Inspeckage - Android Package Inspector

My favorite tool, Inspeckage is a tool developed to offer dynamic analysis of Android applications. By applying hooks to functions of the Android API, Inspeckage will help you understand what an Android application is doing at runtime. Inspeckage will let you interact with some elements of the app, such as activities and providers (even unexported ones), and apply some settings on Android.

Since dynamic analysis of Android applications (usually through hooks) is a core part of several mobile application security tests, the need of a tool that can help us do said tests is real. Even though there are other tools that promise to help you do that, I’ve run across some limitations when testing them:

• Lack of interaction with the user doing the tests;

• Only work in emulators;

• Plenty of time to update the tool after an Android update;

• Very poor output;

• Very costly setup.

Android Package Inspector Features

With Inspeckage, we can get a good amount of information about the application’s behavior:

Information gathering

• Requested Permissions;

• App Permissions;

• Shared Libraries;

• Exported and Non-exported Activities, Content Providers,Broadcast Receivers and Services;

• Check if the app is debuggable or not;

• Version, UID and GIDs;

• etc.

Hooks

With the hooks, we can see what the application is doing in real time:

• Shared Preferences (log and file);

• Serialization;

• Crypto;

• Hashes;

• SQLite;

• HTTP (an HTTP proxy tool is still the best alternative);

• File System;

• Miscellaneous (Clipboard, URL.Parse());

• WebView;

• IPC.