Hacking Android

Hacking Android

By : Srinivasa Rao Kotipalli

Buy this Book

Hacking Android

By: Srinivasa Rao Kotipalli

Buy this Book

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

Hacking Android

Credits

About the Authors

About the Reviewer

www.PacktPub.com

Preface

Free Chapter

Setting Up the Lab

Installing the required tools

Summary

Android Rooting

What is rooting?

Locked and unlocked boot loaders

Stock recovery and Custom recovery

Rooting Process and Custom ROM installation

Rooting a Samsung Note 2

Flashing the Custom ROM to the phone

Summary

Fundamental Building Blocks of Android Apps

Basics of Android apps

Android app components

Building DEX files from the command line

What happens when an app is run?

Understanding app sandboxing

Summary

Overview of Attacking Android Apps

Introduction to Android apps

Understanding the app's attack surface

Threats at the client side

Threats at the backend

Guidelines for testing and securing mobile apps

Automated tools

Identifying the attack surface

QARK (Quick Android Review Kit)

Summary

Data Storage and Its Security

What is data storage?

User dictionary cache

Insecure data storage – NoSQL database

Backup techniques

Being safe

Summary

Server-Side Attacks

Different types of mobile apps and their threat model

Mobile applications server-side attack surface

Strategies for testing mobile backend

Summary

Client-Side Attacks – Static Analysis Techniques

Attacking application components

Static analysis using QARK:

Summary

Client-Side Attacks – Dynamic Analysis Techniques

Automated Android app assessments using Drozer

Introduction to Cydia Substrate

Runtime monitoring and analysis using Introspy

Hooking using Xposed framework

Dynamic instrumentation using Frida

Logging based vulnerabilities

WebView attacks

Summary

Android Malware

What do Android malwares do?

Writing Android malwares

Registering permissions

Malware analysis

Tools for automated analysis

Summary

Attacks on Android Devices

MitM attacks

Dangers with apps that provide network level access

Using existing exploits

Malware

Bypassing screen locks

Pulling data from the sdcard

Summary

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Summary

In this chapter, we have discussed various tools which helped us to reduce the time spent on testing client-side attacks. We have covered Drozer in depth discussing how we can test activities, content providers, and broadcast receivers used by Android apps. We have also seen how Cydia Substrate, Introspy, and Xposed frameworks can be used to do dynamic analysis. Finally we learned how Frida can be used to do dynamic instrumentation without much hassle and coding. We then finished this chapter with discussing issues with logging sensitive information in logs.

In the next chapter, we will be looking into various attacks that are possible on an Android device.

Hacking Android

By : Srinivasa Rao Kotipalli

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

Related Content you might be interested in

Current Title:

Hacking Android

Summary