Abstract

Introducing QARK (Quick Android Review Kit), a new tool designed with both red and blue teams in mind. QARK will perform static code analysis on Android applications, by decompiling them, parsing their manifests, and finally tokenizing the underlying Java code to allow full source-to-sink mapping.

Unlike other tools QARK will also automatically create customized ADB commands to demonstrate vulnerabilities and probably coolest of all, it can create customized Proof-of-Concept apps to exploit the vulnerabilities it finds.