Book Image

Android Security Cookbook

Book Image

Android Security Cookbook

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Installing the Native Development Kit (NDK)


If you want to do any low-level exploitation or development on your Android device, you will need to make sure that you can write applications at a lower level on the Android platform. Low level means development in languages like C/C++ using compilers that are built to suit the embedded platform and its various nuances.

What's the difference between Java and the native/low-level programming languages? Well, this topic alone could fill an entire book. But to state just the bare surface-level differences, Java code is compiled and statically—meaning the source code is analyzed—checked before being run in a virtual machine. For Android Java, this virtual machine is called the Dalvik—more on this later. The natively developed components of Android run verbatim—as their source code specifies—on the embedded Linux-like operating system that comes shipped with the Android devices. There is no extra layer of interpretation and checking—besides the odd compiler extensions and optimizations—that goes into getting the native code to run.

The tool chains and documentation provided by the Android team to make native development a painless experience for the Android developers is called the Native Development Kit (NDK). The NDK contains all the tools that the Android developers need to compile their C/C++ code for the Android devices and accommodates ARM-, MIPS-, and x86-embedded platforms. It includes some tools that help the native developers analyze and debug the native applications. This walkthrough discusses how to get the NDK up and running on your machine.

Before we get going, you will need to consult the system requirements list on http://developer.android.com/tools/sdk/ndk/index.html#Reqs to make sure that you're machine is good to go.

How to do it...

Getting the NDK on your machine is as simple as downloading it and making sure that it actually runs. We can use the following steps:

  1. Downloading the NDK is pretty straightforward. Go to http://developer.android.com/tools/sdk/ndk/index.html to grab the latest copy and make sure to select the appropriate version for your system type.

  2. Unzip the NDK to a convenient location.