In this post I’ll discuss how legitimate and powerful tools like Android Debug Bridge (ADB) can be misused for unintended purposes to attack mobile apps and commit mobile fraud.
What is Android Debug Bridge (ADB)?
Android Debug Bridge (ADB) is a very powerful and versatile Android command-line utility that enables developers to communicate with and manage an Android device or app. ADB is part of the Android SDK. The tool facilitates a variety of actions, such as installing and debugging apps and controlling apps remotely. ADB works by enabling access to a Unix shell that can be used to run a variety of commands on a target device or Android app. ADB includes the following components:
- client, which can be invoked from a command-line terminal and used to issue a wide range of commands.
- daemon (adbd), which runs as a background process on an Android device and runs/executes commands issued by the client.
- server, which also runs as a background process on an Android device and manages communication between the client and the daemon.
What’s needed to run ADB?
In order to run ADB on an Android device, you need to enable Developer Options and USB Debugging. Once connected to the device (either remotely or via USB), fraudsters can run commands via the command line prompt or run a shell script remotely on an Android device. By doing so they can all sorts of valuable information and even change the behavior or apps at runtime.
Who uses (ADB)?
Mobile developers use ADB when they are developing, testing, and troubleshooting apps, all for legitimate reasons. It’s an important Android tool used to connect with Android apps/devices remotely, execute commands remotely, install or extract apps, etc. In short, ADB is a very useful and important tool used by Android developers every day when they build Android apps.
However, like with most development tools, ADB can also be misused by people acting with bad intent, and used for unintended purposes.
When misused, ADB can be used against Android apps in abusive ways, for instance, to take control over a target app, to run and execute commands remotely. And what’s even better, because ADB runs on mobile devices as a ‘background process’, cyber-criminals can usually operate ADB clandestinely – without anyone or anything detecting their activity.
Top Ways ADB Can Be Misused
Runtime analysis tools have always been useful to cyber-criminals for reverse engineering and dynamic analysis during runtime. Tools like ADB are very versatile and can be used for passive functions like monitoring activities on the device or logging keystrokes to very active operations like disassembling/decompiling, extracting application contents, or injecting keystrokes dynamically to change an app’s behavior or control actions remotely).
Here are the top ways Android ADB is misused for unintended purposes to abuse Android apps (sometimes alone or in combination with other tools like Frida or JDB):
- Extract application data saved in the sandbox
- Attach to running processes, trace, and modify application memory
- Perform function or method hooking to change app behavior dynamically
- Establish a remote shell on a device and inject code remotely
- Simulate human interaction (such as keystrokes and taps), which can be used to hijack or control mobile applications and create automated flows in the UI. This type of malicious activity can also be used to conduct credential stuffing attacks, sneaker bot attacks, or to create and control botnet networks remotely.
- Change the application’s logic or control flows as it executes operations
- Bypass security protections (disable tamper protection or bypass a Rooting detection library)
- Extract wifi passwords of a connected network
- Monitor activity of apps running on the end-user’s device (cybercriminals use this information to create specially crafted malware to exploit/abuse apps that they know are running on users’ devices).
- Gather recon info about device and configuration (kernel, battery, memory dump, running processes, installed apps, running services, etc)
- Combine with other free tools such as Frida or Java Debugger (JDB) to extract, read and alter data while the app is running
Recommendations to Mobile App Developers
However, like with most development tools, ADB can also be used for unintended purposes. It’s important to build protections into mobile apps to prevent misuse of otherwise legitimate tools like ADB.
The best defense against mobile fraud is to prevent it from occurring in the first place. Appdome’s No Code Mobile Fraud Prevention offers developers, publishers, studios and financial institutions an easy way to stop mobile fraud at the source. Using Appdome’s no-code technology, developers or fraud specialists can build pre-emptive and defensive protections into any mobile app in minutes, which equips the app with the intelligence it needs to prevent fraud from occurring.
If you want to learn more about how Appdome is used to prevent mobile fraud, and to prevent exploitation and misuse of legitimate app/OS functionality and development tools, request a demo today.