From 6c57f1e2a55d4d72321445faf3eec0766e9f66f3 Mon Sep 17 00:00:00 2001
From: ScreaM <70141504+ScreaMy7@users.noreply.github.com>
Date: Tue, 26 Nov 2024 17:36:41 +0530
Subject: [PATCH 1/5] port 0x24

---
 .../android/MASVS-PLATFORM/MASTG-TEST-0x24.md | 28 +++++++++++++++++++
 .../android/MASVS-PLATFORM/MASTG-TEST-0024.md |  3 ++
 2 files changed, 31 insertions(+)
 create mode 100644 tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md

diff --git a/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
new file mode 100644
index 0000000000..77c99c1ced
--- /dev/null
+++ b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
@@ -0,0 +1,28 @@
+---
+platform: android
+title: Testing for App Permissions
+id: MASTG-TEST-0x24
+---
+
+## Overview
+Testing for app permissions in Android involves evaluating how an application requests, uses, and manages permissions to ensure they do not lead to security vulnerabilities. Proper permission management should protect sensitive user data and ensure that the application complies with Android's security model. The test aims to detect misconfigurations and unnecessary permissions.
+
+## Steps
+
+**Static analysis**
+ 1. Decompile the APK using tools like @MASTG-TOOL-0011.
+ 2. Examine the `AndroidManifest.xml` file for declared permissions by searching for `<uses-permission` tags.
+ 3. Review the permissions with the developer to identify the purpose of each permission set and remove unnecessary or dangerous permissions.
+
+**Dynamic analysis**
+ 1. Permissions for installed applications can be retrieved with @MASTG-TOOL-0004.
+ 2. Use the @MASTG-TOOL-0004 with the following command :
+`$  adb shell dumpsys package sg.vp.owasp_mobile.omtg_android`
+
+  Please refer to this [permissions overview ↗](https://developer.android.com/guide/topics/permissions/overview#permission-groups "Table 1. Dangerous permissions and permission groups.") for descriptions of the listed permissions that are considered dangerous.
+
+## Observation
+The output shows the list of permissions used by the application.
+
+## Evaluation
+The test will fail if the correct permissions are used.
\ No newline at end of file
diff --git a/tests/android/MASVS-PLATFORM/MASTG-TEST-0024.md b/tests/android/MASVS-PLATFORM/MASTG-TEST-0024.md
index 93c9574b7c..e78e6698bf 100644
--- a/tests/android/MASVS-PLATFORM/MASTG-TEST-0024.md
+++ b/tests/android/MASVS-PLATFORM/MASTG-TEST-0024.md
@@ -8,6 +8,9 @@ title: Testing for App Permissions
 masvs_v1_levels:
 - L1
 - L2
+status: deprecated
+covered_by: [MASTG-TEST-0x24]
+deprecation_note: New version available in MASTG V2
 ---
 
 ## Overview

From eb5cdf7ff052238ec632b6ad9689852aafb250ef Mon Sep 17 00:00:00 2001
From: ScreaM <70141504+ScreaMy7@users.noreply.github.com>
Date: Tue, 26 Nov 2024 17:47:49 +0530
Subject: [PATCH 2/5] markdown fix

---
 tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
index 77c99c1ced..7bf2a40cf1 100644
--- a/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
+++ b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
@@ -5,16 +5,19 @@ id: MASTG-TEST-0x24
 ---
 
 ## Overview
+
 Testing for app permissions in Android involves evaluating how an application requests, uses, and manages permissions to ensure they do not lead to security vulnerabilities. Proper permission management should protect sensitive user data and ensure that the application complies with Android's security model. The test aims to detect misconfigurations and unnecessary permissions.
 
 ## Steps
 
-**Static analysis**
+### Static analysis
+
  1. Decompile the APK using tools like @MASTG-TOOL-0011.
  2. Examine the `AndroidManifest.xml` file for declared permissions by searching for `<uses-permission` tags.
  3. Review the permissions with the developer to identify the purpose of each permission set and remove unnecessary or dangerous permissions.
 
