0
1
00:00:08,460 --> 00:00:15,710
So now we have a simple shopping list app obviously it's not Market ready but we just wanted to show
1

2
00:00:15,710 --> 00:00:20,540
a simple app that uses some of the main features in an app.
2

3
00:00:20,560 --> 00:00:28,030
Now let's imagine that the person creating this app has a malicious intent say for example they want
3

4
00:00:28,030 --> 00:00:35,950
to intercept incoming SMS messages and send them to their server so to do this we need to create a broadcast
4

5
00:00:35,950 --> 00:00:43,640
receiver. Think of a broadcast receiver as a service running in the background that listens to system
5

6
00:00:43,640 --> 00:00:52,320
wide events such as an SMS being received and the phone booting up so any app that wants to trigger
6

7
00:00:52,320 --> 00:01:01,070
an event upon seeing that a system wide event occurred has to implement a broadcast receiver let's create
7

8
00:01:01,070 --> 00:01:03,620
a new class called SMS receiver.
8

9
00:01:07,060 --> 00:01:18,290
Leave the default config for now OK this is a plain class let's make it extend broadcast receivers.
9

10
00:01:18,540 --> 00:01:26,990
This will give errors so alt and enter to fix the errors and you see that it creates a new method called
10

11
00:01:27,020 --> 00:01:33,590
on receive so for now this is a generic broadcast receiver.
11

12
00:01:33,740 --> 00:01:40,570
The first thing we need to do is determine what system wide event just occurred and we want to determine
12

13
00:01:40,630 --> 00:01:46,050
if it is sms received so to do this.
13

14
00:01:46,070 --> 00:01:59,510
Define a string called SMS received and set it to Android dot provider dot to left any dot SMS underscore
14

15
00:01:59,630 --> 00:02:10,700
received now first thing we're going to do is say if intent dot get action dot equals S M S received
15

16
00:02:11,740 --> 00:02:15,010
and then we want to do something OK.
16

17
00:02:15,020 --> 00:02:19,010
So here we see that we have an on receive event.
17

18
00:02:19,210 --> 00:02:28,640
This could be S M S received but it could also be other events so we are asking the system OK what is
18

19
00:02:28,640 --> 00:02:30,440
the event that just occurred.
19

20
00:02:30,440 --> 00:02:39,790
Is it s m s received? Yes then OK let's do this on the S M S received.
20

21
00:02:39,860 --> 00:02:47,570
Now again remember that as a developer you would just Google Android receive S M S programmatically
21

22
00:02:49,130 --> 00:02:56,490
first answer is usually Stack Overflow. Usually someone is asking a question then someone provides a
22

23
00:02:56,490 --> 00:03:00,610
correct answer find an example that looks right.
23

24
00:03:01,470 --> 00:03:07,850
And copy and paste the content and fix the issues.
24

25
00:03:07,880 --> 00:03:13,090
Now let's toast the message, toast means to alert the user.
25

26
00:03:13,670 --> 00:03:16,010
So show text in a pop up window.
26

27
00:03:17,240 --> 00:03:17,660
OK.
27

28
00:03:17,660 --> 00:03:19,200
So toast.
28

29
00:03:19,320 --> 00:03:19,950
Dot.
29

30
00:03:19,950 --> 00:03:21,630
Make text.
30

31
00:03:21,840 --> 00:03:27,770
Context the string to pass let's copy this from the log.
31

32
00:03:29,540 --> 00:03:31,640
Give the length of the toast.
32

33
00:03:31,760 --> 00:03:35,040
So how long to keep the message prompted.
33

34
00:03:35,180 --> 00:03:37,840
Then show.
34

35
00:03:37,930 --> 00:03:40,960
Now this is not going to work out of the box.
35

36
00:03:40,990 --> 00:03:44,260
This is for two reasons one.
36

37
00:03:44,310 --> 00:03:51,450
We need to define this broadcast in our manifest since this is an android component and two we need
37

38
00:03:51,450 --> 00:03:54,590
to add the permission of S.M.S receive to the app.
38

39
00:03:56,110 --> 00:04:06,000
Now to add a receiver just add receiver and Android name then add an intent filter and say Action.
39

40
00:04:06,610 --> 00:04:12,810
Android colon name equals Android dot provider.
40

41
00:04:12,990 --> 00:04:22,730
The telephony DOT SMS underscore received then we define the permission on top of the application.
41

42
00:04:24,340 --> 00:04:34,570
Just add uses permissions and find receive S M S then close the permission. OK.
42

43
00:04:34,580 --> 00:04:38,740
So without these the S M S receiving functionality will not work.
43

44
00:04:40,270 --> 00:04:42,190
Now as reverse engineers.
44

45
00:04:42,190 --> 00:04:44,410
This is great for us.
45

46
00:04:44,410 --> 00:04:51,010
Say we have the suspicion that an app is stealing received S M S  the first thing we need to do is
46

47
00:04:51,010 --> 00:04:58,380
go to the manifest and see if there is such a broadcast and if there is the S M S permission. If this
47

48
00:04:58,380 --> 00:05:03,780
is the case then we know that indeed the app is receiving S M S's.
48

49
00:05:03,780 --> 00:05:09,840
Then we would look into the defined broadcast receiver to see what the app is actually doing with the
49

50
00:05:09,840 --> 00:05:11,990
S M S's.
50

51
00:05:12,310 --> 00:05:16,400
We will be doing exactly this in the next section.
51

52
00:05:16,630 --> 00:05:26,300
OK so before we run since Android version 6 a new step was added when requesting dangerous permissions
52

53
00:05:27,780 --> 00:05:35,220
so inside our main activity we need to create a method that prompts the user to explicitly allow the
53

54
00:05:35,220 --> 00:05:42,820
permission at runtime so the first time the user runs the app they will be prompted to confirm that
54

55
00:05:42,820 --> 00:05:53,260
the app can receive S M S's, so to do this we will create a method called request permission. I'll just
55

56
00:05:53,260 --> 00:05:55,570
copy the text here.
56

57
00:05:55,570 --> 00:06:03,040
Again this is a very common operation so just Google how to request permission programmatically. Here you'll
57

58
00:06:03,040 --> 00:06:09,970
see that we're checking for the app version then we are checking if the permissions are already granted
58

59
00:06:11,160 --> 00:06:20,440
and if not we are requesting the permissions. OK so let's run the app, here we will be prompted to allow
59

60
00:06:20,440 --> 00:06:29,640
S M S receive now here there is this utility that allows us to emulate a number of operations such as
60

61
00:06:29,640 --> 00:06:41,140
the receipt of an SMS. So here we are emulating the receipt of an S M S so go to phone add the number
61

62
00:06:43,230 --> 00:06:54,380
add the text and click Send message and you will see the S M S being prompted. Obviously the malicious
62

63
00:06:54,380 --> 00:07:01,530
code will not want to prompt to the user but rather sent to a malicious server and this is what we will
63

64
00:07:01,530 --> 00:07:02,950
do in the next lesson.