Book Image

Hacking Android

By : Srinivasa Rao Kotipalli
Book Image

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

Related Content you might be interested in

Current Title:

Small book image
Hacking Android
Srinivasa Rao Kotipalli
Jul, 2016 | 376 pages
No titles found
Table of Contents (17 chapters)
Hacking Android
Hacking Android
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Setting Up the Lab
Setting Up the Lab
Installing the required tools
Android Studio
Setting up an AVD
Configuring the AVD
ADB Primer
Summary
2
Android Rooting
Android Rooting
What is rooting?
Locked and unlocked boot loaders
Stock recovery and Custom recovery
Rooting Process and Custom ROM installation
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary
3
Fundamental Building Blocks of Android Apps
Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app components
Building DEX files from the command line
What happens when an app is run?
Understanding app sandboxing
Summary
4
Overview of Attacking Android Apps
Overview of Attacking Android Apps
Introduction to Android apps
Understanding the app's attack surface
Threats at the client side
Threats at the backend
Guidelines for testing and securing mobile apps
Automated tools
Identifying the attack surface
QARK (Quick Android Review Kit)
Summary
5
Data Storage and Its Security
Data Storage and Its Security
What is data storage?
Shared preferences
SQLite databases
Internal storage
External storage
User dictionary cache
Insecure data storage – NoSQL database
Backup techniques
Being safe
Summary
6
Server-Side Attacks
Server-Side Attacks
Different types of mobile apps and their threat model
Mobile applications server-side attack surface
Strategies for testing mobile backend
Summary
7
Client-Side Attacks – Static Analysis Techniques
Client-Side Attacks – Static Analysis Techniques
Attacking application components
Static analysis using QARK:
Summary
8
Client-Side Attacks – Dynamic Analysis Techniques
Client-Side Attacks – Dynamic Analysis Techniques
Automated Android app assessments using Drozer
Introduction to Cydia Substrate
Runtime monitoring and analysis using Introspy
Hooking using Xposed framework
Dynamic instrumentation using Frida
Logging based vulnerabilities
WebView attacks
Summary
9
Android Malware
Android Malware
What do Android malwares do?
Writing Android malwares
Registering permissions
Malware analysis
Tools for automated analysis
Summary
10
Attacks on Android Devices
Attacks on Android Devices
MitM attacks
Dangers with apps that provide network level access
Using existing exploits
Malware
Bypassing screen locks
Pulling data from the sdcard
Summary
Index
Index

Being safe

It's clear that sensitive information shouldn't be stored in clear text and great care must be taken to store the data securely.

Try to avoid storing sensitive data on the device and store it at the server side. If you cannot avoid it, usage of strong encryption algorithms should be considered to encrypt the data. There are libraries available for encrypting your data when you save it on the device.

Secure Preferences is one such library that can be used to encrypt data in shared preferences. This can be found at the following link https://github.com/scottyab/secure-preferences.

SQLCipher is an option for encrypting SQLite databases. SQLCipher can be found at the following link https://www.zetetic.net/sqlcipher/sqlcipher-for-android/.

It should be noted that key management is a problem when using symmetric encryption algorithms such as AES. In such cases, Password Based Encryption (PBE) is another option, where the key will be derived based on the user-entered password.

If you consider...

Previous Section
End of Section 10
Next Section