The strategy of attacking is to allow your enemy to make mistakes.
In this chapter, we will be breaking down all of the facts that we need to start attacking and penetration testing Android applications. Each tool that was covered in the previous chapters will be put to good use by us referencing them and what they can do for a given vulnerability. The chapter will discuss all the top 10 OWASP mobile application vulnerabilities and how to attack Android apps and their given weaknesses, with examples. The reader should walk away with knowledge of the following:
Attacking Android components
Attacking Android WebViews
Assessing implementation vulnerabilities
Abusing web traffic for MitM attacks
Reverse engineering subtle logic vulnerabilities
Defeating binary protection
As discussed in the previous chapters, it would be a tough job for developers to create an app that has no vulnerabilities. There are three types of scenarios that can be...