-**Dynamic analysis**
+### Dynamic analysis
+
  1. Permissions for installed applications can be retrieved with @MASTG-TOOL-0004.
  2. Use the @MASTG-TOOL-0004 with the following command :
 `$  adb shell dumpsys package sg.vp.owasp_mobile.omtg_android`
@@ -22,7 +25,9 @@ Testing for app permissions in Android involves evaluating how an application re
   Please refer to this [permissions overview ↗](https://developer.android.com/guide/topics/permissions/overview#permission-groups "Table 1. Dangerous permissions and permission groups.") for descriptions of the listed permissions that are considered dangerous.
 
 ## Observation
+
 The output shows the list of permissions used by the application.
 
 ## Evaluation
-The test will fail if the correct permissions are used.
\ No newline at end of file
+
+The test will fail if the correct permissions are used.

From d0818016239acb47b96395b7d7a793eec881e0fa Mon Sep 17 00:00:00 2001
From: ScreaM <70141504+ScreaMy7@users.noreply.github.com>
Date: Fri, 17 Jan 2025 18:08:23 +0530
Subject: [PATCH 3/5] Added demo and technique.

---
 .../MASTG-DEMO-0023/AndroidManifest.xml       | 33 ++++++++
 .../AndroidManifest_reversed.xml              | 38 +++++++++
 .../MASTG-DEMO-0023/MASTG-DEMO-0023.md        | 34 ++++++++
 .../MASTG-DEMO-0023/MastgTest.kt              | 15 ++++
 .../MASTG-DEMO-0023/MastgTest_reversed.java   | 24 ++++++
 .../MASVS-PLATFORM/MASTG-DEMO-0023/output.txt | 31 +++++++
 .../MASVS-PLATFORM/MASTG-DEMO-0023/run.sh     |  1 +
 .../mastg-android-unsafe-app-permissions.yaml | 41 ++++++++++
 techniques/android/MASTG-TECH-0118.md         | 82 +++++++++++++++++++
 .../android/MASVS-PLATFORM/MASTG-TEST-0x24.md | 17 +---
 10 files changed, 302 insertions(+), 14 deletions(-)
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest.xml
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest_reversed.xml
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest.kt
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest_reversed.java
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/output.txt
 create mode 100644 demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/run.sh
 create mode 100644 rules/mastg-android-unsafe-app-permissions.yaml
 create mode 100644 techniques/android/MASTG-TECH-0118.md

diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest.xml b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest.xml
new file mode 100644
index 0000000000..8d6fa6e91f
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    xmlns:tools="http://schemas.android.com/tools">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.READ_CONTACTS" />
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
+
+    <application
+        android:allowBackup="true"
+        android:dataExtractionRules="@xml/data_extraction_rules"
+        android:fullBackupContent="@xml/backup_rules"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/Theme.MASTestApp"
+        tools:targetApi="31">
+        <activity
+            android:name=".MainActivity"
+            android:exported="true"
+            android:theme="@style/Theme.MASTestApp">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>
\ No newline at end of file
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest_reversed.xml b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest_reversed.xml
new file mode 100644
index 0000000000..b8cfe1bcad
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/AndroidManifest_reversed.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8" standalone="no"?><manifest xmlns:android="http://schemas.android.com/apk/res/android" android:compileSdkVersion="34" android:compileSdkVersionCodename="14" package="org.owasp.mastestapp" platformBuildVersionCode="34" platformBuildVersionName="14">
+    <uses-permission android:name="android.permission.INTERNET"/>
+    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
+    <uses-permission android:name="android.permission.READ_CONTACTS"/>
+    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
+    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
+    <permission android:name="org.owasp.mastestapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION" android:protectionLevel="signature"/>
+    <uses-permission android:name="org.owasp.mastestapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION"/>
+    <application android:allowBackup="true" android:appComponentFactory="androidx.core.app.CoreComponentFactory" android:dataExtractionRules="@xml/data_extraction_rules" android:debuggable="true" android:extractNativeLibs="false" android:fullBackupContent="@xml/backup_rules" android:icon="@mipmap/ic_launcher" android:label="@string/app_name" android:roundIcon="@mipmap/ic_launcher_round" android:supportsRtl="true" android:theme="@style/Theme.MASTestApp">
+        <activity android:exported="true" android:name="org.owasp.mastestapp.MainActivity" android:theme="@style/Theme.MASTestApp">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN"/>
+                <category android:name="android.intent.category.LAUNCHER"/>
+            </intent-filter>
+        </activity>
+        <activity android:exported="true" android:name="androidx.compose.ui.tooling.PreviewActivity"/>
+        <activity android:exported="true" android:name="androidx.activity.ComponentActivity"/>
+        <provider android:authorities="org.owasp.mastestapp.androidx-startup" android:exported="false" android:name="androidx.startup.InitializationProvider">
+            <meta-data android:name="androidx.emoji2.text.EmojiCompatInitializer" android:value="androidx.startup"/>
+            <meta-data android:name="androidx.lifecycle.ProcessLifecycleInitializer" android:value="androidx.startup"/>
+            <meta-data android:name="androidx.profileinstaller.ProfileInstallerInitializer" android:value="androidx.startup"/>
+        </provider>
+        <receiver android:directBootAware="false" android:enabled="true" android:exported="true" android:name="androidx.profileinstaller.ProfileInstallReceiver" android:permission="android.permission.DUMP">
+            <intent-filter>
+                <action android:name="androidx.profileinstaller.action.INSTALL_PROFILE"/>
+            </intent-filter>
+            <intent-filter>
+                <action android:name="androidx.profileinstaller.action.SKIP_FILE"/>
+            </intent-filter>
+            <intent-filter>
+                <action android:name="androidx.profileinstaller.action.SAVE_PROFILE"/>
+            </intent-filter>
+            <intent-filter>
+                <action android:name="androidx.profileinstaller.action.BENCHMARK_OPERATION"/>
+            </intent-filter>
+        </receiver>
+    </application>
+</manifest>
\ No newline at end of file
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
new file mode 100644
index 0000000000..e1e63498a7
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
@@ -0,0 +1,34 @@
+---
+platform: android
+title: Application using unsafe permissions.
+id: MASTG-DEMO-0023
+code: [java]
+---
+
+### Sample
+
+{{ AndroidManifest.xml }}
+
+### Steps
+
+Let's run our @MASTG-TOOL-0110 rule against the sample manifest file.
+
+{{ ../../../../rules/mastg-android-unsafe-app-permissions.yaml }}
+
+{{ run.sh }}
+
+### Observation
+
+The rule has identified five instances in the AndroidManifest file where the application requires unsafe permissions.
+
+{{ output.txt }}
+
+### Evaluation
+
+The reported instances include:
+
+- Line 5 uses `INTERNET` permissions.
+- Line 6 uses `WRITE_EXTERNAL_STORAGE` permissions.
+- Line 7 uses `READ_CONTACTS` permissions.
+- Line 8 uses `READ_EXTERNAL_STORAGE` permissions.
+- Line 9 uses `ACCESS_FINE_LOCATION` permissions.
\ No newline at end of file
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest.kt b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest.kt
new file mode 100644
index 0000000000..6a356ae6d7
