In this recipe, I'm going to show you how to write a certificate enumerator, which does nothing more than pull application certificates as hexadecimal digests and dump them on your screen. The reason I've included this is because, firstly, it demonstrates how you interface with the package manager and pull some information the other modules in this section don't. Secondly, it may be useful to get your hands on an application signature when you're looking for all apps that have been signed with the same public key, which is useful because often developers and malware authors will use the same key for most of their applications. It will also allow you to identify apps that may share resources and autonomously grant each other permissions; how this happens will be discussed in detail in the next section.
Android Security Cookbook
Android Security Cookbook
Overview of this book
Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.
The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.
Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Android Development Tools
Engaging with Application Security
Android Security Assessment Tools
Exploiting Applications
Protecting Applications
Reverse Engineering Applications
Secure Networking
Native Exploitation and Analysis
Encryption and Developing Device Administration Policies
Index
Customer Reviews