Android: programmatically determine list of apps t

2019-01-24 21:45发布

问题:

I would like know which applications on my android connect to what IP addresses. In essence I would like to know what these apps do in the background without my approval.

I tried a netstat OS call in my monitoring app, which already gives me the open connections and the connected IP addresses, but there is no process name, pid or uid that would allow me to map a connection to a particular app. 'netstat -p' seems not to provide the process info.

回答1:

If you read source code for 'netstat', it actually reads data from /proc/net/tcp which holds a dump of the TCP socket table, the data will like below.

sl  local_address rem_address   st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
 0: 0100007F:13AD 00000000:0000 0A 00000000:00000000 00:00000000 00000000     0        0 517 1 cbf19b40 300 0 0 2 -1

you will discover each connection has a uid, because Android OS run each application with a user account that means own a unique uid, it will help to map every connection to a single process.

I hope this information will help.



回答2:

I think there are two possible reasons.

  1. It is due to permission problems, because some Android distribution version has more restrict permission settings, you should try to read data from /proc/%pid%/net/tcp (%pid% replace by PID for your app).

  2. the system is working on IPv6, you need to check "/proc/%pid%/net/tcp6" instead of "/proc/%pid%/net/tcp", its ip will need to convert from IPv6 to IPv4.



回答3:

On several android 4.x I've seen genuine IPv4 connections appear with IPv4-mapped-IPv6 addresses in /proc/net/tcp6 instead of plain v4, like this:

    sl  local_address                         remote_address                        st tx_queue rx_queue tr tm->when retrnsmt   uid  timeout inode
   0: 0000000000000000FFFF00000100007F:99FC 00000000000000000000000000000000:0000 0A 00000000:00000000 00:00000000 00000000 10071        0 32037 1 00000000 300 0 0 2 -1
   1: 0000000000000000FFFF00005EE9A8C0:9BB0 0000000000000000FFFF000007E6AB45:01BB 08 00000000:00000001 00:00000000 00000000 10071        0 32270 1 00000000 22 4 6 6 -1

So it seems you should check udp6/tcp6 as well.



回答4:

Use busybox command to get process info

busybox netstat -tp