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest.kt
@@ -0,0 +1,15 @@
+package org.owasp.mastestapp
+
+import android.util.Log
+import android.content.Context
+
+class MastgTest (private val context: Context){
+
+    fun mastgTest(): String {
+        val sensitiveString = "Hello from the OWASP MASTG Test app."
+
+        Log.d("MASTG-TEST", sensitiveString)
+        return sensitiveString
+    }
+
+}
\ No newline at end of file
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest_reversed.java b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest_reversed.java
new file mode 100644
index 0000000000..339a7e26e7
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MastgTest_reversed.java
@@ -0,0 +1,24 @@
+package org.owasp.mastestapp;
+
+import android.content.Context;
+import android.util.Log;
+import kotlin.Metadata;
+import kotlin.jvm.internal.Intrinsics;
+
+/* compiled from: MastgTest.kt */
+@Metadata(d1 = {"\u0000\u0018\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0000\b\u0007\u0018\u00002\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0006\u0010\u0005\u001a\u00020\u0006R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u0007"}, d2 = {"Lorg/owasp/mastestapp/MastgTest;", "", "context", "Landroid/content/Context;", "(Landroid/content/Context;)V", "mastgTest", "", "app_debug"}, k = 1, mv = {1, 9, 0}, xi = 48)
+/* loaded from: classes4.dex */
+public final class MastgTest {
+    public static final int $stable = 8;
+    private final Context context;
+
+    public MastgTest(Context context) {
+        Intrinsics.checkNotNullParameter(context, "context");
+        this.context = context;
+    }
+
+    public final String mastgTest() {
+        Log.d("MASTG-TEST", "Hello from the OWASP MASTG Test app.");
+        return "Hello from the OWASP MASTG Test app.";
+    }
+}
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/output.txt b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/output.txt
new file mode 100644
index 0000000000..2911adec07
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/output.txt
@@ -0,0 +1,31 @@
+                   
+                   
+┌─────────────────┐
+│ 5 Code Findings │
+└─────────────────┘
+                           
+    AndroidManifest.xml
+    ❯❱ detect-unsafe-android-permissions
+          Sensitive Android permission found: android.permission.INTERNET
+                                                                         
+            5┆ <uses-permission android:name="android.permission.INTERNET" />
+            ⋮┆----------------------------------------
+    ❯❱ detect-unsafe-android-permissions
+          Sensitive Android permission found: android.permission.WRITE_EXTERNAL_STORAGE
+                                                                                       
+            6┆ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+            ⋮┆----------------------------------------
+    ❯❱ detect-unsafe-android-permissions
+          Sensitive Android permission found: android.permission.READ_CONTACTS
+                                                                              
+            7┆ <uses-permission android:name="android.permission.READ_CONTACTS" />
+            ⋮┆----------------------------------------
+    ❯❱ detect-unsafe-android-permissions
+          Sensitive Android permission found: android.permission.READ_EXTERNAL_STORAGE
+                                                                                      
+            8┆ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+            ⋮┆----------------------------------------
+    ❯❱ detect-unsafe-android-permissions
+          Sensitive Android permission found: android.permission.ACCESS_FINE_LOCATION
+                                                                                     
+            9┆ <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" />
\ No newline at end of file
diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/run.sh b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/run.sh
new file mode 100644
index 0000000000..743e487c89
--- /dev/null
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/run.sh
@@ -0,0 +1 @@
+NO_COLOR=true semgrep -c ../../../../rules/mastg-android-unsafe-app-permissons.yaml ./AndroidManifest.xml --text -o output.txt
\ No newline at end of file
diff --git a/rules/mastg-android-unsafe-app-permissions.yaml b/rules/mastg-android-unsafe-app-permissions.yaml
new file mode 100644
index 0000000000..90fd8cc76e
--- /dev/null
+++ b/rules/mastg-android-unsafe-app-permissions.yaml
@@ -0,0 +1,41 @@
+rules:
+  - id: detect-unsafe-android-permissions
+    languages: [xml]
+    message: "Sensitive Android permission found: $PERMISSION"
+    severity: WARNING
+    patterns:
+      - pattern: |
+          <uses-permission android:name="$PERMISSION" />
+    metavariables:
+      PERMISSION:
+        regex: |
+          (android\.permission\.READ_CALENDAR|
+          android\.permission\.WRITE_CALENDAR|
+          android\.permission\.CAMERA|
+          android\.permission\.READ_CONTACTS|
+          android\.permission\.WRITE_CONTACTS|
+          android\.permission\.GET_ACCOUNTS|
+          android\.permission\.ACCESS_FINE_LOCATION|
+          android\.permission\.ACCESS_COARSE_LOCATION|
+          android\.permission\.RECORD_AUDIO|
+          android\.permission\.READ_PHONE_STATE|
+          android\.permission\.READ_PHONE_NUMBERS|
+          android\.permission\.CALL_PHONE|
+          android\.permission\.ANSWER_PHONE_CALLS|
+          android\.permission\.READ_CALL_LOG|
+          android\.permission\.WRITE_CALL_LOG|
