Book Image

Android Security Cookbook

Book Image

Android Security Cookbook

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (16 chapters)
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface
Index

Introduction


The previous chapter discussed the flaws in the applications; they can be exploited and discovered without the need to know exactly how they have been developed. Though there were detailed explanations on some common source code that caused this specific issue, we didn't need to read the source code to know that a SQL injection was possible. Largely, our first step in the direction of a successful exploit was to analyze the behavior of an application from a context that is ignorant of the actual details surrounding its behavior. The reverse engineering discussed in this chapter aims to uncover every single detail of an application's inner workings in order to exploit it.

Reverse engineering, when applied to computer software, is the process of learning how something works and developing ways to make use of, or abuse, this information. For example, reading the source code of a kernel driver may lead to finding a potential memory-corruption flaw, such as improper bounds checking...