Detection of ADB Status

ADB (Android Debug Bridge) is a means of communication between Android devices and computers. It allows a computer to connect to the device over USB or WiFi. A connected computer is able to send various commands and data to the device or extract data from it.

ADB is expected to be enabled on development devices but shouldn’t be enabled on devices of common users.

Malwarelytics for Android is able to detect when ADB is enabled on the device.

Configuration

This feature can be configured during the Malwarelytics initialization phase:

val raspConfig = RaspConfig.Builder()
    .adb(DetectionConfig)
    // configuration of other RASP features
    .build()

Available values of DetectionConfig:

Value Description
NoAction indicates that ADB will not be automatically detected. A manual check is still possible.
Notify indicates that ADB will be automatically detected and observers will be notified.
Exit(
exitUrl:String?)
indicates that ADB will be automatically detected and the app will be terminated when an ADB is automatically detected.

ADB detection defaults to DetectionConfig.Notify.

List of available parameters for some config values:

Parameter Description
exitUrl:String? defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to null.

Usage

After initialization, the ADB status check feature can be accessed via RaspManager. This can be used to register an observer or to trigger a manual ADB status check.

Registering an Observer

ADB status check can trigger a certain action. To achieve that, an observer needs to be configured and registered.

Observer configuration:

val raspObserver = object : RaspObserver {
    override fun onAdbStatusDetected(adbStatus: Boolean) {
        // handle ADB status detection
    }
    // handle detection of other RASP features
}

The observer can be registered in RaspManager. When it is no longer needed, it can be unregistered again.

raspManager.registerRaspObserver(raspObserver)
raspManager.unregisterRaspObserver(raspObserver)

Triggering a Manual Check

ADB status check can be triggered manually in RaspManager by calling the isAdbEnabled() method. A simple boolean answer is given.

val isAdbEnabled = raspManager.isAdbEnabled()

More information on general RASP feature configuration and usage can be found in this overview.

Last updated on Mar 25, 2024 (21:22) View product
Search

1.2.x

Malwarelytics for Android