Skimmer — Android Library

The accessibility services for Android is a feature that is provided to all applications that declare it in their Android manifest file and subclass AcessibilityService from within the Android API. Within its’ declaration inside of the manifest.xml file is where its’ configuration file’s location for the accessibility service is also declared. This configuration file needs to be located in the /res directory. This XML configuration file allows you to specify the types of events you would like to subscribe to. This file acts as a filter for accessibility events which we will discuss shortly. There are many types of events but we will only be focusing on three of them.

- AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED
- AccessibilityEvent.CONTENT_CHANGE_TYPE_TEXT
-
AccessibilityEvent.TYPE_VIEW_CLICKED

These three event types are the only ones that we are concerned with. The first two are used to log keystrokes from the user. The third is for logging the text inside of a view that is clicked. For example, whenever you click on the calculator app in the launcher, it will show [calculator] because that is the text inside of the view that was clicked. Another examplle would be pressing a sign-in button and then logging the text [sign-in]

You can observe these events as they happen by overriding the onAccessibilityEvent(event: AccessibilityEvent) method inside of your AccessibilityService’s subclass. This method is invoked every time an event is triggered. It is up to you to implement the logic that decides whether it is an event that you would like to handle. Every AccessibilityEvent object has a property named text. This is where the information that you are interested in is located. Once you have this information there is only one constant. Anytime you have a keylogger, you obviously need to do something with it. This leaves you with the option of performing two different types of transactions. One of which is a network transaction for storing it in a database server. The other type of transaction would be storing it in a database locally on the device. of either performing a network transaction such as sending the data up to a server or performing a database transaction to store this data locally in a SQLite database on the device. Both of these types of transactions have one thing in common. The transaction needs to be performed off of the main thread.

You must send the user to the accessibility services settings page at run time in order to gain access to this service for your application.

The accessibility services settings follows a master-detail design. It makes it hard for the developer as the user must first select your app without the ability to provide a hint. Upon selecting your app in the list, the user is then taken to a screen specific for your app where the toggle is located for enabling the service. This makes it especially difficult to attain this feature in your app.

After learning that all keyloggers must perform a transaction off the main thread, I discovered a way to make Android keyloggers modular and re-usable. This allowed me to created a library for you called Skimmer.