Get Information from APK

Get Min SDK

Use apktool to find the minimum android version on which can run the application

apk=app-android; apktool -s d ${apk}.apk && cat ${apk}/apktool.yml | grep minSdk

Codenames, Tags, and Build Numbers: https://source.android.com/setup/start/build-numbers

Janus Test

Janus vulnerability comes from the possibility to add extra bytes to APK files and to DEX files.

  • In brief, Application that are signed only with v1 when installed on devices having android version(5.0–8.0) are vulnerable to Janus Vulnerability.

  • Application that are signed with v1 and also v2, v3 or both when installed on devices having android version(5.0–7.0) are vulnerable to Janus Vulnerability.

  • To exploit this vulnerability we need to have a device running vulnerable version of android and android patch level should be less then 2017 December 01.

View more in https://medium.com/mobis3c/exploiting-apps-vulnerable-to-janus-cve-2017-13156-8d52c983b4e0

Use apksigner tool to find the signature schemes used by the application:

apksigner verify --verbose <APK NAME>.apk
PreviousAPKsNextGDA (GJoy Dex Analysizer)

Last updated