How to extract web history information from an Android device.
Unauthorised use of my wife’s phone led me to wanting to see which sites had been accessed. So I thought it best to put what I’d learnt in to a quick blogpost on how to extract information from my Android phone (Samsung Galaxy Ace) about recent history of URLs visited and other browser stats and metadata.
You’ll need to have a rooted phone AFAICT. This is how I did it, there are of course other ways:
The files of browser.db, webview.db and webviewCache.db were available on my phone. They’re each an sqlite database and I used sqliteman (installed from the default Ubuntu repos) to open them.
— browser.db has information about URLs visited, history in other words, along with favorites/bookmarks. There are 4 tables but the interesting ones are “bookmarks” and “searches”.
— webview.db has inter alia tables for cookies, formdata, formurl. The cookies table will give information on all the cookies stored by the different sites visited as well as times when the cookies were set (though they can be altered). The formurl table will usually give details about sites where searches have been submitted and was the most informative for me.
— webviewCache.db stores metadata about files which are cached on the phone. So there will be information on specfic JPEGs, for example, that were on pages viewed and such like. So you might do a SQL query like:
select * from cache where cache.url LIKE '%.jpg%' order by cache.lastmodify;
(Note this won’t order by date as the lastmodify field is a string and so gets string sorted rather than date sorted, I don’t have the SQL chops to sort (punny!!) that but it’s easy enough to scan through for the dates you’re interested in; blocks of tuples for a particular day are sorted correctly relative to one another).
Hope you’ve found that information useful. Perhaps I’ll blog later about what I found and what steps might be taken to mitigate against such uses in the future …
Sorry, comments are closed.