Making automatic calls from Android

Screen Shot 2013-10-24 at 11.52.01 PMSo apparently Android lets your app make outbound phone calls in multiple ways (as always), the most basic ones are either via activity with android.intent.action.CALL intent, which pulls up the dialer and fires off a phone call, or via library call. Both normally require android.permission.CALL_PHONE, unless you figure out a way to dodge the permission checks, but the former is harder to detect. While you can simply grep for the ITelephony case, the other one – action called with an intent – requires some control flow tracing, which gets messy fast. Of course, both can be obfuscated, but that is a different can of worms for another day.

Bottom line – every piece of information extracted from an Android APK carries some value – intents, activities, library calls, anything – because only the careful juxtaposition of all these types of facts lets us judge one way or another about an app.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s