Binary Protections

Java and Kotlin are strictly typed programming languages, and in most cases are immune to memory corruption vulnerabilities. The exception is when the application includes library files that are written in C/C++, which then opens them up for memory vulnerabilities. These files should be checked for proper stack canaries.

Stack Protection

Android applications can include external libraries written in C/C++ which can suffer from the same buffer overflow vulnerabilities as traditional C/C++ code. All shared libraries should be in a single 'lib' directory in the application's output when decompiled with apktool.

If, for some reason, you do not know the architecture of the device you can query it to get this information:

$ adb shell getprop ro.product.cpu.abi    
arm64-v8a

• After decompilation with apktool, shared object libraries can be in lib/<arch>

• Each library properly protected should match the output of the following grep command. If not, stack protection is not present:

  cd <lib dir>
  for o in `ls`; do echo && echo && echo $o: && strings $o | grep stack_chk; done
  

• Additionally, you could use Radare2 to check for proper stack protections:

  rabin2 -I ${LIBRARY} | grep canary