This chapter gives an overview of attack surface of Android. We will discuss the possible attacks on Android apps, devices, and other components in application architecture. Essentially, we will build a simple threat model for a traditional application that communicates with databases over the network. It is essential to understand the possible threats that an application may come across, in order to understand what to test during a penetration test. This chapter is a high level overview and contains lesser technical details.
This chapter covers the following topics:
Introduction to Android apps
Threat modeling for mobile apps
Overview of OWASP mobile top 10 vulnerabilities
Introduction to automated tools for Android app assessments
Attacks on mobiles can be categorized into various categories such as exploiting vulnerabilities in the Kernel, attacking vulnerable apps, tricking the users to download and run malwares thus stealing personal data from...