su-vikas / conbeerlib Goto Github PK
View Code? Open in Web Editor NEWAndroid library for detecting Android virtual containers.
License: MIT License
Android library for detecting Android virtual containers.
License: MIT License
We are using JobScheduler in our app and it seems it's flagged as a container service:
com.google.android.datatransport.runtime.scheduling.jobscheduling.JobInfoSchedulerService
I know we can add it to the list of appServices
but it seems like something that should be ignored by default.
Here:
Since it's running and I didn't add it to appServices, then it falsely thinks we are running a container.
Getting what I think is a false positive with the checkProcMaps
method.
It states:
/**
* /proc/self/maps should not have libraries or APK from other /data/app and /data/data folders,
* other than the one of the app's.
* Example:
* Dr.Clone: /data/app/com.trendmicro.tmas-nX-nxxGWSIQ3FOKGnz-Xbg==/lib/arm/libnativehook.so
* /data/app/com.trendmicro.tmas-nX-nxxGWSIQ3FOKGnz-Xbg==/lib/arm/libsubstrate.so
* Parallel Space:
* /data/app/com.lbe.parallel.intl-bp5H8cQ_sHHz72STgLNWfg==/lib/arm/libdaclient_64.so
*
* @return True, if virtual container detected
*/
I added this log:
// Check paths does not contain files from other /data/data and /data/app locations
for (String p : paths) {
if (p.startsWith("/data/app") || p.startsWith("/data/data")) {
if (!p.contains(packageName)) {
Log.d("MK", "XXX PROC: " + p);
isContainer = true;
break;
}
}
}
However when I run the check at startup for our app, its saying its running in a container because this file exists:
2021-06-15 08:58:01.258 D/MK: XXX PROC: /data/app/com.google.android.gms-prf32SOG9-vEd5NdflrfHA==/split_config.en.apk
Interestingly it only seems to happen every other app load as well, not every time.
We use the AAB format and have a split APK, so it looks like that's not supported perhaps?
intent.setPackage("com.container.com.suvikas.conware");
This is the package you use when attempting to start the broadcast receiver. Is this a typo or correct? Does it have something to do with running in a container?
(Usually optional) Set an explicit application package name that limits the components this Intent will resolve to. If left to the default value of null, all components in all applications will considered. If non-null, the Intent can only match the components in the given application package.
It seems from the code, you want this broadcast to be received and that's how you show it's not a container. But with the above package name, isn't it always going to fail? (and thus think it's a container when its not)
checkProcMaps: Suspicious file: /data/app/org.meowcat.edxposed.manager-qkLtyHZpTcGEgfFOW6B7BA==/base.apk]
is tagged as a virtual container
Pre-context:
I have Island app installed as a work profile
I have a sample app in which I tried to follow your lib checks reports its running in a container( its currently installed in my regular user space)
The checks return true when I have a virtualized guest app variant of my sample in the work profile.
is there some details on how this is calculated wrt to proc maps
given my check is from the host machine and not the virtual container it should be false
But it picks up on EdXposed installed
tried Parallel space as well , due to rooted device and xposed installed, this check as a signal is always true
any piece of advice
My goal is to detect my sensitive app when it runs in the wild running on emulators/virtual containers
https://github.com/su-vikas/conbeerlib/blob/master/conbeerlib/src/main/AndroidManifest.xml#L8
The code above will always return true
for isContainer
because the BroadcastReceiver in the Manifest is disabled.
or am I missing something?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.