hvnsweeting · May 9, 2025 14:15
diff --git a/androidleak.py b/androidleak.py
 """
 Detects if given android app knows what apps you use.

 https://peabee.substack.com/p/everyone-knows-what-apps-you-use


 Tested on Ubuntu 22.04
 Requirements:

 sudo apt install -y appt
 pip install --upgrade pip; pip install playwright ; playwright install

 TODO, PROMPT:

 - Get list of top app on Google Play Store , e.g in Vietnam
 - Run this check for each of them, could implement as a test return true/false
 - Create a table show the result
 - Save the test result as history
 """

 import shutil
 import tempfile
 import os
 from playwright.sync_api import sync_playwright

 import argparse

 KISS_APK = "https://d.apkpure.com/b/APK/fr.neamar.kiss?version=latest"
 argp = argparse.ArgumentParser()
 argp.add_argument("--url", "-u", required=False, default=KISS_APK)
 args = argp.parse_args()

 playwright = sync_playwright().start()
 # Use playwright.chromium, playwright.firefox or playwright.webkit
 # Pass headless=False to launch() to see the browser UI
 # url = "https://d.apkpure.com/b/XAPK/com.grabtaxi.driver2?version=latest"
 # browser = playwright.chromium.launch(headless=False, slow_mo=50)
 url = args.url
 browser = playwright.chromium.launch(headless=False)
 page = browser.new_page()
 with page.expect_download() as download_info:
    try:
        page.goto(url)
        print(page)
    except Exception:
        pass
    # page.screenshot(path="example.png")
 download = download_info.value
 download_filepath = download.path()
 print(download_filepath)


 d = tempfile.mkdtemp()

 os.chdir(d)
 os.system(f"cp {download_filepath} file.zip")

 import subprocess

 output = b""
 if download.suggested_filename.endswith(".xapk"):
    os.system("unzip " + str(download_filepath))
    for fn in os.listdir():
        if fn.endswith(".apk"):
            output += subprocess.run(
                f"aapt d xmltree {fn} AndroidManifest.xml | grep  action.MAIN -B2",
                shell=True,
                capture_output=True,
            ).stdout

 else:
    output = subprocess.run(
        f"aapt d xmltree {download_filepath} AndroidManifest.xml | grep  action.MAIN -B2",
        capture_output=True,
        shell=True,
    ).stdout

 shutil.rmtree(d)

 if output:
    print(output.decode("utf-8"))
    print("This app knows what app installed on your phone")
 else:
    print("This app seems safe")
 # os.system("unzip " + str(download_filepath))
 # browser.close()
 # playwright.stop()
	"""
	Detects if given android app knows what apps you use.

	https://peabee.substack.com/p/everyone-knows-what-apps-you-use


	Tested on Ubuntu 22.04
	Requirements:

	sudo apt install -y appt
	pip install --upgrade pip; pip install playwright ; playwright install

	TODO, PROMPT:

	- Get list of top app on Google Play Store , e.g in Vietnam
	- Run this check for each of them, could implement as a test return true/false
	- Create a table show the result
	- Save the test result as history
	"""

	import shutil
	import tempfile
	import os
	from playwright.sync_api import sync_playwright

	import argparse

	KISS_APK = "https://d.apkpure.com/b/APK/fr.neamar.kiss?version=latest"
	argp = argparse.ArgumentParser()
	argp.add_argument("--url", "-u", required=False, default=KISS_APK)
	args = argp.parse_args()

	playwright = sync_playwright().start()
	# Use playwright.chromium, playwright.firefox or playwright.webkit
	# Pass headless=False to launch() to see the browser UI
	# url = "https://d.apkpure.com/b/XAPK/com.grabtaxi.driver2?version=latest"
	# browser = playwright.chromium.launch(headless=False, slow_mo=50)
	url = args.url
	browser = playwright.chromium.launch(headless=False)
	page = browser.new_page()
	with page.expect_download() as download_info:
	try:
	page.goto(url)
	print(page)
	except Exception:
	pass
	# page.screenshot(path="example.png")
	download = download_info.value
	download_filepath = download.path()
	print(download_filepath)


	d = tempfile.mkdtemp()

	os.chdir(d)
	os.system(f"cp {download_filepath} file.zip")

	import subprocess

	output = b""
	if download.suggested_filename.endswith(".xapk"):
	os.system("unzip " + str(download_filepath))
	for fn in os.listdir():
	if fn.endswith(".apk"):
	output += subprocess.run(
	f"aapt d xmltree {fn} AndroidManifest.xml \| grep action.MAIN -B2",
	shell=True,
	capture_output=True,
	).stdout

	else:
	output = subprocess.run(
	f"aapt d xmltree {download_filepath} AndroidManifest.xml \| grep action.MAIN -B2",
	capture_output=True,
	shell=True,
	).stdout

	shutil.rmtree(d)

	if output:
	print(output.decode("utf-8"))
	print("This app knows what app installed on your phone")
	else:
	print("This app seems safe")
	# os.system("unzip " + str(download_filepath))
	# browser.close()
	# playwright.stop()