Dynamic Analysis Using Logcat

Why

Android applications have the capability to write information to log files. Sometimes applications might write sensitive information to log file which other application's on the device can access.

As part of security assessments, it is important for us to obtain the logs and identify potential security issues.

What

Logcat is a command-line tool that dumps a log of system messages, including stack traces when the device throws an error and messages that an app write with the Log class. We will use Logcat which is part of ADB to obtain Android log and analyse it security issues.

How

  1. Run the following ADB command to print log messages to stdout as you browse through the target android application.

     $ adb logcat

  2. Refer following link to see options that could be used with adb logcat command: https://developer.android.com/studio/command-line/logcat

  3. As you browse the target application, check the logs to see if any sensitive information is being printed in plain text.

    Sensitive information in logs

results matching ""

    No results matching ""