基于Xposed的Android获取敏感信息方法检测。
下载页面:VirtualXposed
需要注意的是:VirtualXposed在0.18.2
版本之后只支持64位的App。
如果你的App目前还是32位的,只能使用32位 VirtualXposed_0.18.2.apk
下载后安装到手机待用。
可以直接参考本库代码XposedHook.java,修改后编译运行即可。
也可以参照下面的方法自己新建项目后,自定义。
compileOnly 'de.robv.android.xposed:api:82'
compileOnly 'de.robv.android.xposed:api:82:sources'
如下我们使用XposedHelpers.findAndHookMethod
检测获取MAC的方法:getMacAddress
&getHardwareAddress
,并输出日志。
public class XposedHook implements IXposedHookLoadPackage {
private static final String TAG = "HookLogin";
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) {
if (lpparam == null) {
return;
}
Log.e(TAG, "Load app packageName:" + lpparam.packageName);
XposedHelpers.findAndHookMethod(
android.net.wifi.WifiInfo.class.getName(),
lpparam.classLoader,
"getMacAddress",
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getMacAddress()获取了mac地址");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
java.net.NetworkInterface.class.getName(),
lpparam.classLoader,
"getHardwareAddress",
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getHardwareAddress()获取了mac地址");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
}
private String getMethodStack() {
StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace();
StringBuilder stringBuilder = new StringBuilder();
for (StackTraceElement temp : stackTraceElements) {
stringBuilder.append(temp.toString() + "\n");
}
return stringBuilder.toString();
}
}
在main下新建assets
资源文件,并新建名为xposed_init
文件,在这个文件里面添加 Xposed模块的包名+类名
。
如:
com.demon.xposed_hook.XposedHook
在AndroidManifest.xml
中添加:
<meta-data
android:name="xposedmodule"
android:value="true" />
<!--模块说明,一般为模块的功能描述-->
<meta-data
android:name="xposeddescription"
android:value="这个模块是用来检测用户隐私合规的,在用户未授权同意前,调用接口获取信息属于违规" />
<!--模块兼容版本-->
<meta-data
android:name="xposedminversion"
android:value="54" />
编译运行项目,安装到手机。
启动VirtualXposed--->点击菜单:
- 添加应用--->找到Xposed模块应用--->选中后安装
- 模块管理--->勾选--->重启VirtualXposed
启动VirtualXposed--->点击菜单-->添加应用--->找到你需要检测的App--->选中后安装
在VirtualXposed中先后启动:Xposed Installer--->Xposed自定义模块--->需要检测的App
已我们的App的日志为例,分析日志中App启动会获取MAC的第三方有:
04-26 15:54:07.828 I/Xposed (11539): com.tencent.bugly.crashreport.common.info.b.d(BUGLY:3)
04-26 15:54:07.828 I/Xposed (11539): com.tencent.bugly.crashreport.common.info.a.k(BUGLY:4)
04-26 15:54:07.828 I/Xposed (11539): com.tencent.bugly.proguard.a.a(BUGLY:179)
04-26 15:54:07.828 I/Xposed (11539): com.tencent.bugly.crashreport.biz.a.b(BUGLY:35)
04-26 15:54:07.828 I/Xposed (11539): com.tencent.bugly.crashreport.biz.a$a.run(BUGLY:6)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.ad.d(Unknown Source:12)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.ad.g(Unknown Source:238)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.ad.a(Unknown Source:11)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.at.a(Unknown Source:47)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.x.a(Unknown Source:3)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.thirdparty.y.a(Unknown Source:8)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.SpeechUtility.b(Unknown Source:40)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.SpeechUtility.<init>(Unknown Source:61)
04-26 16:14:43.378 I/Xposed (21437): com.iflytek.cloud.SpeechUtility.createUtility(Unknown Source:48)
04-26 16:14:43.038 I/Xposed (21437): com.umeng.message.common.UmengMessageDeviceConfig.getMac(UmengMessageDeviceConfig.java:11)
04-26 16:14:43.038 I/Xposed (21437): com.umeng.message.common.b.a(Header.java:19)
04-26 16:14:43.038 I/Xposed (21437): com.umeng.message.common.b.c(Header.java:8)
04-26 16:14:43.038 I/Xposed (21437): com.umeng.message.UTrack.updateHeader(UTrack.java:11)
04-26 16:14:43.038 I/Xposed (21437): com.umeng.message.MessageSharedPrefs$1.run(MessageSharedPrefs.java:1)
将这些第三方库都放到同意隐私权限后再初始化,再次按照上面的方法使用Xposed检测。
直到日志中App启动后已经没有任何地方调用获取敏感信息的方法即可。