{"id":13473400,"url":"https://github.com/nelenkov/android-device-check","last_synced_at":"2025-04-10T04:32:00.143Z","repository":{"id":65651935,"uuid":"151703219","full_name":"nelenkov/android-device-check","owner":"nelenkov","description":"Check Android device security settings","archived":false,"fork":false,"pushed_at":"2019-10-25T10:18:40.000Z","size":19,"stargazers_count":85,"open_issues_count":3,"forks_count":13,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-03-24T16:11:08.212Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nelenkov.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-05T10:11:45.000Z","updated_at":"2025-02-10T05:15:50.000Z","dependencies_parsed_at":"2023-02-02T14:35:14.856Z","dependency_job_id":null,"html_url":"https://github.com/nelenkov/android-device-check","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nelenkov%2Fandroid-device-check","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nelenkov%2Fandroid-device-check/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nelenkov%2Fandroid-device-check/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nelenkov%2Fandroid-device-check/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nelenkov","download_url":"https://codeload.github.com/nelenkov/android-device-check/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248157503,"owners_count":21057024,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T16:01:03.316Z","updated_at":"2025-04-10T04:31:59.859Z","avatar_url":"https://github.com/nelenkov.png","language":"Python","readme":"# Android device check\n\nA set of scripts to check Android device security configuration.\n\n##  Device runtime configuration check \n\nThe ```check-device-props.py``` script checks security configuration based on system properties \nand some basic system commands.\n\n### Requirements\n\nRequires ADB connection. \nSet ```ANDROID_SERIAL``` and/or ```ADB_VENDOR_KEYS``` if more than one device is connected to host, \nor if ADB authentication is required.\n\n### Major checks:\n\n* build type (userdebug, user, eng)\n* signing keys\n* SELinux availability and mode\n* debugging-related properties\n* Bluetooth configuration\n* USB/ADB configuration\n* 3G/telephony availability\n* enabled network interfaces\n* listening TCP services\n* ADB authentication\n* SUID binaries\n* AIDL services\n* disk encryption (FDE/FBE) availability\n* dm-verity availability and mode\n\n### Usage\n\n1. Connect to target device via ADB and run the script:\n\n```bash\n./check-device-props.py\n```\n\n2. Report is output to stdout, redirect as needed. `WARN` messages mark potential configuration issues.\n\n## System APK check\n\n### Overview\n\nA simple script to check security configuration of system APKs for \nAndroid-based devices. Mainly targeted towards IoT-style devices, \nprobably not that useful for phones/tablets. Not meant to be a \nreplacement for CTS or other extensive test suites.\n\nChecks are focused on permissions, code signing and component configuration. \nThis script does not attempt to perform static analysis of executable code.\n\n### Assumptions\n\nThe following assumptions are made:\n\n* device software is based on AOSP\n* device vendor components/apps all live under the same top-level package\n* system APKs from `system/` and `system-priv/` are accessible \n (either by downloading from live device or from build output)\n \n### Major security checks\n \nThe following security configuration is tested:\n\n* usage of shared user ID, esp. `android.uid.system`\n* whether 3rd-party (non-AOSP, not under top-level package) are running as `android.uid.system`\n* debuggable applications\n* whether custom (not defined in AOSP) permissions are signature-protected\n* whether protected broadcasts are used\n* whether APKs are signed with widely-known keys/certificates ('testkeys')\n* optionally prints all permissions and components declared in the APK (detailed mode)\n\n### Requirements\n\n* Androguard \u003e= 3.2.1\n* Python 2.7.x (for now)\n\n### Usage\n\n1. Obtain system APKs to test, usually all APKs under `/system/app` and `/system/priv-app`\n * if you can connect to a live device via ADB, you can use the `download-apks.py` helper script:\n ```bash\n  $ ./download-apks.py apks/\n ```\n2. Run the `check-system-apps.py` script against the APK directory from 1. \n * (optional) specify the `--show-apk-details` flag to show permissions and components declared in each APK.\n```bash\n   ./check-system-apps.py apks/ com.example.package\n```\n3. Report is output to stdout, redirect as needed. ","funding_links":[],"categories":["Android","Mobile"],"sub_categories":["Misc.","Android"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnelenkov%2Fandroid-device-check","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnelenkov%2Fandroid-device-check","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnelenkov%2Fandroid-device-check/lists"}