https://github.com/su-vikas/conbeerlib
Android library for detecting Android virtual containers.
https://github.com/su-vikas/conbeerlib
android
Last synced: 12 months ago
JSON representation
Android library for detecting Android virtual containers.
- Host: GitHub
- URL: https://github.com/su-vikas/conbeerlib
- Owner: su-vikas
- License: mit
- Created: 2020-07-05T08:29:58.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-12-12T16:48:15.000Z (over 5 years ago)
- Last Synced: 2025-04-10T20:56:46.001Z (about 1 year ago)
- Topics: android
- Language: Java
- Homepage:
- Size: 5.81 MB
- Stars: 68
- Watchers: 7
- Forks: 18
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# conbeerlib
*conbeerlib* is an Android library for detecting if an app is running inside a **virtual container**.
This is based on the work done by me and [Gautam](https://github.com/darvincisec), presented at [Android Security Symposium 2020](https://android.ins.jku.at/symposium/program/) - [slides](android_virtual_containers_slides.pdf).
This repo contains *conbeerlib* and a wrapper application, *conware*, which we used for our research.
# Checks
Currently following checks are implemented:
1. Permissions in Manifest - There can be a mismatch between the permissions granted and originally requested by an application.
2. Process Memory - Check */proc/self/maps* for presence of artifacts not belonging to the app's expected filepath.
3. Storage Dir - The assigned storage path for an app inside virtual container is different, as compared to when installed directly on Android device.
4. Environment Variables - Virtual containers set various environment variables.
5. Running App Services - There can be other services running than what started by an application.
6. App Components - Enable app components dynamically may not always work in virtual containers.
# Usage
```Java
ConBeer cb = new ConBeer(context, appServiceNames);
if (cb.isContainer()) {
// container is present
}else{
// container not present
}
```
Add following code in `onResume()` method of your application. This code is responsible for dynamically enabling a dummy app component, which is used for testing presence of virtual containers. The component is defined in *conbeerlib's* manifest file.
```Java
ComponentName componentName = new ComponentName(this.getApplicationContext(), FakeBroadcastReceiver.class);
this.getPackageManager().setComponentEnabledSetting(componentName,
PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
PackageManager.DONT_KILL_APP);
```
# Limitations
This library is tested only with a limited number of virtual containers and may not be able to detect all them currently. Also, given the madness of Android device diversity, there is a good chance of false positives.
Please feel free to open an issue when you encounter such problems.
# References
1. [ANTI-PLUGIN: DON’T LET YOUR APP PLAY AS AN ANDROID PLUGIN](https://www.blackhat.com/docs/asia-17/materials/asia-17-Luo-Anti-Plugin-Don't-Let-Your-App-Play-As-An-Android-Plugin-wp.pdf)
2. [Android Plugin Becomes a Catastrophe to Android Ecosystem](https://dl.acm.org/doi/10.1145/3203422.3203425)
3. [Parallel Space Traveling: A Security Analysis of App-LevelVirtualization in Android](https://dl.acm.org/doi/pdf/10.1145/3381991.3395608)
# License
This project is released under the MIT License.