Important note: Before you try this tutorial, please make sure that Python version 3 and the Yara library are installed on your operating system.Yara is a multi-platform tool that is used for pattern matching in malware analysis to identify and classify malware samples. With Yara you can create description and rules to be applied with. from this point of view Yara can be used not just for malware analysis but for vulnerability analysis in a mobile android application (APK file). In this content post, I'm going to focus on finding vulnerabilities inside one of the components in the AndroidManifest.xml file.What is AndroidManifest.xml:according to developer.android.com "Every application must have a AndroidManifest.xml
file (with precisely that name) in its root directory. The manifest file provides essential information about your app to the Android system, which the system must have before it can run any of the app's code." by this explanation we can ensure that the following XML file contains very vital information for running Android APK file and also because its vital and contain essential information a hacker can exploit the permission inside the XML file to get sensitive information inside the application.Standard security in AndroidManifest.xml:here is the list of component and security guideline for an android manifest file: (source: https://pentestlab.blog/category/mobile-pentesting/page/6)
- Debug Mode
- Backup Flag
- External Storage
- Permissions
- Application Components
- Intents
- Summary
- Activities
- Services
- Content Providers
- Broadcast Receivers
Note: The data that is going to be passed in the variable from matching yara rule will be in dictionary value.That's pretty easy right now. The one that I just showed was just the simple implementation that you can use for implementing Yara in python you can develop it even further and add more rule in Yara file.Thank you.