Skip to content

mayankrises/android-remote-access-tool

BranchesTags

Repository files navigation

Android Remote Access & Vulnerability Testing Tool

About This Project

I built this Android app as part of my journey into information security and penetration testing. It's a security research tool that demonstrates how vulnerable Android devices can be to remote access attacks. The whole point is to help people understand these risks and protect themselves better.

The app basically turns an Android device into a remote-accessible server. You can connect to it from another device and access the camera, microphone, and location - all the stuff that would be scary if someone unauthorized did it. That's exactly why I made this - to show people what's possible and how to defend against it.

You can connect through your local WiFi, set up a VPN tunnel, or even use ngrok to access it over the internet. I've tested all three methods and they work pretty well.

Important: This is strictly for educational purposes and ethical security testing. Don't use this to spy on people or do anything illegal. Seriously.

Screenshots

Home Screen - Initializing

Home Screen Initializing

Service Started

Service Started

Service Stopped

Service Stopped

What It Does

Here's what the app can do:

  • Control an Android device remotely through a web interface
  • Access the device's camera and stream video
  • Record audio from the microphone
  • Track GPS location in real-time
  • Start/stop the server with a simple button
  • Works over local networks, VPN, or the internet (with ngrok)
  • Shows live connection status and device info

The web dashboard is pretty straightforward - I kept it simple so anyone can use it for testing.

Tech Stack

I wrote this in Kotlin because it's what I'm most comfortable with for Android development. Here's what I used:

Framework & Tools:

  • Android Studio
  • Minimum Android version: 7.0 (API 24)
  • Target: Android 14 (API 34)
  • Java 8 compatibility

Key Libraries:

  • Ktor for the web server (it's surprisingly lightweight and perfect for this)
  • CameraX for camera access (way better than the old Camera2 API)
  • Kotlin Coroutines for handling async operations
  • Google Play Services for location tracking
  • Material Design components for the UI

Full dependency list:

androidx.core:core-ktx:1.12.0
androidx.appcompat:appcompat:1.6.1
com.google.android.material:material:1.10.0
androidx.constraintlayout:constraintlayout:2.1.4
androidx.lifecycle:lifecycle-runtime-ktx:2.6.2
androidx.lifecycle:lifecycle-service:2.6.2
androidx.camera:camera-core:1.3.0
androidx.camera:camera-camera2:1.3.0
androidx.camera:camera-lifecycle:1.3.0
androidx.camera:camera-video:1.3.0
io.ktor:ktor-server-core:2.3.6
io.ktor:ktor-server-netty:2.3.6
io.ktor:ktor-server-auth:2.3.6
io.ktor:ktor-http:2.3.6
org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3
org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3
com.google.android.gms:play-services-location:21.0.1

How to Set It Up

What you'll need:

  • Android Studio (I'm using Hedgehog 2023.1.1 but newer versions should work)
  • An Android device running 7.0 or higher, or an emulator
  • Basic knowledge of Android development

Getting it running:

  1. Clone the repo:
git clone https://github.com/mayankrises/android-remote-access-tool.git

  1. Open it in Android Studio and let Gradle do its thing (grab some coffee, this takes a minute)

  2. Connect your phone or start an emulator

  3. Hit Run (or Shift + F10 if you're into shortcuts)

  4. Open the app and click "Start Server"

That's it! The app will show you the IP address to connect to.

How to Actually Use It

Local Network (Same WiFi)

This is the easiest way and what I use most of the time for testing:

  1. Make sure your phone and computer are on the same WiFi
  2. Start the server in the app
  3. Open a browser and go to http://[your-phone-ip]:8080
  4. You should see the control panel

To find your phone's IP: Settings → WiFi → tap your network → look for IP address

Over the Internet (Using ngrok)

This is how you'd access it from anywhere. You'll need ngrok and ADB set up:

First time setup:

# Install ADB
# Windows: Download from https://developer.android.com/studio/releases/platform-tools
# Mac: brew install android-platform-tools
# Linux: sudo apt-get install android-tools-adb

# Install ngrok from https://ngrok.com/download
# Mac: brew install ngrok

# Sign up at ngrok.com and get your token, then:
ngrok config add-authtoken YOUR_TOKEN

Every time you want to use it:

# Enable USB debugging on your phone first!
# Then plug it in and run:
adb devices

# Forward the port:
adb forward tcp:8080 tcp:8080

# In another terminal, start ngrok:
ngrok http 8080

Ngrok will give you a URL like https://something-random.ngrok.io - that's your access point from anywhere.

VPN Method

If you have a VPN set up (OpenVPN, WireGuard, etc.), you can use that too:

  1. Connect both devices to the same VPN
  2. Use the VPN IP address instead of the local one
  3. Access at http://[vpn-ip]:8080

Quick Testing

You can check if everything's working with curl:

curl http://192.168.1.100:8080

Legal Stuff (Please Read)

I made this to learn about Android security and help others understand these vulnerabilities. You can only use this on devices you own or have explicit permission to test.

Using this on someone else's device without permission is illegal pretty much everywhere. Don't do it. I'm not responsible if you do something stupid with this code.

Legit uses:

  • Testing your own devices
  • Security research with proper authorization
  • Educational demos in a controlled environment
  • Penetration testing with written permission

Not okay:

  • Spying on anyone
  • Unauthorized access to devices
  • Anything that violates privacy laws
  • Being a creep

What I Learned

This project taught me a ton:

  • How to build a proper web server in Android (Ktor is awesome)
  • Working with CameraX instead of the old camera APIs
  • Kotlin coroutines for handling multiple things at once
  • Android's permission system and how to work with runtime permissions
  • Network programming and dealing with different connection types
  • Why security matters and how easy it is to exploit poor security practices

The biggest takeaway? Android's permission model is pretty good, but users need to actually pay attention to what permissions they grant. Most people just tap "Allow" without thinking.

Future Plans

If I get time, I want to add:

  • Proper encryption for all the data transmission
  • Two-factor auth for accessing the server
  • Screen recording/screenshots
  • File transfer capabilities
  • A dark mode (because why not)
  • Support for controlling multiple devices

About Me

I'm Mayank Sharma, currently learning about cybersecurity and Android development. You can find me:

Feel free to reach out if you have questions or want to discuss security stuff!

License

MIT License - basically you can use this code however you want, just don't blame me if something breaks. See the LICENSE file for the legal details.

Thanks

Big thanks to the teams behind Ktor, CameraX, and the entire Kotlin community. Also shoutout to all the security researchers who share their knowledge - I learned a lot from you all.

If you found this helpful or interesting, give it a star! And remember - use your powers for good, not evil 🔐

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages