The scala-appanalyzer is a tool for traffic collection for mobile applications for iOS, Android and AVDs (Android Emulators). It allows for plugin import to enable a wide range of functions.
Note: We are currently in the process of removing iOS as keeping up with iOS prooved too difficult as most of our plugins require root access.
| requirement | installation |
|---|---|
| python | recommended: python3 |
| mitmproxy | pip install mitmproxy |
| objection | pip install objection |
| node & npm | recommended: node 16 & npm 8 |
| frida | npm i -g frida |
| Appium | npm i -g appium |
| OpenJDK | Java 17 |
| scala | via package manager |
| sbt | via package manager |
| Postgres | via package manager |
| AndroidStudio with CLI-tools | via tar |
| libimobiledevice | via package manager |
You might have to install atob as well via npm i -g atob.
CommandLine tools can be installed in Android Studio under Settings -> SDK -> SDK Tools.
It is recommended to add the cli-tools, platform-tools and emulator to your path configuration for easier use.
This is done by adding
export PATH="$PATH:~/Android/Sdk/platform-tools"
export PATH="$PATH:~/Android/Sdk/emulator"
export PATH="$PATH:~/Android/Sdk/cmdline-tools/latest/bin"
to either your .bashrc or .profile.
You also have to export your ANDROID_HOME pointing to your SDK installation.
This can be done via export ANDROID_HOME="~/Android/Sdk".
We already provide an example configuration via example.config.json which can be renamed to config.json and then
adapted. Most values might already work for you but especially the db section as well as the paths to the executables
need to be checked and adapted.
As we depend on a postgres database you need to create a corresponding database and import the schema
provided under resources/schema.sql. Make sure to adapt the ./config.json according to your postgres setup,
i.e., ensure that port, ip, username, database name, and password are correct in the db section.
Note: We are currently changing the Appium integration as currently using Appium makes a measurement quite unstable. Thus we strongly recommend deactivating Appium in the config.json for now. This does not affect traffic measurements in any way, it just deactivates the ability to interact with app elements.
Make sure to install the correct driver for your device type.
- Android requires
UIAutomator2which can be installed viaappium driver install uiautomator2
As there are multiple viable options we have a dedicated Readme to set up the traffic interception.
We have a dedicated documentation on how to set up Android, Android Emulator, and iPhone.
The app analyzer uses a plugin structure and publicly available plugins can be added in the configuration in the plugin
section and managed via ./aa.sh plugin .... For further instructions read the plugin documentation.
You have installed all the dependencies, you have configured the appanalyzer, you have installed a plugin to perform a measurement. Great! You are ready to start measuring apps now.
The only thing remaining is to create a set of apps you want to measure and put them all into a single folder.
Then you can run ./aa.sh run <Platform> </Path/To/Apks/Folder> plugin <PluginName> and start the measurement.
It can be worth it to familiarize yourself with the configuration flags by using the available -h/--help flags for
each action.