Application data is empty/unknown
kaushalyap opened this issue · 5 comments
Bug description
Application data is empty/unknown, but vulnerabilities are shown.
What I did?
Ran super-analyzer -v app-debug.apk
Expected behavior
Application details to correctly displayed.
Setup (please complete the following information):
- OS:
Linux Mint 19.2 Tina - SUPER Version:
0.5.1
Additional context
About App: Multi-module, Kotlin project.
So following warnings
- did not contain valid UTF-8 for XML files
ex:
WARN: could not analyze `dist/app-debug/res/layout-watch-v20/abc_alert_dialog_button_bar_material.xml`. The analysis will continue, though. Error: stream did not contain valid UTF-8
- application id mismatch
WARN: Seems that the package in the AndroidManifest.xml is not the same as the application ID provided. Provided application id: app-debug, manifest package:
This does not mean that something went wrong, but it's supposed to have the application in the format {package}.apk in the downloads folder and use the package as the application ID for this auditor.
The manifest was analyzed correctly!
checked the decompiled manifest, it's a mismatch with my actual application id. It seems when decompiling they have added one of libray class name to the end of my package name.
ex: decompiled AndroidManifest.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<provider xmlns:android="http://schemas.android.com/apk/res/android" android:enabled="true" android:authorities="<actual application id>.materialcalendarviewinitprovider" android:exported="false" android:name="<library package>.MaterialCalendarViewInitProvider" />
I looked in the apk through Android Studio APK analyser, there the application Id is correct.
So it seems that not decompiling AndroidManifest.xml correctly, application data becomes empty/unknown.
Hi,
Thank you for your report. We will look into this, since it should be working fine. Do you have an example .apk file that you can provide us to review it? If it's confidential, you can send it to contact@superanalyzer.rocks.
@Razican Thanks for response. It seems that the two warnings that I mentioned are normal, since I saw them when ran to other APKs also. But in them I got correct application data except target sdk (Target SDK: None).
I thought this is something that have to do with I am setting android gradle properties using buildSrc values , but it is not the case since I tested super-analyzer on an another project that using buildSrc .
I will email you the apk.
Hopes you find the issue.!
Hi,
This issue has been fixed in the develop branch that will be released in about one or two weeks as the new 0.6.0 version.
You can try it building the develop branch yourself or waiting for that release. I will close this issue for now.
@Razican thank you very much. Any plans to develop something similar for iOS?