mvt/docs/android/download_apks.md

# Downloading APKs from an Android phone

MVT allows to attempt to download all available installed packages (APKs) in order to further inspect them and potentially identify any which might be malicious in nature.

You can do so by launching the following command:

```bash
mvt-android download-apks --output /path/to/folder
```

It might take several minutes to complete.

!!! info
    MVT will likely warn you it was unable to download certain installed packages. There is no reason to be alarmed: this is typically expected behavior when MVT attempts to download a system package it has no privileges to access.

Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on [VirusTotal](https://www.virustotal.com). While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones:

```bash
MVT_VT_API_KEY=<key> mvt-android download-apks --output /path/to/folder --virustotal
```

Please note that in order to use VirusTotal lookups you are required to provide your own API key through the `MVT_VT_API_KEY` environment variable. You should also note that VirusTotal enforces strict API usage. Be mindful that MVT might consume your hourly search quota.

In case you have a previous extraction of APKs you want to later check against VirusTotal, you can do so with the following arguments:

```bash
MVT_VT_API_KEY=<key> mvt-android download-apks --from-file /path/to/folder/apks.json --virustotal
```
Improves documentation 2021-07-18 14:33:34 +00:00			`# Downloading APKs from an Android phone`
First commit 2021-07-16 06:05:01 +00:00
Updated documentation on mvt-android 2021-08-17 14:36:48 +00:00			`MVT allows to attempt to download all available installed packages (APKs) in order to further inspect them and potentially identify any which might be malicious in nature.`
First commit 2021-07-16 06:05:01 +00:00
Updated documentation on mvt-android 2021-08-17 14:36:48 +00:00			`You can do so by launching the following command:`
First commit 2021-07-16 06:05:01 +00:00
			```bash
			`mvt-android download-apks --output /path/to/folder`
			```

Updated docs 2021-08-18 08:34:31 +00:00			`It might take several minutes to complete.`

			`!!! info`
			`MVT will likely warn you it was unable to download certain installed packages. There is no reason to be alarmed: this is typically expected behavior when MVT attempts to download a system package it has no privileges to access.`
Updated documentation on mvt-android 2021-08-17 14:36:48 +00:00
Refactoring support for VirusTotal lookups, and removed Koodous lookups (ref: #273) 2022-06-14 13:46:01 +00:00			`Optionally, you can decide to enable lookups of the SHA256 hash of all the extracted APKs on [VirusTotal](https://www.virustotal.com). While these lookups do not provide any conclusive assessment on all of the extracted APKs, they might highlight any known malicious ones:`
First commit 2021-07-16 06:05:01 +00:00
			```bash
Added some notes in documentation about using VirusTotal 2022-06-20 09:32:57 +00:00			`MVT_VT_API_KEY=<key> mvt-android download-apks --output /path/to/folder --virustotal`
First commit 2021-07-16 06:05:01 +00:00			```

Added some notes in documentation about using VirusTotal 2022-06-20 09:32:57 +00:00			Please note that in order to use VirusTotal lookups you are required to provide your own API key through the `MVT_VT_API_KEY` environment variable. You should also note that VirusTotal enforces strict API usage. Be mindful that MVT might consume your hourly search quota.

Refactoring support for VirusTotal lookups, and removed Koodous lookups (ref: #273) 2022-06-14 13:46:01 +00:00			`In case you have a previous extraction of APKs you want to later check against VirusTotal, you can do so with the following arguments:`
First commit 2021-07-16 06:05:01 +00:00
			```bash
Added some notes in documentation about using VirusTotal 2022-06-20 09:32:57 +00:00			`MVT_VT_API_KEY=<key> mvt-android download-apks --from-file /path/to/folder/apks.json --virustotal`
First commit 2021-07-16 06:05:01 +00:00			```