In this post I’ll discuss how legitimate and powerful tools like Android Debug Bridge (ADB) can be misused for unintended purposes to attack mobile apps and commit mobile fraud.
What is Android Debug Bridge (ADB)?
Android Debug Bridge (ADB) is a very powerful and versatile Android command-line utility that enables developers to communicate with and manage an Android device or app. ADB is part of the Android SDK. ADB works by enabling access to a Unix shell that can be used to run a variety of commands on a target device or Android app. ADB includes the following components:
- client, which can be invoked from a command-line terminal and used to issue a wide range of commands.
- daemon (adbd), which runs as a background process on an Android device and runs/executes commands issued by the client.
- server, which also runs as a background process on an Android device and manages communication between the client and the daemon.
What’s needed to run ADB?
In order to run ADB on an Android device, you need to enable Developer Options and USB Debugging. Once connected to the device (either remotely or via USB), fraudsters can run commands via the command line prompt or run a shell script remotely on an Android device in order to extract data.
Who uses (ADB)?
Mobile developers use ADB when they are developing, testing, and troubleshooting apps, all for legitimate reasons. It’s an important Android tool used to connect with Android apps/devices remotely, execute commands remotely, install or extract apps, etc.
However, ADB can also be misused by people acting with bad intent and used for unintended purposes.
Top Ways ADB Can Be Misused
Here are the top ways Android ADB is misused for unintended purposes to abuse Android apps (sometimes alone or in combination with other tools like Frida or JDB):
- Extract application data saved in the sandbox
- Attach to running processes, trace, and modify application memory
- Perform function or method hooking to change app behavior dynamically
- Establish a remote shell on a device and inject code remotely
- Simulate human interaction (such as keystrokes and taps), which can be used to hijack or control mobile applications and create automated flows in the UI. This type of malicious activity can also be used to conduct credential stuffing attacks, sneaker bot attacks, or to create and control botnet networks remotely.
- Bypass security protections (disable tamper protection or bypass a Rooting detection library)
- Extract wifi passwords of a connected network
- Monitor activity of apps running on the end-user device (cybercriminals can use this information to create specially crafted malware to exploit/abuse apps that they know are running on users’ devices).
- Gather recon info about device and configuration (kernel, battery, memory dump, running processes, installed apps, running services, etc)
- If used with other tools such as Frida or Java Debugger (JDB) you can also extract, read and alter data or the app while the app is running
Recommendations to Mobile App Developers
In summary, ADB is a very useful and important tool used by Android developers every day when they build Android apps. However, ADB can also be used for unintended purposes. It’s important to build protections into mobile apps to prevent misuse of otherwise legitimate tools like ADB.
The best defense against mobile fraud is to prevent it from occurring in the first place. Appdome’s No Code Mobile Fraud Prevention offers developers, publishers, studios and financial institutions an easy way to stop mobile fraud at the source. Using Appdome’s no-code technology, developers or fraud specialists can build pre-emptive and defensive protections into any mobile app in minutes, which equips the app with the intelligence it needs to prevent fraud from occurring.
If you want to learn more about how Appdome is used to prevent mobile fraud, and to prevent exploitation and misuse of legitimate app/OS functionality and development tools, request a demo today.