Book Image

Hacking Android

By : Mohammed A. Imran, Rao Kotipalli
Book Image

Hacking Android

By: Mohammed A. Imran, Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (12 chapters)
11
Index

Guidelines for testing and securing mobile apps


There are multiple organizations providing guidelines for testing and securing mobile apps. The most common ones include OWASP Mobile Top 10 and Veracode Mobile App Top 10. Additionally, there are also guidelines from Google itself on how to secure Android apps by showing examples of what not to do. Having knowledge on these guidelines is important in order to understand what to look for during a penetration test.

Let's have a brief look at OWASP Mobile Top 10 Vulnerabilities.

OWASP Top 10 Mobile Risks (2014)

The following diagram shows the OWASP Top 10 Mobile Risks, which is a list of top 10 mobile app vulnerabilities released in 2014. This is the latest list as of writing this book:

The following are the top 10 vulnerabilities and we will have a deeper look into each of these vulnerabilities in the following sections:

  • M1: Weak Server-Side Controls

  • M2: Insecure Data Storage

  • M3: Insufficient Transport Layer Protection

  • M4: Unintended Data Leakage

  • M5...