MASTG-DEMO-0033: Dangerous Permissions in the AndroidManifest with semgrep
Download MASTG-DEMO-0033 APK
Open MASTG-DEMO-0033 Folder
Build MASTG-DEMO-0033 APK
Sample
The following is a sample AndroidManifest file that declares 4 dangerous permissions.
Steps
Let's run our semgrep rule against the sample manifest file.
| ../../../../rules/mastg-android-dangerous-app-permissions.yaml |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64 | rules:
- id: detect-dangerous-android-permissions
languages:
- xml
message: "Dangerous Android permission found:"
severity: WARNING
pattern-either:
- pattern: <uses-permission android:name="android.permission.READ_CONTACTS"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
- pattern: <uses-permission android:name="android.permission.READ_CALENDAR"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CALENDAR"/>
- pattern: <uses-permission android:name="android.permission.SEND_SMS"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_SMS"/>
- pattern: <uses-permission android:name="android.permission.READ_SMS"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_WAP_PUSH"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_MMS"/>
- pattern: <uses-permission
android:name="android.permission.READ_CELL_BROADCASTS"/>
- pattern: <uses-permission
android:name="android.permission.READ_EXTERNAL_STORAGE"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_AUDIO"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_VIDEO"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_IMAGES"/>
- pattern: <uses-permission
android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED"/>
- pattern: <uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_MEDIA_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_FINE_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_COARSE_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_BACKGROUND_LOCATION"/>
- pattern: <uses-permission android:name="android.permission.READ_CALL_LOG"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
- pattern: <uses-permission
android:name="android.permission.PROCESS_OUTGOING_CALLS"/>
- pattern: <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
- pattern: <uses-permission android:name="android.permission.READ_PHONE_NUMBERS"/>
- pattern: <uses-permission android:name="android.permission.CALL_PHONE"/>
- pattern: <uses-permission
android:name="com.android.voicemail.permission.ADD_VOICEMAIL"/>
- pattern: <uses-permission android:name="android.permission.USE_SIP"/>
- pattern: <uses-permission android:name="android.permission.ANSWER_PHONE_CALLS"/>
- pattern: <uses-permission android:name="android.permission.ACCEPT_HANDOVER"/>
- pattern: <uses-permission android:name="android.permission.RECORD_AUDIO"/>
- pattern: <uses-permission
android:name="android.permission.ACTIVITY_RECOGNITION"/>
- pattern: <uses-permission android:name="android.permission.CAMERA"/>
- pattern: <uses-permission android:name="android.permission.BODY_SENSORS"/>
- pattern: <uses-permission
android:name="android.permission.BODY_SENSORS_BACKGROUND"/>
- pattern: <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>
- pattern: <uses-permission android:name="android.permission.BLUETOOTH_SCAN"/>
- pattern: <uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/>
- pattern: <uses-permission
android:name="android.permission.BLUETOOTH_ADVERTISE"/>
- pattern: <uses-permission android:name="android.permission.UWB_RANGING"/>
- pattern: <uses-permission
android:name="android.permission.NEARBY_WIFI_DEVICES"/>
- pattern: <uses-permission android:name="android.permission.RANGING"/>
- pattern: <uses-permission android:name="android.permission.GET_ACCOUNTS"/>
|
| run.sh |
|---|
| NO_COLOR=true semgrep -c ../../../../rules/mastg-android-dangerous-app-permissions.yaml ./AndroidManifest_reversed.xml > output.txt
|
Observation
The rule has identified four instances in the AndroidManifest file where the app declares dangerous permissions.
| output.txt |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | ┌─────────────────┐
│ 4 Code Findings │
└─────────────────┘
AndroidManifest_reversed.xml
❯❱ rules.detect-dangerous-android-permissions
Dangerous Android permission found:
3┆ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
⋮┆----------------------------------------
4┆ <uses-permission android:name="android.permission.READ_CONTACTS"/>
⋮┆----------------------------------------
5┆ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
⋮┆----------------------------------------
6┆ <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
|
Evaluation
The test fails because the app declares the following dangerous permissions:
WRITE_EXTERNAL_STORAGEREAD_CONTACTSREAD_EXTERNAL_STORAGEACCESS_FINE_LOCATION