├── .github └── workflows │ ├── duplicate-checks.py │ ├── duplicate-checks.yml │ └── smoke_test.yml ├── README.md ├── label_desc.csv └── rules ├── 00001.json ├── 00002.json ├── 00003.json ├── 00004.json ├── 00005.json ├── 00006.json ├── 00007.json ├── 00008.json ├── 00009.json ├── 00010.json ├── 00011.json ├── 00012.json ├── 00013.json ├── 00014.json ├── 00015.json ├── 00016.json ├── 00017.json ├── 00018.json ├── 00019.json ├── 00020.json ├── 00021.json ├── 00022.json ├── 00023.json ├── 00024.json ├── 00025.json ├── 00026.json ├── 00027.json ├── 00028.json ├── 00029.json ├── 00030.json ├── 00031.json ├── 00032.json ├── 00033.json ├── 00034.json ├── 00035.json ├── 00036.json ├── 00037.json ├── 00038.json ├── 00039.json ├── 00040.json ├── 00041.json ├── 00042.json ├── 00043.json ├── 00044.json ├── 00045.json ├── 00046.json ├── 00047.json ├── 00048.json ├── 00049.json ├── 00050.json ├── 00051.json ├── 00052.json ├── 00053.json ├── 00054.json ├── 00055.json ├── 00056.json ├── 00057.json ├── 00058.json ├── 00059.json ├── 00060.json ├── 00061.json ├── 00062.json ├── 00063.json ├── 00064.json ├── 00065.json ├── 00066.json ├── 00067.json ├── 00068.json ├── 00069.json ├── 00070.json ├── 00071.json ├── 00072.json ├── 00073.json ├── 00074.json ├── 00075.json ├── 00076.json ├── 00077.json ├── 00078.json ├── 00079.json ├── 00080.json ├── 00081.json ├── 00082.json ├── 00083.json ├── 00084.json ├── 00085.json ├── 00086.json ├── 00087.json ├── 00088.json ├── 00089.json ├── 00090.json ├── 00091.json ├── 00092.json ├── 00093.json ├── 00094.json ├── 00095.json ├── 00096.json ├── 00097.json ├── 00098.json ├── 00099.json ├── 00100.json ├── 00101.json ├── 00102.json ├── 00103.json ├── 00104.json ├── 00105.json ├── 00106.json ├── 00107.json ├── 00108.json ├── 00109.json ├── 00110.json ├── 00111.json ├── 00112.json ├── 00113.json ├── 00114.json ├── 00115.json ├── 00116.json ├── 00117.json ├── 00118.json ├── 00119.json ├── 00120.json ├── 00121.json ├── 00122.json ├── 00123.json ├── 00124.json ├── 00125.json ├── 00126.json ├── 00127.json ├── 00128.json ├── 00129.json ├── 00130.json ├── 00131.json ├── 00132.json ├── 00133.json ├── 00134.json ├── 00135.json ├── 00136.json ├── 00137.json ├── 00138.json ├── 00139.json ├── 00140.json ├── 00141.json ├── 00142.json ├── 00143.json ├── 00144.json ├── 00145.json ├── 00146.json ├── 00147.json ├── 00148.json ├── 00149.json ├── 00150.json ├── 00151.json ├── 00152.json ├── 00153.json ├── 00154.json ├── 00155.json ├── 00156.json ├── 00157.json ├── 00158.json ├── 00159.json ├── 00160.json ├── 00161.json ├── 00162.json ├── 00163.json ├── 00164.json ├── 00165.json ├── 00166.json ├── 00167.json ├── 00168.json ├── 00169.json ├── 00170.json ├── 00171.json ├── 00172.json ├── 00173.json ├── 00174.json ├── 00175.json ├── 00176.json ├── 00177.json ├── 00178.json ├── 00179.json ├── 00180.json ├── 00181.json ├── 00182.json ├── 00183.json ├── 00184.json ├── 00185.json ├── 00186.json ├── 00187.json ├── 00188.json ├── 00189.json ├── 00190.json ├── 00191.json ├── 00192.json ├── 00193.json ├── 00194.json ├── 00195.json ├── 00196.json ├── 00197.json ├── 00198.json ├── 00199.json ├── 00200.json ├── 00201.json ├── 00202.json ├── 00203.json ├── 00204.json ├── 00205.json ├── 00206.json ├── 00207.json ├── 00208.json ├── 00209.json ├── 00210.json └── 00211.json /.github/workflows/duplicate-checks.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | 4 | def duplicate_check(): 5 | list = [ 6 | os.path.join(dir_path, file) 7 | for dir_path, _, file_list in os.walk("rules") 8 | for file in file_list 9 | if file.endswith("json") 10 | ] 11 | 12 | duplicate_array = [] 13 | for i in range(len(list)): 14 | data1=[] 15 | with open(list[i], "r") as file1: 16 | datafile1 = file1.read() 17 | for k in datafile1: 18 | if k.strip() != "": 19 | data1.append(k) 20 | 21 | for j in range(i+1, len(list)): 22 | data2 = [] 23 | with open(list[j], "r") as file2: 24 | datafile2 = file2.read() 25 | for k in datafile2: 26 | if k.strip() != "": 27 | data2.append(k) 28 | if data1 == data2: 29 | duplicate_array.append(list[i]) 30 | duplicate_array.append(list[j]) 31 | return set(duplicate_array) 32 | 33 | if __name__ == "__main__": 34 | 35 | duplicates = sorted((list(duplicate_check()))) 36 | if duplicates: 37 | print(f"found duplicates - {duplicates}") 38 | sys.exit(1) 39 | else: 40 | print("No duplicates found") 41 | sys.exit(0) 42 | -------------------------------------------------------------------------------- /.github/workflows/duplicate-checks.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: Duplicate Rules Detection 4 | 5 | # Controls when the workflow will run 6 | on: 7 | # Triggers the workflow on push or pull request events but only for the master branch 8 | pull_request: 9 | branches: [ master ] 10 | 11 | # Allows you to run this workflow manually from the Actions tab 12 | workflow_dispatch: 13 | 14 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 15 | jobs: 16 | # This workflow contains a single job called "build" 17 | build: 18 | # The type of runner that the job will run on 19 | runs-on: ubuntu-latest 20 | 21 | # Steps represent a sequence of tasks that will be executed as part of the job 22 | steps: 23 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 24 | - uses: actions/checkout@v2 25 | 26 | # Runs a set of commands using the runners shell 27 | - name: Checks Duplicate Rules 28 | run: | 29 | python3 .github/workflows/duplicate-checks.py 30 | 31 | -------------------------------------------------------------------------------- /.github/workflows/smoke_test.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: CI 4 | 5 | # Controls when the workflow will run 6 | on: 7 | # Triggers the workflow on push or pull request events but only for the master branch 8 | push: 9 | branches: [ master ] 10 | pull_request: 11 | branches: [ master ] 12 | 13 | # Allows you to run this workflow manually from the Actions tab 14 | workflow_dispatch: 15 | 16 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 17 | jobs: 18 | # This workflow contains a single job called "build" 19 | build: 20 | # The type of runner that the job will run on 21 | runs-on: ubuntu-latest 22 | 23 | # Steps represent a sequence of tasks that will be executed as part of the job 24 | steps: 25 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 26 | - uses: actions/checkout@v2 27 | 28 | # Runs a single command using the runners shell 29 | - name: Install dependencies 30 | run: | 31 | python3 -m pip install --upgrade pip 32 | pip3 install click==8.0.1 33 | pip3 install quark-engine 34 | 35 | # Runs a set of commands using the runners shell 36 | - name: Run a multi-line script 37 | run: | 38 | git clone https://github.com/quark-engine/apk-samples 39 | quark -a apk-samples/malware-samples/14d9f1a92dd984d6040cc41ed06e273e.apk -r . -s 40 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Quark Rules 2 | 3 | Welcome to the official rule set provided by [Quark-Engine](https://github.com/quark-engine/quark-engine) 4 | 5 | # Navigate Rules 6 | The easiest way to navigate this ruleset is using [Detection Rules Viewer](https://quark-engine.github.io/ruleviewer/)! With this viewer, you can use labels and keywords to search for the rules you need. 7 | 8 | ![](https://i.imgur.com/boDSXbf.gif) 9 | 10 | # Download Rules 11 | 12 | * git 13 | 14 | ```bash 15 | git clone https://github.com/quark-engine/quark-rules 16 | ``` 17 | 18 | * download rules to your home directory(need to install Quark) 19 | 20 | ```bash 21 | freshquark 22 | ``` 23 | 24 | # Add new rule 25 | 26 | For adding a new rule to this repository, you may refer to our doc [here](https://quark-engine.readthedocs.io/en/latest/addRules.html) 27 | 28 | # Credits 29 | 30 | [cryptax](https://github.com/cryptax), [3aglew0](https://github.com/3aglew0), [Dil3mm3](https://github.com/Dil3mm3), and [ciastron](https://github.com/ciastron) for their awesome rules 31 | -------------------------------------------------------------------------------- /label_desc.csv: -------------------------------------------------------------------------------- 1 | label,description 2 | sms,Read/Write/Send sms content 3 | location,Leakage of Location of the device 4 | calendar, Get calendar information as calendar event 5 | calllog, Retrieve or manipulate sensitive data from call log 6 | http, Use http to send sensitive data 7 | accessibility service, Use Accessibility Service to perform user actions 8 | so, Load native libraries(.so) 9 | -------------------------------------------------------------------------------- /rules/00001.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Initialize bitmap object and compress data (e.g. JPEG) into bitmap object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/graphics/BitmapFactory;", 7 | "method": "decodeByteArray", 8 | "descriptor": "([B I I)Landroid/graphics/Bitmap;" 9 | }, 10 | { 11 | "class": "Landroid/graphics/Bitmap;", 12 | "method": "compress", 13 | "descriptor": "(Landroid/graphics/Bitmap$CompressFormat; I Ljava/io/OutputStream;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "camera" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00002.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Open the camera and take picture", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/hardware/Camera;", 7 | "method": "open", 8 | "descriptor": "(I)Landroid/hardware/Camera;" 9 | }, 10 | { 11 | "class": "Landroid/hardware/Camera;", 12 | "method": "takePicture", 13 | "descriptor": "(Landroid/hardware/Camera$ShutterCallback; Landroid/hardware/Camera$PictureCallback; Landroid/hardware/Camera$PictureCallback;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "camera" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00003.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Put the compressed bitmap data into JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/graphics/Bitmap;", 7 | "method": "compress", 8 | "descriptor": "(Landroid/graphics/Bitmap$CompressFormat; I Ljava/io/OutputStream;)Z" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Z)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "camera" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00004.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get filename and put it to JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getName", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00005.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get absolute path of file and put it to JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00006.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Scheduling recording task", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Ljava/util/Timer;", 12 | "method": "", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00007.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use absolute path of directory for the output media file path", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "setOutputFile", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00008.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if successfully sending out SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsManager;", 7 | "method": "sendTextMessage", 8 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V" 9 | }, 10 | { 11 | "class": "Ljava/lang/Boolean;", 12 | "method": "valueOf", 13 | "descriptor": "(Z)Ljava/lang/Boolean;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00009.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Put data in cursor to JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/database/Cursor;", 7 | "method": "getString", 8 | "descriptor": "(I)Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00010.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read sensitive data(SMS, CALLLOG) and put it into JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "calllog", 20 | "collection" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00011.