parsing APK crashes if targetSdkVersion is set to a string value
eighthave opened this issue · comments
Describe what you wanted to do
Inspect these APKs:
https://github.com/googlesamples/android-testdpc/releases/download/6.0.0-preview/TestDPC_6000.apk
https://github.com/googlesamples/android-testdpc/releases/download/5.0.0-preview/TestDPC_5000.apk
https://github.com/googlesamples/android-testdpc/releases/download/v3.0.2/TestDPC_N_3002.apk
https://github.com/googlesamples/android-testdpc/releases/download/v3.0.3/TestDPC_N_3003.apk
https://github.com/googlesamples/android-testdpc/releases/download/5.0.1-preview/TestDPC_5001.apk
Describe what you expected
This should work:
from androguard.core.apk import APK
apk = APK('TestDPC_6000.apk')
Describe what actually happened
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.9/dist-packages/androguard/core/apk/__init__.py", line 294, in __init__
self._apk_analysis()
File "/usr/local/lib/python3.9/dist-packages/androguard/core/apk/__init__.py", line 371, in _apk_analysis
self.permission_module = androconf.load_api_specific_resource_module(
File "/usr/local/lib/python3.9/dist-packages/androguard/core/androconf.py", line 261, in load_api_specific_resource_module
ret = loader[resource_name](api)
File "/usr/local/lib/python3.9/dist-packages/androguard/core/api_specific_resources/__init__.py", line 36, in load_permissions
apilevel = int(apilevel)
ValueError: invalid literal for int() with base 10: 'Q'
System Information
- Androguard Version: 4.1.1 and 3.4.0~a2
- Python Version: 3.11.2
- Operating System: Debian
Hmm, makes me think about #1026 too. Seems like on both cases, androguard should do what the Android OS does when parsing these. That might mean just ignoring targetSdkVersion
or maybe returning a default value?
Hi @eighthave, Android internally makes the conversion as defined here.
It would be nice to have it and it seems easy to be implemented.
Will add a flag to it, so I can get back to it in the future or if someone else wants to pick it up.
I don't think Build.java is where this parsing behavior is defined, or at least I can't see anything related there. Looks like here is the parsing:
- https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android14-release/core/java/android/content/pm/PackageParser.java#2201
- https://android.googlesource.com/platform/frameworks/base/+/refs/heads/android14-release/core/java/android/content/pm/PackageParser.java#2588
And the crazy thing is that it looks like the parser there supports using a string there! APK formats are always full of surprises. The documentation says this field is "an integer":
https://developer.android.com/guide/topics/manifest/uses-sdk-element#target
Hi @eighthave, I was not clear enough thus the confusion.
I meant that the string/int values are described in the build.java file. As you correctly pointed out the computeTargetSdkVersion method helps with this "translation" and if you notice closely you will see how the build.java is being used (Although PackageParser is deprecated the exact same things apply for ParsingPackageUtils.java).
Indeed you are right, the developer documentation from Android states it as an integer, presumably because eventually it is converted to one. I can agree that the documentation can be improved.
Right, I see what you mean, Build
is used in translating the string value to the right integer. I just found the table that's used, the crazy thing is that it is read from the System Properties: