-
Notifications
You must be signed in to change notification settings - Fork 5
/
service_manifest.yml
executable file
·162 lines (136 loc) · 4.67 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
name: APKaye
version: $SERVICE_TAG
description: >-
This service analyzes Android APKs. APKs are decompiled and inspected.
Network indicators and information found in the APK manifest file is displayed.
accepts: android/apk|android/dex
rejects: empty|metadata/.*
stage: CORE
category: Static Analysis
file_required: true
timeout: 60
disable_cache: false
enabled: true
is_external: false
licence_count: 0
privileged: true
submission_params:
- default: false
name: resubmit_apk_as_jar
type: bool
value: false
heuristics:
- heur_id: 1
name: Embedded shell scripts
score: 100
filetype: android/apk
description: >-
One or more shell scripts found inside the APK. Normal Android app should not have to use shell script to
accomplish what they need to do.
- heur_id: 2
name: Embedded executable
score: 100
filetype: android/apk
description: >-
An ELF file was found inside the APK which means that this APK will try to run native code on the Android platform.
- heur_id: 3
name: Network indicator found
score: 0
filetype: android/apk
description: >-
A network indicator was found inside the APK. That does not mean the APK is bad but this APK will most likely
try to reach that network indicator.
- heur_id: 4
name: Dangerous permission used
score: 100
filetype: android/apk
description: This APK uses permissions that are deemed dangerous.
- heur_id: 5
name: Unknown permission used
score: 10
filetype: android/apk
description: This APK uses permissions unknown permissions.
- heur_id: 6
name: No strings in APK
score: 100
filetype: android/apk
description: There are absolutely no strings provided in this APK. This is highly unlikely for a normal APK.
- heur_id: 7
name: Low volume of strings in APK
score: 100
filetype: android/apk
description: There are less that 50 strings in this APK which is unlikely for any APKs.
- heur_id: 8
name: Built for single language
score: 100
filetype: android/apk
description: This APK was build for a single language. In our days, this is unlikely.
- heur_id: 9
name: Unsigned APK
score: 100
filetype: android/apk
description: This APK is not signed. Signing an APK is required to publish on Google Play.
- heur_id: 10
name: Self-signed certificate
score: 1
filetype: android/apk
description: This APK is self-signed.
- heur_id: 11
name: No country in certificate owner
score: 100
filetype: android/apk
description: This APK's certificate has no country in the owner field.
- heur_id: 12
name: Certificate valid before first android release
score: 500
filetype: android/apk
description: This APK's certificate is valid before the release date of the first android release (API v1 - 09/2008).
- heur_id: 13
name: Certificate valid for more than 30 years
score: 100
filetype: android/apk
description: APK's certificate is valid for more than 30 years. This is highly unlikely.
- heur_id: 14
name: Invalid country code in certificate owner
score: 10
filetype: android/apk
description: APK's certificate has an invalid country code.
- heur_id: 15
name: Certificate not using conventional name
score: 100
filetype: android/apk
description: >-
APK's certificate is not named CERT.RSA. Android Studio, when building and APK, will name the certificate CERT.RSA.
- heur_id: 16
name: Certificate expires before validity date starts
score: 500
filetype: android/apk
description: APK's certificate is expiring before the certificate validity date.
- heur_id: 17
name: Package version is unlikely
score: 100
filetype: android/apk
description: The package version is either suspiciously low or suspiciously high.
- heur_id: 18
name: Duplicate permission definition
score: 100
filetype: android/apk
description: Some permissions are defined more than once in the manifest file.
- heur_id: 19
name: Embedded APKs
score: 100
filetype: android/apk
description: >-
One or more APK is present inside the APK. Normal Android app should not have to embedded other APKs to
accomplish what they need to do.
- heur_id: 20
name: Certificate not valid until minimum valid Google Play Store date
score: 500
filetype: android/apk
description: >-
The certificate is not valid until the minimum Google Play Store valid date. This means that this APK could not
even be deployed on the Google Play Store.
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-apkaye:$SERVICE_TAG
cpu_cores: 1.0
ram_mb: 2048