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query data from URI (SMS, CALLLOGS)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/ContentResolver;", 12 | "method": "query", 13 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "calllog", 20 | "collection" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00012.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read data and put it into a buffer stream", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/FileInputStream;", 7 | "method": "", 8 | "descriptor": "(Ljava/io/File;)V" 9 | }, 10 | { 11 | "class": "Ljava/io/BufferedInputStream;", 12 | "method": "", 13 | "descriptor": "(Ljava/io/InputStream;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00013.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read file and put it into a stream", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "", 8 | "descriptor": "(Ljava/lang/String;)V" 9 | }, 10 | { 11 | "class": "Ljava/io/FileInputStream;", 12 | "method": "", 13 | "descriptor": "(Ljava/io/File;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00014.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read file into a stream and put it into a JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/FileInputStream;", 7 | "method": "", 8 | "descriptor": "(Ljava/io/File;)V" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00015.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Put buffer stream (data) to JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/BufferedInputStream;", 7 | "method": "read", 8 | "descriptor": "([B I I)I" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00016.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get location info of the device and put it to JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/location/Location;", 7 | "method": "getLongitude", 8 | "descriptor": "()D" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "location", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00017.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get Location of the device and append this info to a string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/location/Location;", 7 | "method": "getLatitude", 8 | "descriptor": "()D" 9 | }, 10 | { 11 | "class": "Ljava/lang/StringBuilder;", 12 | "method": "append", 13 | "descriptor": "(D)Ljava/lang/StringBuilder;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "location", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00018.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get JSON object prepared and fill in location info", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Lorg/json/JSONObject;", 7 | "method": "", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Landroid/location/LocationManager;", 12 | "method": "requestLocationUpdates", 13 | "descriptor": "(Ljava/lang/String; J F Landroid/location/LocationListener;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "location", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00019.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Find a method from given class name, usually for reflection", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Object;", 7 | "method": "getClass", 8 | "descriptor": "()Ljava/lang/Class;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Class;", 12 | "method": "getMethod", 13 | "descriptor": "(Ljava/lang/String; [Ljava/lang/Class;)Ljava/lang/reflect/Method;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00020.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get absolute path of the file and store in string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/StringBuilder;", 12 | "method": "toString", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00021.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Load additional DEX files dynamically", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/ClassLoader;", 12 | "method": "loadClass", 13 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Class;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00022.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Open a file from given absolute path of the file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/io/File;", 12 | "method": "", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00023.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Start another application from current application", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/pm/PackageManager;", 7 | "method": "getLaunchIntentForPackage", 8 | "descriptor": "(Ljava/lang/String;)Landroid/content/Intent;" 9 | }, 10 | { 11 | "class": "Landroid/content/Context;", 12 | "method": "startActivity", 13 | "descriptor": "(Landroid/content/Intent;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection", 19 | "control" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00024.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write file after Base64 decoding", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/util/Base64;", 7 | "method": "decode", 8 | "descriptor": "([B I)[B" 9 | }, 10 | { 11 | "class": "Ljava/io/FileOutputStream;", 12 | "method": "write", 13 | "descriptor": "([B)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection", 19 | "file" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00025.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Monitor the general action to be performed", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Intent;", 7 | "method": "getAction", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/String;", 12 | "method": "equals", 13 | "descriptor": "(Ljava/lang/Object;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00026.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Method reflection", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Class;", 7 | "method": "getMethod", 8 | "descriptor": "(Ljava/lang/String; [Ljava/lang/Class;)Ljava/lang/reflect/Method;" 9 | }, 10 | { 11 | "class": "Ljava/lang/reflect/Method;", 12 | "method": "invoke", 13 | "descriptor": "(Ljava/lang/Object; [Ljava/lang/Object;)Ljava/lang/Object;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00027.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get specific method from other Dex files", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/ClassLoader;", 7 | "method": "loadClass", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Class;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Class;", 12 | "method": "getMethod", 13 | "descriptor": "(Ljava/lang/String; [Ljava/lang/Class;)Ljava/lang/reflect/Method;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00028.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read file from assets directory", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/res/AssetManager;", 7 | "method": "open", 8 | "descriptor": "(Ljava/lang/String;)Ljava/io/InputStream;" 9 | }, 10 | { 11 | "class": "Ljava/io/InputStream;", 12 | "method": "read", 13 | "descriptor": "([B)I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00029.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Initialize class object dynamically", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Class;", 7 | "method": "forName", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Class;" 9 | }, 10 | { 11 | "class": "Ljava/lang/reflect/Constructor;", 12 | "method": "newInstance", 13 | "descriptor": "([Ljava/lang/Object;)Ljava/lang/Object;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00030.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to the remote server through the given URL", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/net/URL;", 7 | "method": "openConnection", 8 | "descriptor": "()Ljava/net/URLConnection;" 9 | }, 10 | { 11 | "class": "Ljava/net/HttpURLConnection;", 12 | "method": "connect", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00031.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check the list of currently running applications", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/app/ActivityManager;", 7 | "method": "getRunningTasks", 8 | "descriptor": "(I)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/content/ComponentName;", 12 | "method": "getPackageName", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00032.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Load external class", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Class;", 7 | "method": "getClassLoader", 8 | "descriptor": "()Ljava/lang/ClassLoader;" 9 | }, 10 | { 11 | "class": "Ljava/lang/ClassLoader;", 12 | "method": "loadClass", 13 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Class;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00033.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the IMEI number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getDeviceId", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00034.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the current data network type", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getNetworkType", 13 | "descriptor": "()I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00035.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the list of the installed packages", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getPackageManager", 8 | "descriptor": "()Landroid/content/pm/PackageManager;" 9 | }, 10 | { 11 | "class": "Landroid/content/pm/PackageManager;", 12 | "method": "getInstalledPackages", 13 | "descriptor": "(I)Ljava/util/List;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00036.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get resource file from res/raw directory", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getPackageName", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/net/Uri;", 12 | "method": "parse", 13 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00037.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send notification", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/app/Notification$Builder;", 7 | "method": "build", 8 | "descriptor": "()Landroid/app/Notification;" 9 | }, 10 | { 11 | "class": "Landroid/app/NotificationManager;", 12 | "method": "notify", 13 | "descriptor": "(I Landroid/app/Notification;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00038.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the phone number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getLine1Number", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00039.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Start a web server", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/net/ServerSocket;", 7 | "method": "accept", 8 | "descriptor": "()Ljava/net/Socket;" 9 | }, 10 | { 11 | "class": "Ljava/net/Socket;", 12 | "method": "getInetAddress", 13 | "descriptor": "()Ljava/net/InetAddress;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00040.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsManager;", 7 | "method": "divideMessage", 8 | "descriptor": "(Ljava/lang/String;)Ljava/util/ArrayList;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsManager;", 12 | "method": "sendMultipartTextMessage", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/util/ArrayList; Ljava/util/ArrayList; Ljava/util/ArrayList;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00041.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Save recorded audio/video to file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "toString", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "setOutputFile", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00042.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query WiFi BSSID and scan results", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiInfo;", 7 | "method": "getBSSID", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/net/wifi/WifiManager;", 12 | "method": "getScanResults", 13 | "descriptor": "()Ljava/util/List;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00043.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Calculate WiFi signal strength", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiInfo;", 7 | "method": "getRssi", 8 | "descriptor": "()I" 9 | }, 10 | { 11 | "class": "Landroid/net/wifi/WifiManager;", 12 | "method": "calculateSignalLevel", 13 | "descriptor": "(I I)I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00044.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the last time this package's activity was used", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/app/usage/UsageStatsManager;", 7 | "method": "queryUsageStats", 8 | "descriptor": "(I J J)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/app/usage/UsageStats;", 12 | "method": "getLastTimeUsed", 13 | "descriptor": "()J" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "reflection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00045.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the name of currently running application", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/app/usage/UsageStatsManager;", 7 | "method": "queryUsageStats", 8 | "descriptor": "(I J J)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/app/usage/UsageStats;", 12 | "method": "getPackageName", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "reflection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00046.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Method reflection", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Class;", 7 | "method": "getDeclaredMethod", 8 | "descriptor": "(Ljava/lang/String; [Ljava/lang/Class;)Ljava/lang/reflect/Method;" 9 | }, 10 | { 11 | "class": "Ljava/lang/reflect/Method;", 12 | "method": "invoke", 13 | "descriptor": "(Ljava/lang/Object; [Ljava/lang/Object;)Ljava/lang/Object;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00047.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the local IP address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/net/Socket;", 7 | "method": "getLocalAddress", 8 | "descriptor": "()Ljava/net/InetAddress;" 9 | }, 10 | { 11 | "class": "Ljava/net/InetAddress;", 12 | "method": "getHostAddress", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00048.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the SMS contents", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsMessage;", 7 | "method": "createFromPdu", 8 | "descriptor": "([B)Landroid/telephony/SmsMessage;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsMessage;", 12 | "method": "getDisplayMessageBody", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00049.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the phone number from SMS sender", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsMessage;", 7 | "method": "createFromPdu", 8 | "descriptor": "([B)Landroid/telephony/SmsMessage;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsMessage;", 12 | "method": "getDisplayOriginatingAddress", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00050.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the SMS service centre timestamp", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsMessage;", 7 | "method": "createFromPdu", 8 | "descriptor": "([B)Landroid/telephony/SmsMessage;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsMessage;", 12 | "method": "getTimestampMillis", 13 | "descriptor": "()J" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00051.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Implicit intent(view a web page, make a phone call, etc.) via setData", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/Intent;", 12 | "method": "setData", 13 | "descriptor": "(Landroid/net/Uri;)Landroid/content/Intent;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00052.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Deletes media specified by a content URI(SMS, CALL_LOG, File, etc.)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/ContentResolver;", 12 | "method": "delete", 13 | "descriptor": "(Landroid/net/Uri; Ljava/lang/String; [Ljava/lang/String;)I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00053.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Monitor data identified by a given content URI changes(SMS, MMS, etc.)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/ContentResolver;", 12 | "method": "registerContentObserver", 13 | "descriptor": "(Landroid/net/Uri; Z Landroid/database/ContentObserver;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00054.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Install other APKs from file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "fromFile", 8 | "descriptor": "(Ljava/io/File;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/Intent;", 12 | "method": "setDataAndType", 13 | "descriptor": "(Landroid/net/Uri; Ljava/lang/String;)Landroid/content/Intent;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00055.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the SMS content and the source of the phone number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsMessage;", 7 | "method": "getDisplayMessageBody", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsMessage;", 12 | "method": "getDisplayOriginatingAddress", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00056.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Modify voice volume", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/AudioManager;", 7 | "method": "getStreamMaxVolume", 8 | "descriptor": "(I)I" 9 | }, 10 | { 11 | "class": "Landroid/media/AudioManager;", 12 | "method": "setStreamVolume", 13 | "descriptor": "(I I I)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00057.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Return the DHCP-assigned addresses from the last successful DHCP request", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiManager;", 7 | "method": "getDhcpInfo", 8 | "descriptor": "()Landroid/net/DhcpInfo;" 9 | }, 10 | { 11 | "class": "Ljava/lang/StringBuilder;", 12 | "method": "toString", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00058.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to the specific WIFI network", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiManager;", 7 | "method": "getConfiguredNetworks", 8 | "descriptor": "()Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/net/wifi/WifiManager;", 12 | "method": "enableNetwork", 13 | "descriptor": "(I Z)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "control" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00059.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the SIM card status", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/TelephonyManager;", 7 | "method": "getSimState", 8 | "descriptor": "()I" 9 | }, 10 | { 11 | "class": "Ljava/lang/Integer;", 12 | "method": "intValue", 13 | "descriptor": "()I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00060.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the network operator name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/TelephonyManager;", 7 | "method": "getNetworkOperatorName", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Integer;", 12 | "method": "valueOf", 13 | "descriptor": "(I)Ljava/lang/Integer;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00061.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Return dynamic information about the current Wi-Fi connection", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiManager;", 7 | "method": "getConnectionInfo", 8 | "descriptor": "()Landroid/net/wifi/WifiInfo;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Integer;", 12 | "method": "valueOf", 13 | "descriptor": "(I)Ljava/lang/Integer;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00062.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query WiFi information and WiFi Mac Address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/wifi/WifiManager;", 7 | "method": "getConnectionInfo", 8 | "descriptor": "()Landroid/net/wifi/WifiInfo;" 9 | }, 10 | { 11 | "class": "Landroid/net/wifi/WifiInfo;", 12 | "method": "getMacAddress", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00063.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Implicit intent(view a web page, make a phone call, etc.)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/Intent;", 12 | "method": "", 13 | "descriptor": "(Ljava/lang/String; Landroid/net/Uri;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00064.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Monitor incoming call status", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getCallState", 13 | "descriptor": "()I" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00065.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the country code of the SIM card provider", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getSimCountryIso", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00066.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the ICCID number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getSimSerialNumber", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00067.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the IMSI number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/TelephonyManager;", 12 | "method": "getSubscriberId", 13 | "descriptor": "()Ljava/lang/String;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00068.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Executes the specified string Linux command", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Runtime;", 7 | "method": "getRuntime", 8 | "descriptor": "()Ljava/lang/Runtime;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Runtime;", 12 | "method": "exec", 13 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Process;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00069.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Run shell script programmably", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Runtime;", 7 | "method": "exec", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Process;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Process;", 12 | "method": "getOutputStream", 13 | "descriptor": "()Ljava/io/OutputStream;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "control" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00070.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get sender's address and send SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V", 12 | "class": "Landroid/telephony/SmsManager;", 13 | "method": "sendTextMessage" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "command", 20 | "sms" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00071.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the ISO country code of the current network operator into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getNetworkCountryIso" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "command", 20 | "network", 21 | "file" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00072.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write HTTP input stream into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/io/InputStream;", 7 | "class": "Ljava/net/HttpURLConnection;", 8 | "method": "getInputStream" 9 | }, 10 | { 11 | "descriptor": "([B I I)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command", 19 | "network", 20 | "file" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00073.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the SIM card information into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/util/List;", 7 | "class": "Landroid/telephony/SubscriptionManager;", 8 | "method": "getActiveSubscriptionInfoList" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony", 20 | "file" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00074.