Book Image

Hacking Android

By : Srinivasa Rao Kotipalli
Book Image

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (17 chapters)
Hacking Android
Credits
About the Authors
About the Reviewer
www.PacktPub.com
Preface
Index

Static analysis using QARK:


QARK (short for Quick Android Review Kit) is another interesting tool. This is a command line tool and performs static analysis of Android apps by decompiling the APK files using various tools and then analyzing the source code for specific patterns.

QARK has been developed by LinkedIn's in house security team and can be downloaded from the following link:

https://github.com/linkedin/qarkInstructions to setup QARK have been shown in Chapter 1, Setting Up the Lab. Let's see how QARK can be used to perform static analysis of Android apps.

QARK works in the following modes:

  • Interactive mode

  • Seamless mode

We can launch the QARK tool in interactive mode using the following command:

python qark.py

Running the previous command will launch QARK in interactive mode as shown in the following figure:

As we can see in the preceding figure, we can use QARK to analyze the APK files as well as the source code. Let's go with the APK file by choosing 1 and then we need to select the...