QARK (short for Quick Android Review Kit) is another interesting tool. This is a command line tool and performs static analysis of Android apps by decompiling the APK files using various tools and then analyzing the source code for specific patterns.
QARK has been developed by LinkedIn's in house security team and can be downloaded from the following link:
https://github.com/linkedin/qarkInstructions to setup QARK have been shown in Chapter 1, Setting Up the Lab. Let's see how QARK can be used to perform static analysis of Android apps.
QARK works in the following modes:
Interactive mode
Seamless mode
We can launch the QARK tool in interactive mode using the following command:
python qark.py
Running the previous command will launch QARK in interactive mode as shown in the following figure:
As we can see in the preceding figure, we can use QARK to analyze the APK files as well as the source code. Let's go with the APK file by choosing 1 and then we need to select the...