Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Android Security Cookbook
  • Table Of Contents Toc
Android Security Cookbook

Android Security Cookbook

By : Makan
4.8 (6)
Buy this Book
close
close
Android Security Cookbook

Android Security Cookbook

4.8 (6)
By: Makan
Buy this Book

Overview of this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Android Development Tools
Icon
1. Android Development Tools
Icon
Introduction
Icon
Installing the Android Development Tools (ADT)
Icon
Installing the Java Development Kit (JDK)
Icon
Updating the API sources
Icon
Alternative installation of the ADT
Icon
Installing the Native Development Kit (NDK)
Icon
Emulating Android
Icon
Creating Android Virtual Devices (AVDs)
Icon
Using the Android Debug Bridge (ADB) to interact with the AVDs
Icon
Copying files off/onto an AVD
Icon
Installing applications onto the AVDs via ADB
2
2. Engaging with Application Security
Icon
2. Engaging with Application Security
Icon
Introduction
Icon
Inspecting application certificates and signatures
Icon
Signing Android applications
Icon
Verifying application signatures
Icon
Inspecting the AndroidManifest.xml file
Icon
Interacting with the activity manager via ADB
Icon
Extracting application resources via ADB
3
3. Android Security Assessment Tools
Icon
3. Android Security Assessment Tools
Icon
Introduction
Icon
Installing and setting up Santoku
Icon
Setting up drozer
Icon
Running a drozer session
Icon
Enumerating installed packages
Icon
Enumerating activities
Icon
Enumerating content providers
Icon
Enumerating services
Icon
Enumerating broadcast receivers
Icon
Determining application attack surfaces
Icon
Launching activities
Icon
Writing a drozer module – a device enumeration module
Icon
Writing an application certificate enumerator
4
4. Exploiting Applications
Icon
4. Exploiting Applications
Icon
Introduction
Icon
Information disclosure via logcat
Icon
Inspecting network traffic
Icon
Passive intent sniffing via the activity manager
Icon
Attacking services
Icon
Attacking broadcast receivers
Icon
Enumerating vulnerable content providers
Icon
Extracting data from vulnerable content providers
Icon
Inserting data into content providers
Icon
Enumerating SQL-injection vulnerable content providers
Icon
Exploiting debuggable applications
Icon
Man-in-the-middle attacks on applications
5
5. Protecting Applications
Icon
5. Protecting Applications
Icon
Introduction
Icon
Securing application components
Icon
Protecting components with custom permissions
Icon
Protecting content provider paths
Icon
Defending against the SQL-injection attack
Icon
Application signature verification (anti-tamper)
Icon
Tamper protection by detecting the installer, emulator, and debug flag
Icon
Removing all log messages with ProGuard
Icon
Advanced code obfuscation with DexGuard
6
6. Reverse Engineering Applications
Icon
6. Reverse Engineering Applications
Icon
Introduction
Icon
Compiling from Java to DEX
Icon
Decompiling DEX files
Icon
Interpreting the Dalvik bytecode
Icon
Decompiling DEX to Java
Icon
Decompiling the application's native libraries
Icon
Debugging the Android processes using the GDB server
7
7. Secure Networking
Icon
7. Secure Networking
Icon
Introduction
Icon
Validating self-signed SSL certificates
Icon
Using StrongTrustManager from the OnionKit library
Icon
SSL pinning
8
8. Native Exploitation and Analysis
Icon
8. Native Exploitation and Analysis
Icon
Introduction
Icon
Inspecting file permissions
Icon
Cross-compiling native executables
Icon
Exploitation of race condition vulnerabilities
Icon
Stack memory corruption exploitation
Icon
Automated native Android fuzzing
9
9. Encryption and Developing Device Administration Policies
chevron up
Icon
9. Encryption and Developing Device Administration Policies
Icon
Introduction
Icon
Using cryptography libraries
Icon
Generating a symmetric encryption key
Icon
Securing SharedPreferences data
Icon
Password-based encryption
Icon
Encrypting a database with SQLCipher
Icon
Android KeyStore provider
Icon
Setting up device administration policies
10
Index
Icon
Index

Using cryptography libraries

One of the great things about Android using Java as the core programming language is that it includes the Java Cryptographic Extensions (JCE). JCE is a well-established, tested set of security APIs. Android uses Bouncy Castle as the open source implementation of those APIs. However, the Bouncy Castle version varies between Android versions; and only the newer versions of Android get the latest fixes. That's not all in an effort to reduce the size of Bouncy Castle; Android customizes the Bouncy Castle libraries and removes some of the services and APIs. For example, if you intend on using Elliptic Curve Cryptography (ECC ), you will see provider errors when running it on Android versions below 4.0. Also, although Bouncy Castle supports the AES-GCM scheme (which we'll cover in the next recipe), you cannot use this in Android without including it separately.

To solve this, we can include an application-specific implementation of cryptographic libraries. This recipe...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Android Security Cookbook
End of Section 9
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon