MASTG-DEMO-0033: Dangerous Permissions in the AndroidManifest with semgrep
Content in BETA
This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).
Send Feedback
Download MASTG-DEMO-0033 APK
Open MASTG-DEMO-0033 Folder
Build MASTG-DEMO-0033 APK
Sample
The following is a sample AndroidManifest file that declares 4 dangerous permissions.
Steps
Let's run our semgrep rule against the sample manifest file.
| ../../../../rules/mastg-android-dangerous-app-permissions.yaml |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64 | rules:
- id: detect-dangerous-android-permissions
languages:
- xml
message: "Dangerous Android permission found:"
severity: WARNING
pattern-either:
- pattern: <uses-permission android:name="android.permission.READ_CONTACTS"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CONTACTS"/>
- pattern: <uses-permission android:name="android.permission.READ_CALENDAR"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CALENDAR"/>
- pattern: <uses-permission android:name="android.permission.SEND_SMS"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_SMS"/>
- pattern: <uses-permission android:name="android.permission.READ_SMS"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_WAP_PUSH"/>
- pattern: <uses-permission android:name="android.permission.RECEIVE_MMS"/>
- pattern: <uses-permission
android:name="android.permission.READ_CELL_BROADCASTS"/>
- pattern: <uses-permission
android:name="android.permission.READ_EXTERNAL_STORAGE"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_AUDIO"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_VIDEO"/>
- pattern: <uses-permission android:name="android.permission.READ_MEDIA_IMAGES"/>
- pattern: <uses-permission
android:name="android.permission.READ_MEDIA_VISUAL_USER_SELECTED"/>
- pattern: <uses-permission
android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_MEDIA_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_FINE_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_COARSE_LOCATION"/>
- pattern: <uses-permission
android:name="android.permission.ACCESS_BACKGROUND_LOCATION"/>
- pattern: <uses-permission android:name="android.permission.READ_CALL_LOG"/>
- pattern: <uses-permission android:name="android.permission.WRITE_CALL_LOG"/>
- pattern: <uses-permission
android:name="android.permission.PROCESS_OUTGOING_CALLS"/>
- pattern: <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
- pattern: <uses-permission android:name="android.permission.READ_PHONE_NUMBERS"/>
- pattern: <uses-permission android:name="android.permission.CALL_PHONE"/>
- pattern: <uses-permission
android:name="com.android.voicemail.permission.ADD_VOICEMAIL"/>
- pattern: <uses-permission android:name="android.permission.USE_SIP"/>
- pattern: <uses-permission android:name="android.permission.ANSWER_PHONE_CALLS"/>
- pattern: <uses-permission android:name="android.permission.ACCEPT_HANDOVER"/>
- pattern: <uses-permission android:name="android.permission.RECORD_AUDIO"/>
- pattern: <uses-permission
android:name="android.permission.ACTIVITY_RECOGNITION"/>
- pattern: <uses-permission android:name="android.permission.CAMERA"/>
- pattern: <uses-permission android:name="android.permission.BODY_SENSORS"/>
- pattern: <uses-permission
android:name="android.permission.BODY_SENSORS_BACKGROUND"/>
- pattern: <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>
- pattern: <uses-permission android:name="android.permission.BLUETOOTH_SCAN"/>
- pattern: <uses-permission android:name="android.permission.BLUETOOTH_CONNECT"/>
- pattern: <uses-permission
android:name="android.permission.BLUETOOTH_ADVERTISE"/>
- pattern: <uses-permission android:name="android.permission.UWB_RANGING"/>
- pattern: <uses-permission
android:name="android.permission.NEARBY_WIFI_DEVICES"/>
- pattern: <uses-permission android:name="android.permission.RANGING"/>
- pattern: <uses-permission android:name="android.permission.GET_ACCOUNTS"/>
|
| run.sh |
|---|
| NO_COLOR=true semgrep -c ../../../../rules/mastg-android-dangerous-app-permissions.yaml ./AndroidManifest_reversed.xml > output.txt
|
Observation
The rule has identified four instances in the AndroidManifest file where the app declares dangerous permissions.
| output.txt |
|---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15 | ┌─────────────────┐
│ 4 Code Findings │
└─────────────────┘
AndroidManifest_reversed.xml
❯❱ rules.detect-dangerous-android-permissions
Dangerous Android permission found:
3┆ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
⋮┆----------------------------------------
4┆ <uses-permission android:name="android.permission.READ_CONTACTS"/>
⋮┆----------------------------------------
5┆ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
⋮┆----------------------------------------
6┆ <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
|
Evaluation
The test fails because the app declares the following dangerous permissions:
WRITE_EXTERNAL_STORAGEREAD_CONTACTSREAD_EXTERNAL_STORAGEACCESS_FINE_LOCATION