f4bf3f362b
* - modified help message string storage and referencing for consistency - grammar correction to docs/android/download_apks.md - changed ios backup help message from a format string that would reference and explicitly print the environment variable, to printing the name of the environment variable itself * Fix formatting for help message refactor --------- Co-authored-by: jazzy0verflow <hi@ra0x1duk3.mozmail.com> Co-authored-by: kh0rvus <50286871+kh0rvus@users.noreply.github.com>
1.5 KiB
Downloading APKs from an Android phone
MVT allows you to attempt to download all available installed packages (APKs) from a device in order to further inspect them and potentially identify any which might be malicious in nature.
You can do so by launching the following command:
mvt-android download-apks --output /path/to/folder
It might take several minutes to complete.
!!! info MVT will likely warn you it was unable to download certain installed packages. There is no reason to be alarmed: this is typically expected behavior when MVT attempts to download a system package it has no privileges to access.
Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on VirusTotal. While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones:
MVT_VT_API_KEY=<key> mvt-android download-apks --output /path/to/folder --virustotal
Please note that in order to use VirusTotal lookups you are required to provide your own API key through the MVT_VT_API_KEY environment variable. You should also note that VirusTotal enforces strict API usage. Be mindful that MVT might consume your hourly search quota.
In case you have a previous extraction of APKs you want to later check against VirusTotal, you can do so with the following arguments:
MVT_VT_API_KEY=<key> mvt-android download-apks --from-file /path/to/folder/apks.json --virustotal