Image for post
Image for post

The Android operating system allows for the ability to keep certain types of hardware awake through software. One of the most desired features of this is for keeping the screen on. However, often times an application may need to perform a long running task in the background of the phone. For this, Android provides you with something called a wake lock. A wake lock is a feature specific to Android that is provided through something called a power manager. The power manager is a system service that allows you the ability to keep the processor running. …


Image for post
Image for post

Persistent background services require the service to be re-started after a device reboots. However, in order to achieve this persistence an application must be ran once. This is when the developer has the ability to let the operating system know that there is a service that needs to be started outside of the context of it’s UI application. The reason being is that once the device is rebooted it will use a broadcast receiver to handle its’ initialization.

The way you start a background service on Android at boot is with an Android component called a broadcast receiver. A broadcast…


Image for post
Image for post

The accessibility services for Android is a feature that is provided to all applications that declare it in their Android manifest file and subclass AcessibilityService from within the Android API. Within its’ declaration inside of the manifest.xml file is where its’ configuration file’s location for the accessibility service is also declared. This configuration file needs to be located in the /res directory. This XML configuration file allows you to specify the types of events you would like to subscribe to. This file acts as a filter for accessibility events which we will discuss shortly. …


Image for post
Image for post
Heuristic analysis is a method employed by many computer antivirus programs designed to detect previously unknown computer viruses, as well as new variants of viruses already in the “wild”. — wikipedia"Android anti-virus products lack the ability to analyze applications beyond the manifest.xml file’s declared permissions and whether it has a process running or not." — Chris Basinger

Heuristic Evasion

Heuristic evasion on Android is more about avoiding sand-boxing. In its’ simplest form a sandbox environment in mobile is nothing more than an emulator or a virtual machine as most people know it. This allows a cyber security analyst or whomever to…

Chris Basinger

I create open-source Android libraries.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store