Agrigento: Identify privacy leaks in Android apps



Agrigento is a tool to identify privacy leaks in Android apps by performing black-box differential analysis on the network traffic. It performs root cause analysis of non-determinism in the network behavior of Android apps.

Agrigento works in two steps: first, Agrigento establishes a baseline of the network behavior of an app; then, modifies sources of private information, such as the device ID and location, and detects privacy leaks by observing deviations in the resulting network traffic. The main contribution of this work is to make black-box differential analysis practical when applied to modern Android apps.


Agrigento sources:

Agrigento is able to eliminate the different sources of non-determinism by intercepting calls from the app to certain Android API calls and recording their return values, and in some cases replacing them (either by replaying previously seen values or by returning constant values).

  • It records the timestamps generated during the first run of each app and replays the same values in the further runs.
  • It records the random identifiers (UUID) generated by the app.
  • It records the plaintext and ciphertext values whenever the app performs encryption.
  • The instrumented environment sets a fixed seed for all random number generation functions.
  • It replaces the values of system-related performance measures (e.g., free memory, available storage space) with a set of constants.


Agrigento requires other modules to be installed on the Android device:

  • [Xposed].
  • [CryptoHooker] – Collect contentextual information.
  • [Changer] – Modify the values of private information sources.
  • [JustTrustMe] – Handle certificate pinning.
  • [Android Mock-location] – Allow to set mock location through ADB.


Agrigento Network Behavior:

Agrigento looks for privacy leaks at all levels of the tree, i.e., in all parts of the HTTP request: the domain, path, key, and values, as well as the headers and the payload. In the current implementation Agrigento includes parsers for application/x-www-form-urlencoded, application/json, and any content that matches a HTTP query format. However, it can be easily extended with parsers for further content types.

Most Popular Training Courses at Indian Cyber Security Solutions

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Tester Training

Ethical Hacking  training

Python Programming training

 RHCE  training

CEH V9  training

Diploma in Network Security Training

Secure Coding in Java

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advanced Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

Digital marketing

CCNA training

Android Training

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Tester – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Leave a Reply

Your email address will not be published. Required fields are marked *



Click one of our representatives below to chat on WhatsApp or send us an email to [email protected]

× Hi How can we help you