quick android review kit (qark)
TRANSCRIPT
![Page 1: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/1.jpg)
Quick Android Review KIT
(QARK)
Android Security Testing Tool
![Page 2: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/2.jpg)
Hello!I am Chandan Kumar
This presentation is about an open source security tool for static code analysis.
You can find me @ [email protected]
![Page 3: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/3.jpg)
QUARK
WHAT IS IT??
![Page 4: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/4.jpg)
Quick Android Review KIT (QUARK)
“ QARK is a static code analysis tool, designed to recognize potential security vulnerabilities and points of concern for Java-based Android applications. QARK was designed to be community based,
available to everyone and free for use. ”
![Page 5: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/5.jpg)
What it Does? Included in the types of security vulnerabilities this tool attempts to find are:
Improperly protected exported components
Intents which are vulnerable to interception or eavesdropping
Improper x.509 certificate validation
Activities which may leak data
Insecurely created Pending Intents
Sending of insecure Broadcast Intents
Private keys embedded in the source
Weak or improper cryptography use
Potentially exploitable WebView configurations
Tapjacking
Apps supporting outdated API versions, with known vulnerabilities
![Page 6: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/6.jpg)
Requirement :● Python 2.7.6
● JRE 1.6+ (preferably 1.7+)
● OSX or Ubuntu Linux (Others may work, but not fully tested)
![Page 7: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/7.jpg)
Download QARK from following link:http://resources.infosecinstitute.com/wp-content/uploads/qark-master.zip
![Page 8: Quick android review kit (qark)](https://reader036.vdocuments.us/reader036/viewer/2022062306/587aa7511a28abed218b4ba5/html5/thumbnails/8.jpg)
➜ Download the QARK➜ Navigate to quark folder and type <python
qark.py>➜ Enter option(1/2) to provide apk/source
code.➜ Inspect Manifest file➜ Decompile the apk and vulnerability will be
displayed on the screen➜ You can create a custom apk of vulnerable
app and print the report of SCA (Static Code Analyis)
AUDIT STEPs :