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get IMSI and the ISO country code", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getSubscriberId" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getNetworkCountryIso" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00075.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get location of the device", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Z", 7 | "class": "Landroid/location/LocationManager;", 8 | "method": "isProviderEnabled" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)Landroid/location/Location;", 12 | "class": "Landroid/location/LocationManager;", 13 | "method": "getLastKnownLocation" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00076.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi information and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/net/wifi/WifiInfo;", 7 | "class": "Landroid/net/wifi/WifiManager;", 8 | "method": "getConnectionInfo" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00077.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read sensitive data(SMS, CALLLOG, etc)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/content/ContentResolver;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getContentResolver" 9 | }, 10 | { 11 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 12 | "class": "Landroid/content/ContentResolver;", 13 | "method": "query" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms", 20 | "calllog", 21 | "calendar" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00078.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the network operator name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getNetworkOperatorName" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00079.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Hide the current app's icon", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/content/pm/PackageManager;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getPackageManager" 9 | }, 10 | { 11 | "descriptor": "(Landroid/content/ComponentName; I I)V", 12 | "class": "Landroid/content/pm/PackageManager;", 13 | "method": "setComponentEnabledSetting" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "evasion" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00080.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Save recorded audio/video to a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "setOutputFile" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record", 19 | "file" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00081.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get declared method from given method name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()V", 7 | "class": "Ljava/lang/StringBuilder;", 8 | "method": "" 9 | }, 10 | { 11 | "descriptor": "()[Ljava/lang/reflect/Method;", 12 | "class": "Ljava/lang/Class;", 13 | "method": "getDeclaredMethods" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00082.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi MAC address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/net/wifi/WifiInfo;", 13 | "method": "getMacAddress" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00083.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the IMEI number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/app/Activity;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getDeviceId" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00084.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the ISO country code and IMSI", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getNetworkCountryIso" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getSubscriberId" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00085.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the ISO country code and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getNetworkCountryIso" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00086.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the device is in data roaming mode", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Z", 7 | "class": "Landroid/net/NetworkInfo;", 8 | "method": "isRoaming" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "telephony" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00087.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check the current network type", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()I", 7 | "class": "Landroid/net/NetworkInfo;", 8 | "method": "getType" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00088.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create a secure socket connection to the given host address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Ljava/net/InetAddress;", 8 | "method": "getHostAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/net/Socket; Ljava/lang/String; I Z)Ljava/net/Socket;", 12 | "class": "Ljavax/net/ssl/SSLSocketFactory;", 13 | "method": "createSocket" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00089.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to a URL and receive input stream from the server", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/URLConnection;", 7 | "class": "Ljava/net/URL;", 8 | "method": "openConnection" 9 | }, 10 | { 11 | "descriptor": "()Ljava/io/InputStream;", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "getInputStream" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00090.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set recroded audio/video file format", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "(I)V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "setOutputFormat" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00091.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Retrieve data from broadcast", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/os/Bundle;", 7 | "class": "Landroid/content/Intent;", 8 | "method": "getExtras" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 12 | "class": "Landroid/os/Bundle;", 13 | "method": "getString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00092.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send broadcast", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/content/Context;", 7 | "class": "Landroid/app/Activity;", 8 | "method": "getApplicationContext" 9 | }, 10 | { 11 | "descriptor": "(Landroid/content/Intent;)V", 12 | "class": "Landroid/content/Context;", 13 | "method": "sendBroadcast" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00093.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the content of SMS and forward it to others via SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getMessageBody" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V", 12 | "class": "Landroid/telephony/SmsManager;", 13 | "method": "sendTextMessage" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms", 20 | "command" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00094.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to a URL and read data from it", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/URLConnection;", 7 | "class": "Ljava/net/URL;", 8 | "method": "openConnection" 9 | }, 10 | { 11 | "descriptor": "([B)I", 12 | "class": "Ljava/io/InputStream;", 13 | "method": "read" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00095.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the ICCID of device into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SubscriptionInfo;", 8 | "method": "getIccId" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00096.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to a URL and set request method", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/URLConnection;", 7 | "class": "Ljava/net/URL;", 8 | "method": "openConnection" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)V", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "setRequestMethod" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00097.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the sender address of the SMS and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00098.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the network is connected", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Z", 7 | "class": "Landroid/net/NetworkInfo;", 8 | "method": "isConnected" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00099.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get location of the current GSM and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()I", 7 | "class": "Landroid/telephony/gsm/GsmCellLocation;", 8 | "method": "getCid" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; I)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00100.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check the network capabilities", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Landroid/net/Network;)Landroid/net/NetworkCapabilities;", 7 | "class": "Landroid/net/ConnectivityManager;", 8 | "method": "getNetworkCapabilities" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "network" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00101.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Initialize recorder", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "prepare" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00102.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the phone speaker on", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "(Z)V", 12 | "class": "Landroid/media/AudioManager;", 13 | "method": "setSpeakerphoneOn" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00103.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check the active network type", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/net/NetworkInfo;", 7 | "class": "Landroid/net/ConnectivityManager;", 8 | "method": "getActiveNetworkInfo" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00104.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the given path is directory", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()Z", 12 | "class": "Ljava/io/File;", 13 | "method": "isDirectory" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00105.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Append the sender's address to the string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)Ljava/lang/StringBuilder;", 12 | "class": "Ljava/lang/StringBuilder;", 13 | "method": "append" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00106.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the currently formatted WiFi IP address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()I", 7 | "class": "Landroid/net/wifi/WifiInfo;", 8 | "method": "getIpAddress" 9 | }, 10 | { 11 | "descriptor": "(I)Ljava/lang/String;", 12 | "class": "Landroid/text/format/Formatter;", 13 | "method": "formatIpAddress" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00107.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the IMSI number into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getSubscriberId" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony", 20 | "file", 21 | "command" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00108.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read the input stream from given URL", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/io/InputStream;", 7 | "class": "Ljava/net/HttpURLConnection;", 8 | "method": "getInputStream" 9 | }, 10 | { 11 | "descriptor": "([B)I", 12 | "class": "Ljava/io/InputStream;", 13 | "method": "read" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00109.