Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] modifying Android packages

An article illustrating how the SwiftKey APK (package) could be hacked
to include a key logger:

  Android apps are coded in Java and compiled to byte code that is run
  on the Dalvik VM and this byte code is not that hard to edit and
  insert back into an APK.

  ...anyone who sideloads a dodgy copy of a Android keyboard is taking a
  serious risk of a keylogger being inserted and people tracking all
  their passwords, Google searches and Credit Card numbers. In this
  post, I'll show you how to do exactly that with apktool and Swiftkey
  from start to finish, all you need is a basic knowledge of Java and

It doesn't seem all that surprising that this can be done. It's akin to
modifying a Debian package and when you install it, acknowledging that
the package is ether unsigned or signed by an unknown key. Shouldn't be
surprising at all that if you get an APK from some untrusted source,
that it is technically possible for it to be a modified version.


Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile:

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /