Book Image

Hacking Android

By : Mohammed A. Imran, Rao Kotipalli
Book Image

Hacking Android

By: Mohammed A. Imran, Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (12 chapters)
11
Index

Threats at the backend


Web services are almost similar to web applications. It is possible that web services can be affected with all the common vulnerabilities that a normal web application can have. This has to be kept in mind when developing an API for a mobile app. Some common issues that we see in APIs are listed following:

  • Authentication/Authorization: When developing backend APIs it is very common to build custom authentication. It is possible to have vulnerabilities associated with authentication/authorization.

  • Session management: Session management in mobile platforms is typically done using an authentication token. When the user logs in for the first time, he will be given an authentication token, and this will be used for the rest of the session. If this authentication token is not properly secured till it's destroyed, it may lead to an attack. Killing the session at the client side but not at the server is another common problem that is seen in mobile apps.

  • Input validation:...