+          android\.permission\.ADD_VOICEMAIL|
+          android\.permission\.USE_SIP|
+          android\.permission\.PROCESS_OUTGOING_CALLS|
+          android\.permission\.BODY_SENSORS|
+          android\.permission\.SEND_SMS|
+          android\.permission\.RECEIVE_SMS|
+          android\.permission\.READ_SMS|
+          android\.permission\.RECEIVE_WAP_PUSH|
+          android\.permission\.RECEIVE_MMS|
+          android\.permission\.READ_EXTERNAL_STORAGE|
+          android\.permission\.WRITE_EXTERNAL_STORAGE|
+          android\.permission\.ACCESS_MEDIA_LOCATION|
+          android\.permission\.ACCEPT_HANDOVER|
+          android\.permission\.ACCESS_BACKGROUND_LOCATION|
+          android\.permission\.ACTIVITY_RECOGNITION)
diff --git a/techniques/android/MASTG-TECH-0118.md b/techniques/android/MASTG-TECH-0118.md
new file mode 100644
index 0000000000..186adb49c8
--- /dev/null
+++ b/techniques/android/MASTG-TECH-0118.md
@@ -0,0 +1,82 @@
+--- 
+title: Obtaining App Permissions from Android Applications
+platform: android 
+---
+
+Obtaining App Permissions from Android Applications. There are several ways to obtain permissions from an Android application. Below are the tools and techniques commonly used:
+
+## Using @MASTG-TOOL-0018 
+
+You can use Jadx or Jadx-GUI to decompile APK files and access the AndroidManifest.xml file. This allows you to view the permissions declared in the application and inspect their usage in the code. Jadx is particularly useful for static analysis as it can also decompile application code, helping identify how permissions are utilized within the app logic.
+
+Steps:
+
+1. Open the APK file in Jadx or Jadx-GUI.
+2. Navigate to the AndroidManifest.xml file to view the declared permissions.
+
+## Using @MASTG-TOOL-0011 
+
+You can also decompile an APK using APKTool to extract the AndroidManifest.xml file.
+
+```bash
+apktool d org.owasp.mastestapp.apk
+```
+
+This command decompresses the APK and extracts all resources, including the manifest file, which lists the permissions.
+APKTool is useful for detailed reverse engineering and modifying app resources if needed.
+
+## Using @MASTG-TOOL-0124
+
+Besides manually inspecting the AndroidManifest.xml file, you can use the Android Asset Packaging Tool (AAPT) to examine the permissions of an APK file. AAPT is included in the Android SDK within the build-tools folder.
+
+```bash
+$ aapt d permissions org.owasp.mastestapp.apk
+package: org.owasp.mastestapp
+uses-permission: name='android.permission.INTERNET'
+uses-permission: name='android.permission.CAMERA'
+uses-permission: name='android.permission.WRITE_EXTERNAL_STORAGE'
+uses-permission: name='android.permission.READ_CONTACTS'
+uses-permission: name='android.permission.READ_EXTERNAL_STORAGE'
+permission: org.owasp.mastestapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
+uses-permission: name='org.owasp.mastestapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION'
+
+This command lists all the permissions requested by the app in a concise format, saving time compared to manual inspection.
+```
+
+## Using @MASTG-TOOL-0004 
+
+Android's built-in debugging tool, ADB (Android Debug Bridge), provides a way to view permissions directly from a device or emulator.
+
+```bash
+$ adb shell dumpsys package org.owasp.mastestapp | grep permission
+    declared permissions:
+    requested permissions:
+      android.permission.INTERNET
+      android.permission.CAMERA
+      android.permission.WRITE_EXTERNAL_STORAGE
+      android.permission.READ_CONTACTS
+      android.permission.READ_EXTERNAL_STORAGE
+    install permissions:
+      android.permission.INTERNET: granted=true
+      runtime permissions:
+        android.permission.READ_EXTERNAL_STORAGE: granted=false, flags=[ RESTRICTION_INSTALLER_EXEMPT]
+        android.permission.CAMERA: granted=false
+        android.permission.WRITE_EXTERNAL_STORAGE: granted=false, flags=[ RESTRICTION_INSTALLER_EXEMPT]
+        android.permission.READ_CONTACTS: granted=false
+```
+
+This command retrieves the permissions declared in the app, as well as runtime-granted permissions if the app is installed on a device. It is especially useful during dynamic analysis or when testing an app in a live environment.
+
+## Using @MASTG-TOOL-0031
+
+Apart from enforcing custom permissions via the application manifest file, you can also check permissions using dynamic instrumentation. This is not recommended, however, because it is more error-prone and can be bypassed more easily with, e.g., runtime instrumentation. It is recommended that the ContextCompat.checkSelfPermission method is called to check if an activity has a specified permission. You can use this frida script from the [frida codeshare](https://codeshare.frida.re/@ScreaMy7/hookpermissions/) to check for runtime permissions.
+
+```bash
+$ frida -U -l hookpermissions.js -f org.owasp.mastestapp
+```
+
+Additional Notes:
+
+* Permission Scope: Pay attention to runtime permissions (introduced in Android 6.0) versus manifest-declared permissions. Some permissions require explicit user approval at runtime.
+
+* Refer to this [listed permissions](https://stackoverflow.com/questions/36936914/list-of-android-permissions-normal-permissions-and-dangerous-permissions-in-api) that are considered dangerous.
diff --git a/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
index 7bf2a40cf1..65d54c25f2 100644
--- a/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
+++ b/tests-beta/android/MASVS-PLATFORM/MASTG-TEST-0x24.md
@@ -2,6 +2,7 @@
 platform: android
 title: Testing for App Permissions
 id: MASTG-TEST-0x24
+weakness: MASWE-0116
 ---
 
