Hacking Android

Hacking Android

By : Srinivasa Rao Kotipalli

Buy this Book

Hacking Android

By: Srinivasa Rao Kotipalli

Buy this Book

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

Hacking Android

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Setting Up the Lab

Installing the required tools

Summary

Android Rooting

What is rooting?

Locked and unlocked boot loaders

Stock recovery and Custom recovery

Rooting Process and Custom ROM installation

Rooting a Samsung Note 2

Flashing the Custom ROM to the phone

Summary

Fundamental Building Blocks of Android Apps

Basics of Android apps

Android app components

Building DEX files from the command line

What happens when an app is run?

Understanding app sandboxing

Summary

Overview of Attacking Android Apps

Introduction to Android apps

Understanding the app's attack surface

Threats at the client side

Threats at the backend

Guidelines for testing and securing mobile apps

Automated tools

Identifying the attack surface

QARK (Quick Android Review Kit)

Summary

Data Storage and Its Security

What is data storage?

User dictionary cache

Insecure data storage – NoSQL database

Backup techniques

Being safe

Summary

Server-Side Attacks

Different types of mobile apps and their threat model

Mobile applications server-side attack surface

Strategies for testing mobile backend

Summary

Client-Side Attacks – Static Analysis Techniques

Attacking application components

Static analysis using QARK:

Summary

Client-Side Attacks – Dynamic Analysis Techniques

Automated Android app assessments using Drozer

Introduction to Cydia Substrate

Runtime monitoring and analysis using Introspy

Hooking using Xposed framework

Dynamic instrumentation using Frida

Logging based vulnerabilities

WebView attacks

Summary

Android Malware

What do Android malwares do?

Writing Android malwares

Registering permissions

Malware analysis

Tools for automated analysis

Summary

Attacks on Android Devices

MitM attacks

Dangers with apps that provide network level access

Using existing exploits

Malware

Bypassing screen locks

Pulling data from the sdcard

Summary

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Chapter 5. Data Storage and Its Security

This chapter gives an introduction to the techniques typically used to assess data storage security of Android applications. We will begin with the different techniques used by developers to store the data locally and how they can affect the security. Then, we shall look into security implications of the data storage choices made by developers.

These are some of the major topics that we will discuss in this chapter:

What is data storage?
Shared preferences
SQLite databases
Internal storage
External storage
Data storage with CouchDB
Backup based techniques
Examining Android apps on non rooted devices

Hacking Android

By : Srinivasa Rao Kotipalli

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

Related Content you might be interested in

Current Title:

Hacking Android

Chapter 5. Data Storage and Its Security