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to a URL and get the response code", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/URLConnection;", 7 | "class": "Ljava/net/URL;", 8 | "method": "openConnection" 9 | }, 10 | { 11 | "descriptor": "()I", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "getResponseCode" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00110.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query the ICCID number", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/util/List;", 7 | "class": "Landroid/telephony/SubscriptionManager;", 8 | "method": "getActiveSubscriptionInfoList" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/SubscriptionInfo;", 13 | "method": "getIccId" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00111.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the sender address of the SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Ljava/lang/String;", 13 | "method": "toString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00112.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the date of the calendar event", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()J", 7 | "class": "Ljava/util/Calendar;", 8 | "method": "getTimeInMillis" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Ljava/util/Date;", 13 | "method": "toString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "calendar" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00113.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get location and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Landroid/location/Location;", 7 | "class": "Landroid/location/LocationManager;", 8 | "method": "getLastKnownLocation" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00114.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create a secure socket connection to the proxy address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/SocketAddress;", 7 | "class": "Ljava/net/Proxy;", 8 | "method": "address" 9 | }, 10 | { 11 | "descriptor": "(Ljava/net/Socket; Ljava/lang/String; I Z)Ljava/net/Socket;", 12 | "class": "Ljavax/net/ssl/SSLSocketFactory;", 13 | "method": "createSocket" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00115.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get last known location of the device", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Landroid/location/Location;", 7 | "class": "Landroid/location/LocationManager;", 8 | "method": "getLastKnownLocation" 9 | }, 10 | { 11 | "descriptor": "()D", 12 | "class": "Landroid/location/Location;", 13 | "method": "getLongitude" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00116.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi MAC address and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/net/wifi/WifiInfo;", 8 | "method": "getMacAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00117.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the IMSI and network operator name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getSubscriberId" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getNetworkOperatorName" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "telephony", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00118.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the content of SMS contains given string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getMessageBody" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/CharSequence;)Z", 12 | "class": "Ljava/lang/String;", 13 | "method": "contains" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00119.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the IMEI number into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getDeviceId" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "file", 20 | "telephony", 21 | "command" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00120.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Append the sender's address to the string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "(I)Ljava/lang/StringBuilder;", 12 | "class": "Ljava/lang/StringBuilder;", 13 | "method": "append" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00121.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create a directory", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()Z", 12 | "class": "Ljava/io/File;", 13 | "method": "mkdirs" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00122.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the sender address of SMS contains the given string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/CharSequence;)Z", 12 | "class": "Ljava/lang/String;", 13 | "method": "contains" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00123.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Save the response to JSON after connecting to the remote server", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()V", 7 | "class": "Ljava/net/HttpURLConnection;", 8 | "method": "connect" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)V", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00124.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check the current active network type", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Landroid/net/Network;", 7 | "class": "Landroid/net/ConnectivityManager;", 8 | "method": "getActiveNetwork" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;)Z", 12 | "class": "Ljava/lang/Object;", 13 | "method": "equals" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00125.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the given file path exist", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()Z", 12 | "class": "Ljava/io/File;", 13 | "method": "exists" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "file" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00126.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Read sensitive data(SMS, CALLLOG, etc)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 7 | "class": "Landroid/content/ContentResolver;", 8 | "method": "query" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Ljava/lang/String;", 13 | "method": "toString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms", 20 | "calllog", 21 | "calendar" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00127.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Monitor the broadcast action events (BOOT_COMPLETED, etc)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/content/Intent;", 8 | "method": "getAction" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)I", 12 | "class": "Ljava/lang/String;", 13 | "method": "compareToIgnoreCase" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "command" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00128.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query user account information", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Landroid/content/Context;)Landroid/accounts/AccountManager;", 7 | "class": "Landroid/accounts/AccountManager;", 8 | "method": "get" 9 | }, 10 | { 11 | "descriptor": "()[Landroid/accounts/Account;", 12 | "class": "Landroid/accounts/AccountManager;", 13 | "method": "getAccounts" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "account" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00129.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the content of SMS", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getMessageBody" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Ljava/lang/String;", 13 | "method": "toString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00130.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WIFI information", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()Landroid/net/wifi/WifiInfo;", 12 | "class": "Landroid/net/wifi/WifiManager;", 13 | "method": "getConnectionInfo" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00131.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get location of the current GSM and put it into JSON", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()I", 7 | "class": "Landroid/telephony/gsm/GsmCellLocation;", 8 | "method": "getLac" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; I)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00132.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query The ISO country code", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getNetworkCountryIso" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "telephony", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00133.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Start recording", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "start" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00134.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi IP address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()I", 12 | "class": "Landroid/net/wifi/WifiInfo;", 13 | "method": "getIpAddress" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00135.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi id and put it into JSON.", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()I", 7 | "class": "Landroid/net/wifi/WifiInfo;", 8 | "method": "getNetworkId" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;", 12 | "class": "Lorg/json/JSONObject;", 13 | "method": "put" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "wifi", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00136.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Stop recording", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "()V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "stop" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00137.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get last known location of the device", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Landroid/location/Location;", 7 | "class": "Landroid/location/LocationManager;", 8 | "method": "getLastKnownLocation" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/location/Location;", 13 | "method": "toString" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "location", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00138.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the audio source (MIC)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/String;", 7 | "class": "Landroid/os/Bundle;", 8 | "method": "getString" 9 | }, 10 | { 11 | "descriptor": "(I)V", 12 | "class": "Landroid/media/MediaRecorder;", 13 | "method": "setAudioSource" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "record" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00139.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the current WiFi id", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;", 7 | "class": "Landroid/content/Context;", 8 | "method": "getSystemService" 9 | }, 10 | { 11 | "descriptor": "()I", 12 | "class": "Landroid/net/wifi/WifiInfo;", 13 | "method": "getNetworkId" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "wifi" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00140.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write the phone number into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getLine1Number" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony", 20 | "file", 21 | "command" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00141.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Load class from given class name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Ljava/lang/StringBuilder;", 8 | "method": "toString" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Class;", 12 | "class": "Ljava/lang/ClassLoader;", 13 | "method": "loadClass" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00142.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get calendar information", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(I)I", 7 | "class": "Ljava/util/Calendar;", 8 | "method": "get" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String;)Ljava/lang/StringBuilder;", 12 | "class": "Ljava/lang/StringBuilder;", 13 | "method": "append" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "calendar" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00143.