Book Image

Hacking Android

By : Mohammed A. Imran, Rao Kotipalli
Book Image

Hacking Android

By: Mohammed A. Imran, Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (12 chapters)
11
Index

User dictionary cache


User dictionary is a very handy feature in most mobile devices. This is used to allow your keyboard to remember frequently typed words. When we type a specific word into the keyboard, it automatically provides some suggestions. Android also has this feature and it stores frequently used words in a file named user_dict.db. So developers must be cautious when developing applications. If sensitive information typed into the Android app is allowed to be cached, this data can be accessed by anyone by exploring the user_dict.db file on your device or by using its content provider URI.

Since the user dictionary is accessible by any application using the user dictionary app's content provider, it's trivial for someone to read it and glean interesting information.

As we have done with other .db files, let's pull the user_dict.db database file from the device and open it with an SQLite Browser:

c:>adb pull /data/data/com.android.providers.userdictionary/databases/user_dict.db...