The following recipe shows you how to do some snooping on your Android applications. Namely, find out what kind of data structures they are using to store important information and what kind of information they are storing, for example, high scores, passwords, contacts, and e-mails. Besides allowing you to set your high score to a negative number, this is an effective way for you to influence application behavior from its backend. It also gives you a perspective on how applications protect their users' data, for example, is the data encrypted? How is it encrypted? Does the application protect the integrity of the user data? It also makes for a very useful skill when reverse engineering and assessing application security.
Android Security Cookbook
Android Security Cookbook
Overview of this book
Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.
The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.
Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Free Chapter
Android Development Tools
Engaging with Application Security
Android Security Assessment Tools
Exploiting Applications
Protecting Applications
Reverse Engineering Applications
Secure Networking
Native Exploitation and Analysis
Encryption and Developing Device Administration Policies
Index
Customer Reviews