APK Permission Analyzer
A web-based static analysis tool that inspects Android APK files and evaluates their security risk based on the permissions declared in the AndroidManifest.xml.
The APK is never installed or executed. All analysis is static and performed using official Android SDK tooling.
How The Analysis Works
- The user uploads an APK file
- Django stores the APK in a temporary location
- Android SDK tool aapt extracts manifest data
- Permissions are parsed on the server
- A deterministic risk model assigns weighted values
- The final score is normalized and displayed
- No dynamic execution, emulation, or decompilation is performed.
Security Risk Scoring Model
Permissions are grouped by sensitivity:
Low impact permissions Examples: Bluetooth, Wake Lock, Foreground Service
Medium impact permissions Examples: Network access, Boot completed, Billing
Sensitive permissions Examples: Microphone, Camera, Location
Critical permissions Examples: SMS access, Package installation
Technology Used
Backend: Django (Python)
Android Analysis: Android SDK Build Tools (aapt)
Frontend: HTML,CSS
Setup Steps
-
Clone the repository
-
Create and activate a virtual environment
- python -m venv .venv
- source .venv/bin/activate
-
Install dependencies
- pip install django
-
Install Android build tools
- sdkmanager "build-tools;34.0.0"
-
Verify aapt is available
- which aapt
-
Run the development server
- python manage.py runserver
- Open the app in your browser https://127.0.0.1:8000/