Mobile Verification Toolkit (MVT) Installation and Android Scanning Guide

🔧 Installation on macOS

1. Install Homebrew (if not installed):

   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

2. Install pipx:

   brew install pipx
   pipx ensurepath

3. Add pipx to PATH:

   source ~/.zshrc

4. Install MVT:

   pipx install git+https://github.com/mvt-project/mvt.git

---

📱 Android Device Scanning Steps

1. Prepare Your Device:
   – Enable Developer Options
   – Enable USB Debugging
   – Connect via USB cable
2. Verify ADB Connection:

   adb devices

3. Download IOC Indicators:

   mvt-android download-iocs

4. Run Full Scan:

   mvt-android check-adb

---

⚠️ Common Issues & Fixes

1. “Command Not Found” Errors

Solution: Ensure proper PATH configuration

pipx ensurepath
source ~/.zshrc

2. ADB Device Disconnections

Solution: Reset ADB server

adb kill-server

3. SMS Backup Failure

Solution:

1. Set backup password on Android device
2. Accept backup prompt on phone when requested
3. Enter password in terminal when prompted

4. Chrome History Module Errors

Note: Requires rooted device. Do NOT root your device for this purpose.

---

🔍 Sample Scan Results

Your device showed these notable findings:

WARNING [adb.getprop] Security patch outdated: 2023-06-01 (>6 months old)
WARNING [adb.settings] Suspicious settings:
   - accessibility_enabled = 1
   - install_non_market_apps = 1
WARNING [adb.dumpsys_appops] Risky permissions:
   - SYSTEM_ALERT_WINDOW: Reject
   - WRITE_EXTERNAL_STORAGE: Access
   - REQUEST_INSTALL_PACKAGES: Access (multiple apps)

---

🔒 Best Practices

• Disable ADB after scanning
• Update device security patches
• Review app permissions regularly
• For serious concerns, contact Amnesty International’s Security Lab

Note: This tutorial reflects actual scan results from a Xiaomi M2007J20CG running Android 11 (SDK 31). Your results may vary based on device and software versions.