You’re developing an Android app and want to ensure its security. Or maybe you’re a security expert who wants to delve under the hood of Android apps to verify their claimed security. In either case, AMAnDe is the tool you need!
AMAnDe, which stands for Android Manifest Analyzer and Decoder, is a powerful tool that simplifies the extraction and analysis of information contained in the Android Manifest. It enables you to analyze pertinent data, such as deep link URIs, and is compatible with different Android versions. Plus, it’s easy to install and use, requiring only Python 3 and a few settings, such as Android SDK min/max versions.
Now, let’s discuss the various features of this tool. First, AMAnDe checks the permissions required by your application, along with the libraries used. It also reviews hardware and software features, network security configurations, and exported and non-exported components. You never know what you’ll discover when you dig a little deeper!
Furthermore, AMAnDe examines your application’s backup functionality, as well as potential vulnerabilities.
Now that you’re convinced of the value of AMAnDe, here’s how to install and use it. As mentioned earlier, you’ll need Python 3 to run this tool.
To install it, acquire the sources, navigate to the AMAnDe folder, and install the dependencies as follows:
python3 -m pip install -r requirements.txtOnce installed, you can start scanning Android apps.
To do this, run AMAnDe as shown in the examples below, specifying the min and max Android versions:
./main.py -min 10 examples/AmazeFileManager_AndroidManifest.xml
./main.py -min 15 -target 20 -max 30 examples/AmazeFileManager_AndroidManifest.xml -v 2
./main.py -min 28 -target 30 examples/Signal_AndroidManifest.xml --json output.json
./main.py -min 20 -max 33 --adb com.example.package
./main.py -min 21 -max 31 example.apk AMAnDe will then furnish you with all the valuable information needed to assess the security of your application.
In summary, AMAnDe is a must-have tool for any security-conscious Android developer or security expert seeking a deeper comprehension of Android applications. To learn more, explore their GitHub repository.