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get external class from given path or file name", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Ljava/lang/StringBuilder;", 8 | "method": "toString" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/ClassLoader;", 12 | "class": "Landroid/app/Service;", 13 | "method": "getClassLoader" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "reflection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00144.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Write SIM card serial number into a file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getSimSerialNumber" 9 | }, 10 | { 11 | "descriptor": "([B)V", 12 | "class": "Ljava/io/FileOutputStream;", 13 | "method": "write" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "telephony", 20 | "file", 21 | "command" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00145.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create a socket connection to the proxy address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/net/SocketAddress;", 7 | "class": "Ljava/net/Proxy;", 8 | "method": "address" 9 | }, 10 | { 11 | "descriptor": "()Ljava/net/Socket;", 12 | "class": "Ljavax/net/SocketFactory;", 13 | "method": "createSocket" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00146.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the network operator name and IMSI", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/TelephonyManager;", 8 | "method": "getNetworkOperatorName" 9 | }, 10 | { 11 | "descriptor": "()Ljava/lang/String;", 12 | "class": "Landroid/telephony/TelephonyManager;", 13 | "method": "getSubscriberId" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "telephony", 19 | "collection" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00147.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the time of current location", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String;)Z", 7 | "class": "Landroid/location/LocationManager;", 8 | "method": "isProviderEnabled" 9 | }, 10 | { 11 | "descriptor": "()J", 12 | "class": "Landroid/location/Location;", 13 | "method": "getTime" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "location" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00148.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create a socket connection to the given host address", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Ljava/net/InetAddress;", 8 | "method": "getHostAddress" 9 | }, 10 | { 11 | "descriptor": "()Ljava/net/Socket;", 12 | "class": "Ljavax/net/SocketFactory;", 13 | "method": "createSocket" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network", 19 | "command" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00149.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Unpack an asset, possibly decrypt it and load it as DEX", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "android/content/res/Resources;", 7 | "method": "getAssets", 8 | "descriptor": "()Landroid/content/res/AssetManager;" 9 | }, 10 | { 11 | "class": "Ldalvik/system/DexClassLoader;", 12 | "method": "", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Ljava/lang/ClassLoader;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "packer" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00150.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send IMSI over Internet", 3 | "permission": [ 4 | "android.permission.INTERNET" 5 | ], 6 | "api": [ 7 | { 8 | "class": "Landroid/telephony/TelephonyManager;", 9 | "method": "getSubscriberId", 10 | "descriptor": "()Ljava/lang/String;" 11 | }, 12 | { 13 | "class": "Ljava/net/URL;", 14 | "method": "openConnection", 15 | "descriptor": "()Ljava/net/URLConnection;" 16 | } 17 | ], 18 | "score": 1, 19 | "label": [ 20 | "phone" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00151.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send phone number over Internet", 3 | "permission": [ 4 | "android.permission.INTERNET" 5 | ], 6 | "api": [ 7 | { 8 | "class": "Landroid/telephony/TelephonyManager;", 9 | "method": "getLine1Number", 10 | "descriptor": "()Ljava/lang/String;" 11 | }, 12 | { 13 | "class": "Ljava/net/URL;", 14 | "method": "openConnection", 15 | "descriptor": "()Ljava/net/URLConnection;" 16 | } 17 | ], 18 | "score": 1, 19 | "label": [ 20 | "phone", 21 | "privacy" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00152.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get data from HTTP and send SMS", 3 | "permission": [ 4 | "android.permission.INTERNET" 5 | ], 6 | "api": [ 7 | { 8 | "class": "Ljava/net/URL;", 9 | "method": "openConnection", 10 | "descriptor": "()Ljava/net/URLConnection;" 11 | }, 12 | { 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V", 14 | "class": "Landroid/telephony/SmsManager;", 15 | "method": "sendTextMessage" 16 | } 17 | ], 18 | "score": 1, 19 | "label": [ 20 | "command", 21 | "sms" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00153.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send binary data over HTTP", 3 | "permission": [ 4 | "android.permission.INTERNET" 5 | ], 6 | "api": [ 7 | { 8 | "class": "Ljava/net/HttpURLConnection;", 9 | "method": "getOutputStream", 10 | "descriptor": "()Ljava/io/OutputStream;" 11 | }, 12 | { 13 | "descriptor": "([BII)V", 14 | "class": "Ljava/io/DataOutputStream;", 15 | "method": "write" 16 | } 17 | ], 18 | "score": 1, 19 | "label": [ 20 | "http" 21 | ] 22 | } -------------------------------------------------------------------------------- /rules/00154.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect hostname to TCP or UDP socket using KryoNet", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/net/InetAddress;", 7 | "method": "getByName", 8 | "descriptor": "(Ljava/lang/String;)Ljava/net/InetAddress;" 9 | }, 10 | 11 | { 12 | "class": "Lcom/esotericsoftware/kryonet/Client;", 13 | "method": "connect", 14 | "descriptor": "(I Ljava/net/InetAddress; I)V" 15 | } 16 | ], 17 | "score": 1, 18 | "label": ["socket"] 19 | } 20 | 21 | -------------------------------------------------------------------------------- /rules/00155.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Execute commands on shell using DataOutputStream object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Runtime;", 7 | "method": "exec", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Process;" 9 | }, 10 | { 11 | "class": "Ljava/io/DataOutputStream;", 12 | "method": "writeBytes", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["exec", "command"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00156.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Acquire lock on Power Manager ", 3 | "permission": ["android.permission.WAKE_LOCK"], 4 | "api": [ 5 | { 6 | "class": "Landroid/os/PowerManager;", 7 | "method": "newWakeLock", 8 | "descriptor": "(I Ljava/lang/String;)Landroid/os/PowerManager$WakeLock;" 9 | }, 10 | { 11 | "class": "Landroid/os/PowerManager$WakeLock;", 12 | "method": "acquire", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["lock", "power manager"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00157.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Instantiate new object using reflection, possibly used for dexClassLoader ", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Class;", 7 | "method": "getConstructor", 8 | "descriptor": "([Ljava/lang/Class;)Ljava/lang/reflect/Constructor;" 9 | }, 10 | { 11 | "class": "Ljava/lang/reflect/Constructor;", 12 | "method": "newInstance", 13 | "descriptor": "([Ljava/lang/Object;)Ljava/lang/Object;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["reflection", "dexClassLoader"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00158.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Connect to a URL and send sensitive data got from resolver", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 7 | "class": "Landroid/content/ContentResolver;", 8 | "method": "query" 9 | }, 10 | { 11 | "descriptor": "()Ljava/io/OutputStream;", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "getOutputStream" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "privacy", 19 | "connection" 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /rules/00159.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use accessibility service to perform action getting node info by text", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "findAccessibilityNodeInfosByText", 8 | "descriptor": "(Ljava/lang/String;)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 12 | "method": "performAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00160.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use accessibility service to perform action getting node info by View Id", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "findAccessibilityNodeInfosByViewId", 8 | "descriptor": "(Ljava/lang/String;)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 12 | "method": "performAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00161.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Perfom accessibility service action on accessibility node info", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "getParent", 8 | "descriptor": "()Landroid/view/accessibility/AccessibilityNodeInfo;" 9 | }, 10 | { 11 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 12 | "method": "performAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00162.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create InetSocketAddress object and connecting to it", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String; I)V", 7 | "class": "Ljava/net/InetSocketAddress;", 8 | "method": "" 9 | }, 10 | { 11 | "descriptor": "(Ljava/net/SocketAddress;)V", 12 | "class": "Ljava/net/Socket;", 13 | "method": "connect" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "socket" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00163.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Create new Socket and connecting to it", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/String; I)V", 7 | "class": "Ljava/net/Socket;", 8 | "method": "" 9 | }, 10 | { 11 | "descriptor": "(Ljava/net/SocketAddress;)V", 12 | "class": "Ljava/net/Socket;", 13 | "method": "connect" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "socket" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00164.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get SMS address and send it through http", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getOriginatingAddress" 9 | }, 10 | { 11 | "descriptor": "()Ljava/io/OutputStream;", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "getOutputStream" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "http" 20 | ] 21 | } 22 | 23 | -------------------------------------------------------------------------------- /rules/00165.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get SMS message body and send it through http", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getMessageBody" 9 | }, 10 | { 11 | "descriptor": "()Ljava/io/OutputStream;", 12 | "class": "Ljava/net/HttpURLConnection;", 13 | "method": "getOutputStream" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "http" 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /rules/00166.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get SMS message body and retrieve a string from it (possibly PIN / mTAN)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "()Ljava/lang/String;", 7 | "class": "Landroid/telephony/SmsMessage;", 8 | "method": "getMessageBody" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/String)Ljava/util/regex/Matcher;", 12 | "class": "Ljava/util/regex/Pattern;", 13 | "method": "matcher" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "sms", 19 | "pin" 20 | ] 21 | } 22 | 23 | -------------------------------------------------------------------------------- /rules/00167.