Android隐私合规检测
随着国内渠道市场对APP规范越来越严格,在我们APP上线前需要做好隐私协议以及权限检查。由于项目中可能接入了第三方SDK,由于第三方SDK在初始化的时候可能会调用设备的隐私信息,因此检查合规非常的重要。
一般情况下在用户使用APP的时候,只有选中了隐私协议之后,才能调取隐私信息。现在一些第三方SDK已经做了处理,比如:友盟SDK添加了预初始化,在预初始化的时候不会调取隐私信息。
检测网站https://jingshuan.com.cn/
一,安装虚拟系统
1,使用VirtualXposed在手机上装了一下虚拟系统,这里可以直接安装VirtualXposed.apk就可以
https://github.com/android-hacker/VirtualXposed
2,编写Xposed模块
①,创建一个项目,引入compileOnly 'de.robv.android.xposed:api:82'
②,在清单文件中加入以下代码
<meta-data
android:name="xposedmodule"
android:value="true" />
<meta-data
android:name="xposeddescription"
android:value="模块描述" />
<meta-data
android:name="xposedminversion"
android:value="82" />
③,创建一个类XModule,在XModule可以添加需要检测的内容。
public class XModule implements IXposedHookLoadPackage {
private static final String TAG = "XModule";
public void handleLoadPackage(XC_LoadPackage.LoadPackageParam lpparam) {
if (lpparam == null) {
return;
}
Log.e(TAG, "Load app packageName:" + lpparam.packageName);
XposedHelpers.findAndHookMethod(
android.telephony.TelephonyManager.class.getName(), // 需要hook的方法所在类的完整类名
lpparam.classLoader, // 类加载器,固定这么写就行了
"getDeviceId", // 需要hook的方法名
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getDeviceId()获取了imei");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
android.telephony.TelephonyManager.class.getName(),
lpparam.classLoader,
"getDeviceId",
int.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getDeviceId(int)获取了imei");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
"com.android.internal.telephony.PhoneSubInfo",
lpparam.classLoader,
"getDeviceId",
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用PhoneSubInfo的getDeviceId()获取了imei");
}
}
);
XposedHelpers.findAndHookMethod(
android.telephony.TelephonyManager.class.getName(),
lpparam.classLoader,
"getSubscriberId",
int.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getSubscriberId获取了imsi");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
android.net.wifi.WifiInfo.class.getName(),
lpparam.classLoader,
"getMacAddress",
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getMacAddress()获取了mac地址");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
java.net.NetworkInterface.class.getName(),
lpparam.classLoader,
"getHardwareAddress",
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getHardwareAddress()获取了mac地址");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
XposedHelpers.findAndHookMethod(
LocationManager.class.getName(),
lpparam.classLoader,
"getLastKnownLocation",
String.class,
new XC_MethodHook() {
@Override
protected void beforeHookedMethod(MethodHookParam param) {
XposedBridge.log("调用getLastKnownLocation获取了GPS地址");
}
@Override
protected void afterHookedMethod(MethodHookParam param) throws Throwable {
XposedBridge.log(getMethodStack());
super.afterHookedMethod(param);
}
}
);
}
private String getMethodStack() {
StackTraceElement[] stackTraceElements = Thread.currentThread().getStackTrace();
StringBuilder stringBuilder = new StringBuilder();
for (StackTraceElement temp : stackTraceElements) {
stringBuilder.append(temp.toString() + "\n");
}
return stringBuilder.toString();
}
④,在assets中创建文件xposed_init,并且在文件中加入XModule类对应的路径,如:“com.example.xposed_demo.XModule”
⑤,运行此项目,准备工作完成。
二,使用方法
1,打开VirtualXposed.apk上滑,点击Xposed Installer
2,进入后会显示激活成功
添加Xposed模块App,和需要检测的APP
3,勾选模块,这里的模块就是编写的Xposed模块
4,点击重启设备
5,打开Xposed模块APP,然后再打开需要测试的APP(打开后等待一会)。
6,查看日志,就可以看到相关的调用