 ## Overview
@@ -10,19 +11,7 @@ Testing for app permissions in Android involves evaluating how an application re
 
 ## Steps
 
-### Static analysis
-
- 1. Decompile the APK using tools like @MASTG-TOOL-0011.
- 2. Examine the `AndroidManifest.xml` file for declared permissions by searching for `<uses-permission` tags.
- 3. Review the permissions with the developer to identify the purpose of each permission set and remove unnecessary or dangerous permissions.
-
-### Dynamic analysis
-
- 1. Permissions for installed applications can be retrieved with @MASTG-TOOL-0004.
- 2. Use the @MASTG-TOOL-0004 with the following command :
-`$  adb shell dumpsys package sg.vp.owasp_mobile.omtg_android`
-
-  Please refer to this [permissions overview ↗](https://developer.android.com/guide/topics/permissions/overview#permission-groups "Table 1. Dangerous permissions and permission groups.") for descriptions of the listed permissions that are considered dangerous.
+There are multiple tools that can help in finding permissions in use by an application. Refer @MASTG-TECH-0118 to and use any of the mentioned tools.
 
 ## Observation
 
@@ -30,4 +19,4 @@ The output shows the list of permissions used by the application.
 
 ## Evaluation
 
-The test will fail if the correct permissions are used.
+  Please refer to this [permissions overview](https://developer.android.com/guide/topics/permissions/overview) for descriptions of the listed permissions that are considered dangerous.

From 7a8ac45b94cfb1be2cdb2a9179465512e71664cc Mon Sep 17 00:00:00 2001
From: ScreaM <70141504+ScreaMy7@users.noreply.github.com>
Date: Fri, 17 Jan 2025 18:14:28 +0530
Subject: [PATCH 4/5] fix mistakes

---
 .../MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md     | 2 +-
 techniques/android/MASTG-TECH-0118.md                     | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
index e1e63498a7..6f1f9c5586 100644
--- a/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
+++ b/demos/android/MASVS-PLATFORM/MASTG-DEMO-0023/MASTG-DEMO-0023.md
@@ -31,4 +31,4 @@ The reported instances include:
 - Line 6 uses `WRITE_EXTERNAL_STORAGE` permissions.
 - Line 7 uses `READ_CONTACTS` permissions.
 - Line 8 uses `READ_EXTERNAL_STORAGE` permissions.
-- Line 9 uses `ACCESS_FINE_LOCATION` permissions.
\ No newline at end of file
+- Line 9 uses `ACCESS_FINE_LOCATION` permissions.
diff --git a/techniques/android/MASTG-TECH-0118.md b/techniques/android/MASTG-TECH-0118.md
index 186adb49c8..d87d10b108 100644
--- a/techniques/android/MASTG-TECH-0118.md
+++ b/techniques/android/MASTG-TECH-0118.md
@@ -5,7 +5,7 @@ platform: android
 