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use accessibility service to perform action getting root in active window", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/accessibilityservice/AccessibilityService;", 7 | "method": "getRootInActiveWindow", 8 | "descriptor": "()Landroid/view/accessibility/AccessibilityNodeInfo;" 9 | }, 10 | { 11 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 12 | "method": "performAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00168.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use accessibility service to perform global action getting node info by text", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "findAccessibilityNodeInfosByText", 8 | "descriptor": "(Ljava/lang/String;)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/accessibilityservice/AccessibilityService;", 12 | "method": "performGlobalAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00169.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Use accessibility service to perform global action getting node info by View Id", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "findAccessibilityNodeInfosByViewId", 8 | "descriptor": "(Ljava/lang/String;)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/accessibilityservice/AccessibilityService;", 12 | "method": "performGlobalAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00170.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get installed applications and put the list in shared preferences", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/pm/PackageManager;", 7 | "method": "getInstalledApplications", 8 | "descriptor": "(I)Ljava/util/List;" 9 | }, 10 | { 11 | "class": "Landroid/content/SharedPreferences$Editor;", 12 | "method": "putString", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String;)Landroid/content/SharedPreferences$Editor;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "applications", 19 | "privacy" 20 | ] 21 | } 22 | 23 | -------------------------------------------------------------------------------- /rules/00171.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Compare network operator with a string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/TelephonyManager;", 7 | "method": "getNetworkOperatorName", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/String;", 12 | "method": "equals", 13 | "descriptor": "(Ljava/lang/Object;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "network" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00172.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check Admin permissions to (probably) get them", 3 | "permission": ["android.permission.BIND_DEVICE_ADMIN"], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/app/admin/DevicePolicyManager;", 12 | "method": "isAdminActive", 13 | "descriptor": "(Landroid/content/ComponentName;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "admin" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00173.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get bounds in screen of an AccessibilityNodeInfo and perform action", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "getBoundsInScreen", 8 | "descriptor": "(Landroid/graphics/Rect;)V" 9 | }, 10 | { 11 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 12 | "method": "performAction", 13 | "descriptor": "(I)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["accessibility service"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00174.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get all accounts by type and put them in a JSON object", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/accounts/AccountManager;", 7 | "method": "getAccountsByType", 8 | "descriptor": "(Ljava/lang/String;)[Landroid/accounts/Account;" 9 | }, 10 | { 11 | "class": "Lorg/json/JSONObject;", 12 | "method": "put", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/Object;)Lorg/json/JSONObject;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["accounts", "collection"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00175.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get notification manager and cancel notifications ", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "getSystemService", 8 | "descriptor": "(Ljava/lang/String;)Ljava/lang/Object;" 9 | }, 10 | { 11 | "class": "Landroid/app/NotificationManager;", 12 | "method": "cancelAll", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["notification"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00176.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send sms to a contact of contact list", 3 | "permission": ["android.permission.SEND_SMS", "android.permission.READ_CONTACTS"], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Landroid/os/Bundle; Landroid/os/CancellationSignal;)Landroid/database/Cursor;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsManager;", 12 | "method": "sendTextMessage", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["sms"] 18 | } 19 | 20 | -------------------------------------------------------------------------------- /rules/00177.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if permission is granted and request it", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Context;", 7 | "method": "checkPermission", 8 | "descriptor": "(Ljava/lang/String; I I)I" 9 | }, 10 | { 11 | "class": "Landroid/app/Activity;", 12 | "method": "requestPermissions", 13 | "descriptor": "([Ljava/lang/String; I)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "permission" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00178.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Execute Linux commands via ProcessBuilder", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/ProcessBuilder;", 7 | "method": "", 8 | "descriptor": "([Ljava/lang/String;)V" 9 | }, 10 | { 11 | "class": "Ljava/lang/ProcessBuilder;", 12 | "method": "start", 13 | "descriptor": "()Ljava/lang/Process;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["command"] 18 | } 19 | -------------------------------------------------------------------------------- /rules/00179.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send Location via SMS", 3 | "permission": [ 4 | "android.permission.SEND_SMS", 5 | "android.permission.ACCESS_COARSE_LOCATION", 6 | "android.permission.ACCESS_FINE_LOCATION" 7 | ], 8 | "api": [ 9 | { 10 | "class": "Landroid/telephony/TelephonyManager", 11 | "method": "getCellLocation", 12 | "descriptor": "()Landroid/telephony/CellLocation;" 13 | }, 14 | { 15 | "class": "Landroid/telephony/SmsManager", 16 | "method": "sendTextMessage", 17 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V" 18 | } 19 | ], 20 | "score": 1, 21 | "label": [ 22 | "location", 23 | "collection" 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /rules/00180.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Load native libraries(.so) via System.loadLibrary (60% means caught)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/System;", 7 | "method": "loadLibrary", 8 | "descriptor": "(Ljava/lang/String;)V" 9 | }, 10 | { 11 | "class": "Ljava/lang/System;", 12 | "method": "loadLibrary", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "so" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00181.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Load native libraries(.so) via System.load (60% means caught)", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/System;", 7 | "method": "load", 8 | "descriptor": "(Ljava/lang/String;)V" 9 | }, 10 | { 11 | "class": "Ljava/lang/System;", 12 | "method": "load", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "so" 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rules/00182.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Open camera.", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/hardware/Camera;", 7 | "method": "open", 8 | "descriptor": "(I)Landroid/hardware/Camera;" 9 | }, 10 | { 11 | "class": "Ljava/lang/Object;", 12 | "method": "", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["camera"], 18 | "malware": ["4b65291d3453664b214cf2b0cfd0cd5d"] 19 | } -------------------------------------------------------------------------------- /rules/00183.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get current camera paremeters and change the setting.", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/hardware/Camera;", 7 | "method": "getParameters", 8 | "descriptor": "()Landroid/hardware/Camera$Parameters;" 9 | }, 10 | { 11 | "class": "Landroid/hardware/Camera;", 12 | "method": "setParameters", 13 | "descriptor": "(Landroid/hardware/Camera$Parameters;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["camera"], 18 | "malware": ["4b65291d3453664b214cf2b0cfd0cd5d"] 19 | } -------------------------------------------------------------------------------- /rules/00184.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set camera preview texture", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/hardware/Camera;", 7 | "method": "setPreviewTexture", 8 | "descriptor": "(Landroid/graphics/SurfaceTexture;)V" 9 | }, 10 | { 11 | "class": "Ljava/lang/Object;", 12 | "method": "", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["camera"], 18 | "malware": ["4b65291d3453664b214cf2b0cfd0cd5d"] 19 | } -------------------------------------------------------------------------------- /rules/00185.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Start capturing camera preview frames to the screen", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/hardware/Camera;", 7 | "method": "startPreview", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Ljava/lang/Object;", 12 | "method": "", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["camera"], 18 | "malware": ["4b65291d3453664b214cf2b0cfd0cd5d"] 19 | } -------------------------------------------------------------------------------- /rules/00186.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Control camera to take picture", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/lang/Object;", 7 | "method": "", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Landroid/hardware/Camera;", 12 | "method": "takePicture", 13 | "descriptor": "(Landroid/hardware/Camera$ShutterCallback; Landroid/hardware/Camera$PictureCallback; Landroid/hardware/Camera$PictureCallback;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["camera"], 18 | "malware": ["4b65291d3453664b214cf2b0cfd0cd5d"] 19 | } -------------------------------------------------------------------------------- /rules/00187.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query a URI and check the result", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;" 9 | }, 10 | { 11 | "class": "Landroid/database/Cursor;", 12 | "method": "moveToNext", 13 | "descriptor": "()Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms", 20 | "calllog", 21 | "calendar" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00188.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the address of a SMS message", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 9 | "match_keywords":[ 10 | "sms" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndex", 16 | "descriptor": "(Ljava/lang/String;)I", 17 | "match_keywords":[ 18 | "address" 19 | ] 20 | } 21 | ], 22 | "score": 1, 23 | "label": ["sms"] 24 | } -------------------------------------------------------------------------------- /rules/00189.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the content of a SMS message", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 9 | "match_keywords":[ 10 | "sms" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndex", 16 | "descriptor": "(Ljava/lang/String;)I", 17 | "match_keywords":[ 18 | "body" 19 | ] 20 | } 21 | ], 22 | "score": 1, 23 | "label": ["sms"] 24 | } -------------------------------------------------------------------------------- /rules/00190.