Harmless “malware” for Android (training only!)¶

This example uses harmless behaviours to simulate shady Android activity, using freely available tools and code.

Tools you’ll need¶

• Android Studio (Windows, macOS, Linux)

• Test phone or Android Emulator (built into Android Studio)

• APKTool (optional for dissection exercises)

What it simulates¶

• Accessing files it shouldn’t

• Background network activity

• Abusing permissions

• Creating suspicious logs

How to build it¶

1. Open Android Studio

2. Create a new project (Empty Activity)

3. Call it FakeMalwareDemo

4. In MainActivity.java (or .kt), add the following suspicious-but-safe behaviours:

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);

    // Fake data snooping
    File file = new File(getExternalFilesDir(null), "leaked_data.txt");
    try {
        FileOutputStream fos = new FileOutputStream(file);
        fos.write("FAKE user data".getBytes());
        fos.close();
    } catch (IOException e) {
        e.printStackTrace();
    }

    // Simulate suspicious network request
    new Thread(() -> {
        try {
            URL url = new URL("http://malicious.example.com/ping");
            HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
            urlConnection.setRequestMethod("GET");
            int code = urlConnection.getResponseCode();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }).start();
}

5. Build and run on emulator or test phone

6. Observe logcat output and file writes

Detection practice¶

• Look in logcat for network and file access activity

• Use adb shell to inspect written files (/data/data/your.app.package/)

• Use Android’s built-in Permission Manager to spot overreach

• Practice using MobSF or apktool to analyse the app

Do not forget to remove it. It is harmless, but still …