 Obtaining App Permissions from Android Applications. There are several ways to obtain permissions from an Android application. Below are the tools and techniques commonly used:
 
-## Using @MASTG-TOOL-0018 
+## Using @MASTG-TOOL-0018
 
 You can use Jadx or Jadx-GUI to decompile APK files and access the AndroidManifest.xml file. This allows you to view the permissions declared in the application and inspect their usage in the code. Jadx is particularly useful for static analysis as it can also decompile application code, helping identify how permissions are utilized within the app logic.
 
@@ -14,7 +14,7 @@ Steps:
 1. Open the APK file in Jadx or Jadx-GUI.
 2. Navigate to the AndroidManifest.xml file to view the declared permissions.
 
-## Using @MASTG-TOOL-0011 
+## Using @MASTG-TOOL-0011
 
 You can also decompile an APK using APKTool to extract the AndroidManifest.xml file.
 
@@ -43,7 +43,7 @@ uses-permission: name='org.owasp.mastestapp.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMIS
 This command lists all the permissions requested by the app in a concise format, saving time compared to manual inspection.
 ```
 
-## Using @MASTG-TOOL-0004 
+## Using @MASTG-TOOL-0004
 
 Android's built-in debugging tool, ADB (Android Debug Bridge), provides a way to view permissions directly from a device or emulator.
 
@@ -72,7 +72,7 @@ This command retrieves the permissions declared in the app, as well as runtime-g
 Apart from enforcing custom permissions via the application manifest file, you can also check permissions using dynamic instrumentation. This is not recommended, however, because it is more error-prone and can be bypassed more easily with, e.g., runtime instrumentation. It is recommended that the ContextCompat.checkSelfPermission method is called to check if an activity has a specified permission. You can use this frida script from the [frida codeshare](https://codeshare.frida.re/@ScreaMy7/hookpermissions/) to check for runtime permissions.
 
 ```bash
-$ frida -U -l hookpermissions.js -f org.owasp.mastestapp
+frida -U -l hookpermissions.js -f org.owasp.mastestapp
 ```
 
 Additional Notes:

From 129c7bef832e3734a7207bc54fbb73130c53ff2b Mon Sep 17 00:00:00 2001
From: ScreaM <70141504+ScreaMy7@users.noreply.github.com>
Date: Fri, 17 Jan 2025 18:15:55 +0530
Subject: [PATCH 5/5] fix again

---
 techniques/android/MASTG-TECH-0118.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/techniques/android/MASTG-TECH-0118.md b/techniques/android/MASTG-TECH-0118.md
index d87d10b108..5bdd483099 100644
--- a/techniques/android/MASTG-TECH-0118.md
+++ b/techniques/android/MASTG-TECH-0118.md
@@ -77,6 +77,6 @@ frida -U -l hookpermissions.js -f org.owasp.mastestapp
 
 Additional Notes:
 
-* Permission Scope: Pay attention to runtime permissions (introduced in Android 6.0) versus manifest-declared permissions. Some permissions require explicit user approval at runtime.
+- Permission Scope: Pay attention to runtime permissions (introduced in Android 6.0) versus manifest-declared permissions. Some permissions require explicit user approval at runtime.
 
-* Refer to this [listed permissions](https://stackoverflow.com/questions/36936914/list-of-android-permissions-normal-permissions-and-dangerous-permissions-in-api) that are considered dangerous.
+- Refer to this [listed permissions](https://stackoverflow.com/questions/36936914/list-of-android-permissions-normal-permissions-and-dangerous-permissions-in-api) that are considered dangerous.