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query a URI and append the result into a string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;" 9 | }, 10 | { 11 | "class": "Ljava/lang/StringBuilder;", 12 | "method": "append", 13 | "descriptor": "(Ljava/lang/String;)Ljava/lang/StringBuilder;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection", 19 | "sms", 20 | "calllog", 21 | "calendar" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00191.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get messages in the SMS inbox", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;", 9 | "match_keywords":[ 10 | "sms/inbox" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndex", 16 | "descriptor": "(Ljava/lang/String;)I" 17 | } 18 | ], 19 | "score": 1, 20 | "label": ["sms"] 21 | } -------------------------------------------------------------------------------- /rules/00192.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get messages in the SMS inbox", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;", 9 | "match_keywords":[ 10 | "sms/inbox" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndexOrThrow", 16 | "descriptor": "(Ljava/lang/String;)I" 17 | } 18 | ], 19 | "score": 1, 20 | "label": ["sms"] 21 | } -------------------------------------------------------------------------------- /rules/00193.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Send a SMS message", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/telephony/SmsManager;", 7 | "method": "getDefault", 8 | "descriptor": "()Landroid/telephony/SmsManager;" 9 | }, 10 | { 11 | "class": "Landroid/telephony/SmsManager;", 12 | "method": "sendTextMessage", 13 | "descriptor": "(Ljava/lang/String; Ljava/lang/String; Ljava/lang/String; Landroid/app/PendingIntent; Landroid/app/PendingIntent;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["sms"] 18 | } -------------------------------------------------------------------------------- /rules/00194.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the audio source (MIC) and recorded file format", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "setAudioSource", 8 | "descriptor": "(I)V" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "setOutputFormat", 13 | "descriptor": "(I)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record"] 18 | } -------------------------------------------------------------------------------- /rules/00195.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the output path of the recorded file", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Ljava/io/File;", 7 | "method": "getAbsolutePath", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "setOutputFile", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record", "file"] 18 | } -------------------------------------------------------------------------------- /rules/00196.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the recorded file format and output path", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "setOutputFormat", 8 | "descriptor": "(I)V" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "setOutputFile", 13 | "descriptor": "(Ljava/lang/String;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record", "file"] 18 | } -------------------------------------------------------------------------------- /rules/00197.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Set the audio encoder and initialize the recorder", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "setAudioEncoder", 8 | "descriptor": "(I)V" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "prepare", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record"] 18 | } -------------------------------------------------------------------------------- /rules/00198.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Initialize the recorder and start recording", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "prepare", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "start", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record"] 18 | } -------------------------------------------------------------------------------- /rules/00199.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Stop recording and release recording resources", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/MediaRecorder;", 7 | "method": "stop", 8 | "descriptor": "()V" 9 | }, 10 | { 11 | "class": "Landroid/media/MediaRecorder;", 12 | "method": "release", 13 | "descriptor": "()V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["record"] 18 | } -------------------------------------------------------------------------------- /rules/00200.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query data from the contact list", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 9 | "match_keywords": [ 10 | "Phone" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndex", 16 | "descriptor": "(Ljava/lang/String;)I" 17 | } 18 | ], 19 | "score": 1, 20 | "label": [ 21 | "collection", 22 | "contact" 23 | ] 24 | } -------------------------------------------------------------------------------- /rules/00201.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Query data from the call log", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/ContentResolver;", 7 | "method": "query", 8 | "descriptor": "(Landroid/net/Uri; [Ljava/lang/String; Ljava/lang/String; [Ljava/lang/String; Ljava/lang/String;)Landroid/database/Cursor;", 9 | "match_keywords": [ 10 | "call_log" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/database/Cursor;", 15 | "method": "getColumnIndex", 16 | "descriptor": "(Ljava/lang/String;)I" 17 | } 18 | ], 19 | "score": 1, 20 | "label": [ 21 | "collection", 22 | "calllog" 23 | ] 24 | } -------------------------------------------------------------------------------- /rules/00202.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Make a phone call", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/content/Intent;", 7 | "method": "", 8 | "descriptor": "(Ljava/lang/String;)V", 9 | "match_keywords": [ 10 | "CALL" 11 | ] 12 | }, 13 | { 14 | "class": "Landroid/content/Intent;", 15 | "method": "setData", 16 | "descriptor": "(Landroid/net/Uri;)Landroid/content/Intent;" 17 | } 18 | ], 19 | "score": 1, 20 | "label": [ 21 | "control" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00203.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Put a phone number into an intent", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/net/Uri;", 7 | "method": "parse", 8 | "descriptor": "(Ljava/lang/String;)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/content/Intent;", 12 | "method": "setData", 13 | "descriptor": "(Landroid/net/Uri;)Landroid/content/Intent;", 14 | "match_keywords": [ 15 | "tel:" 16 | ] 17 | } 18 | ], 19 | "score": 1, 20 | "label": [ 21 | "control" 22 | ] 23 | } -------------------------------------------------------------------------------- /rules/00204.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get the default ringtone", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/RingtoneManager;", 7 | "method": "getDefaultUri", 8 | "descriptor": "(I)Landroid/net/Uri;" 9 | }, 10 | { 11 | "class": "Landroid/media/RingtoneManager;", 12 | "method": "getRingtone", 13 | "descriptor": "(Landroid/content/Context; Landroid/net/Uri;)Landroid/media/Ringtone;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "collection" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00205.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Simulate a touch gesture on the device screen", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/accessibilityservice/GestureDescription$Builder;", 7 | "method": "addStroke", 8 | "descriptor": "(Landroid/accessibilityservice/GestureDescription$StrokeDescription;)Landroid/accessibilityservice/GestureDescription$Builder;" 9 | }, 10 | { 11 | "class": "Landroid/accessibilityservice/GestureDescription$Builder;", 12 | "method": "build", 13 | "descriptor": "()Landroid/accessibilityservice/GestureDescription;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service", 19 | "control" 20 | ] 21 | } -------------------------------------------------------------------------------- /rules/00206.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the text of the view contains the given string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "getText", 8 | "descriptor": "()Ljava/lang/CharSequence;" 9 | }, 10 | { 11 | "class": "Ljava/lang/String;", 12 | "method": "contains", 13 | "descriptor": "(Ljava/lang/CharSequence;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00207.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Check if the resource name of the view contains the given string", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/view/accessibility/AccessibilityNodeInfo;", 7 | "method": "getViewIdResourceName", 8 | "descriptor": "()Ljava/lang/String;" 9 | }, 10 | { 11 | "class": "Ljava/lang/String;", 12 | "method": "contains", 13 | "descriptor": "(Ljava/lang/CharSequence;)Z" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [ 18 | "accessibility service" 19 | ] 20 | } -------------------------------------------------------------------------------- /rules/00208.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Capture the contents of the device screen", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/projection/MediaProjection;", 7 | "method": "createVirtualDisplay", 8 | "descriptor": "(Ljava/lang/String; I I I I Landroid/view/Surface; Landroid/hardware/display/VirtualDisplay$Callback; Landroid/os/Handler;)Landroid/hardware/display/VirtualDisplay;" 9 | }, 10 | { 11 | "class": "Landroid/media/projection/MediaProjection;", 12 | "method": "registerCallback", 13 | "descriptor": "(Landroid/media/projection/MediaProjection$Callback; Landroid/os/Handler;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["collection","screen"] 18 | } -------------------------------------------------------------------------------- /rules/00209.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Get pixels from the latest rendered image", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/ImageReader;", 7 | "method": "acquireLatestImage", 8 | "descriptor": "()Landroid/media/Image;" 9 | }, 10 | { 11 | "class": "Landroid/media/Image;", 12 | "method": "getPlanes", 13 | "descriptor": "()[Landroid/media/Image$Plane;" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["collection"] 18 | } -------------------------------------------------------------------------------- /rules/00210.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Copy pixels from the latest rendered image into a Bitmap", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "class": "Landroid/media/ImageReader;", 7 | "method": "acquireLatestImage", 8 | "descriptor": "()Landroid/media/Image;" 9 | }, 10 | { 11 | "class": "Landroid/graphics/Bitmap;", 12 | "method": "copyPixelsFromBuffer", 13 | "descriptor": "(Ljava/nio/Buffer;)V" 14 | } 15 | ], 16 | "score": 1, 17 | "label": ["collection"] 18 | } -------------------------------------------------------------------------------- /rules/00211.json: -------------------------------------------------------------------------------- 1 | { 2 | "crime": "Open an URL in Wevbiew", 3 | "permission": [], 4 | "api": [ 5 | { 6 | "descriptor": "(Ljava/lang/Object;)Lgnu/lists/Pair;", 7 | "class": "Lgnu/lists/LList;", 8 | "method": "list1" 9 | }, 10 | { 11 | "descriptor": "(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;", 12 | "class": "Lcom/google/youngandroid/runtime;", 13 | "method": "callComponentMethod" 14 | } 15 | ], 16 | "score": 1, 17 | "label": [] 18 | } 19 | 20 | --------------------------------------------------------------------------------