qark --java path/to/parent/java/folder ~ qark --java path/to/specific/java/file.java

Results

A report is generated in JSON and can be built into other format types, to change the report type please use the --report-type flag.

Installation

With pip (no security checks on requirements)::

~ pip install --user qark # --user is only needed if not using a virtualenv ~ qark --help

With requirements.txt (security checks on requirements)::

~ git clone https://github.com/linkedin/qark ~ cd qark ~ pip install -r requirements.txt ~ pip install . --user # --user is only needed if not using a virtualenv ~ qark --help

Exploit APK

QARK can generate a basic exploit APK for a few of the vulnerabilities that have been found.

To generate the exploit APK there are a few steps to follow. You need to have the Android SDK v21 and build-tools v21.1.2

  1. Install the android SDK, you can get it under the 'command line tools': https://developer.android.com/studio/#downloads
  2. Unzip the android SDK
  3. Go into the new directory and generate the licenses with bin/sdkmanager --licenses
  4. Make sure the generated licenses are in the android SDK directory.
  5. Install the SDK and the proper build-tools version: bin/sdkmanager --install "platforms;android-21" "sources;android-21" "build-tools;21.1.2"

Checks

QARK is an easy to use tool capable of finding common security vulnerabilities in Android applications. Unlike commercial products, it is 100% free to use. QARK features educational information allowing security reviewers to locate precise, in-depth explanations of the vulnerabilities. QARK automates the use of multiple decompilers, leveraging their combined outputs, to produce superior results, when decompiling APKs. Finally, the major advantage QARK has over traditional tools, that just point you to possible vulnerabilities, is that it can produce ADB commands, or even fully functional APKs, that turn hypothetical vulnerabilities into working "POC" exploits.

Included in the types of security vulnerabilities this tool attempts to find are:

  • Inadvertently exported components
  • Improperly protected exported components
  • Intents which are vulnerable to interception or eavesdropping
  • Improper x.509 certificate validation
  • Creation of world-readable or world-writeable files
  • Activities which may leak data
  • The use of Sticky Intents
  • Insecurely created Pending Intents
  • Sending of insecure Broadcast Intents
  • Private keys embedded in the source
  • Weak or improper cryptography use
  • Potentially exploitable WebView configurations
  • Exported Preference Activities
  • Tapjacking
  • Apps which enable backups
  • Apps which are debuggable
  • Apps supporting outdated API versions, with known vulnerabilities

Notice

Note: QARK decompiles Android applications back to raw source code. Please do not use this tool if this may be considered illegal in your juristdiction. If you are unsure, seek legal counsel.

If you run into issues on OSX, especially relating to the outbound call to the Play Store, or the downloading of the SDK, it is likely due to your Python/OpenSSL configuration and the fact that recent changes in OSX impacted Python installed via brew. Nuking your Python installation(s) and re-installing from source may fix your issues.

License

Copyright 2015 LinkedIn Corp. All rights reserved.

Copyright 2015 LinkedIn Corp. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
 You may obtain a copy of the License here <http://www.apache.org/licenses/LICENSE-2.0/>_. Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.