SUPER 0.3.0 is finaly here!


#1

We finally released version 0.3.0 of SUPER, the Android apk vulnerabilty checker. This release brings a ton of code improvements, upgrades to dependencies, better logging and a couple of options for the CLI, along with tab completions. We also changed our release schedule, 6 weeks was too much compressed work for us!

Here you have the release announcement. Happy coding!


#2

Can this run on the Android itself or do you need to run on a desktop, then send the apk to the phone?

I could see this being much more useful if more automated to run on the Android… which doesn’t seem to be the case.

I general, seems awesome… but also seems tricky to get started with after poking around the website.


#3

Hmm interesting point. The software is oriented towards Android auditors, and never heard of auditors using Android as a platform to audit apk files. It’s simply not useful. Remember that to audit an apk file, you must download it first, uncompress it, decompile it and check its code. In Android, you cannot download that apk file directly from Google Play, you would need a third party software, which takes out the only benefit I can see on using Android for this task.

Nevertheless, it’s true that a CLI application is probably not the most user friendly way of auditing, and we are working towards a much better approach, at least for most users, but it’s not yet in a develooment stage were it makes sense to present it.

If you see the current software for auditors, all we have is 2-3 Java frameworks that don’t really gind too much vulnerabilities, and are full of false positives. We try to fix this market niche with SUPER, but even if we currently do it better than the rest, we still have a lot of work to do to get to a point where I would be fine on releasing a 1.0 version.


#4

That makes sense, thought it was for users to use as an “antivirus” like software. Might be a direction you could extend this though.


#5

It’s an option we have thought about, but it’s currently out of scope of the project. Thanks for the suggestion anyway, maybe once we get to version 1.0 we can start thinking on those things :slight_smile: