Book Image

Hacking Android

By : Srinivasa Rao Kotipalli
Book Image

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

Related Content you might be interested in

Current Title:

Small book image
Hacking Android
Srinivasa Rao Kotipalli
Jul, 2016 | 376 pages
No titles found
Table of Contents (17 chapters)
Hacking Android
Hacking Android
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Setting Up the Lab
Setting Up the Lab
Installing the required tools
Android Studio
Setting up an AVD
Configuring the AVD
ADB Primer
Summary
2
Android Rooting
Android Rooting
What is rooting?
Locked and unlocked boot loaders
Stock recovery and Custom recovery
Rooting Process and Custom ROM installation
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary
3
Fundamental Building Blocks of Android Apps
Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app components
Building DEX files from the command line
What happens when an app is run?
Understanding app sandboxing
Summary
4
Overview of Attacking Android Apps
Overview of Attacking Android Apps
Introduction to Android apps
Understanding the app's attack surface
Threats at the client side
Threats at the backend
Guidelines for testing and securing mobile apps
Automated tools
Identifying the attack surface
QARK (Quick Android Review Kit)
Summary
5
Data Storage and Its Security
Data Storage and Its Security
What is data storage?
Shared preferences
SQLite databases
Internal storage
External storage
User dictionary cache
Insecure data storage – NoSQL database
Backup techniques
Being safe
Summary
6
Server-Side Attacks
Server-Side Attacks
Different types of mobile apps and their threat model
Mobile applications server-side attack surface
Strategies for testing mobile backend
Summary
7
Client-Side Attacks – Static Analysis Techniques
Client-Side Attacks – Static Analysis Techniques
Attacking application components
Static analysis using QARK:
Summary
8
Client-Side Attacks – Dynamic Analysis Techniques
Client-Side Attacks – Dynamic Analysis Techniques
Automated Android app assessments using Drozer
Introduction to Cydia Substrate
Runtime monitoring and analysis using Introspy
Hooking using Xposed framework
Dynamic instrumentation using Frida
Logging based vulnerabilities
WebView attacks
Summary
9
Android Malware
Android Malware
What do Android malwares do?
Writing Android malwares
Registering permissions
Malware analysis
Tools for automated analysis
Summary
10
Attacks on Android Devices
Attacks on Android Devices
MitM attacks
Dangers with apps that provide network level access
Using existing exploits
Malware
Bypassing screen locks
Pulling data from the sdcard
Summary
Index
Index

External storage

Another important storage mechanism in android is SDCARD or external storage where apps can store data. Some of the well-known applications store their data in the external storage. Care should be taken while storing data on SDCARD as it's world writable and readable or better yet simply remove the SDCARD from the device. We can then mount it to another device, for us to access and read the data.

Let's use the earlier example and instead of storing it in the internal storage, the application now stores it on the external storage, that is, the SDCARD:

            String publicKeyFilename = public.key;
            String privateKeyFilename = private.key;

        try{
            GenerateRSAKeys generateRSAKeys = new GenerateRSAKeys();
            Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

            // Generate public & private keys
            KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC");
            
  ...
Previous Section
End of Section 6
Next Section