Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hacking Android
  • Table Of Contents Toc
Hacking Android

Hacking Android

By : Mohammed A. Imran, Rao Kotipalli
4.4 (5)
Buy this Book
close
close
Hacking Android

Hacking Android

4.4 (5)
By: Mohammed A. Imran, Rao Kotipalli
Buy this Book

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (12 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Conventions
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Setting Up the Lab
Icon
1. Setting Up the Lab
Icon
Installing the required tools
Icon
Android Studio
Icon
Setting up an AVD
Icon
Configuring the AVD
Icon
ADB Primer
Icon
Summary
2
2. Android Rooting
Icon
2. Android Rooting
Icon
What is rooting?
Icon
Locked and unlocked boot loaders
Icon
Stock recovery and Custom recovery
Icon
Rooting Process and Custom ROM installation
Icon
Rooting a Samsung Note 2
Icon
Flashing the Custom ROM to the phone
Icon
Summary
3
3. Fundamental Building Blocks of Android Apps
Icon
3. Fundamental Building Blocks of Android Apps
Icon
Basics of Android apps
Icon
Android app components
Icon
Building DEX files from the command line
Icon
What happens when an app is run?
Icon
Understanding app sandboxing
Icon
Summary
4
4. Overview of Attacking Android Apps
Icon
4. Overview of Attacking Android Apps
Icon
Introduction to Android apps
Icon
Understanding the app's attack surface
Icon
Threats at the client side
Icon
Threats at the backend
Icon
Guidelines for testing and securing mobile apps
Icon
Automated tools
Icon
Identifying the attack surface
Icon
QARK (Quick Android Review Kit)
Icon
Summary
5
5. Data Storage and Its Security
Icon
5. Data Storage and Its Security
Icon
What is data storage?
Icon
Shared preferences
Icon
SQLite databases
Icon
Internal storage
Icon
External storage
Icon
User dictionary cache
Icon
Insecure data storage – NoSQL database
Icon
Backup techniques
Icon
Being safe
Icon
Summary
6
6. Server-Side Attacks
Icon
6. Server-Side Attacks
Icon
Different types of mobile apps and their threat model
Icon
Mobile applications server-side attack surface
Icon
Strategies for testing mobile backend
Icon
Summary
7
7. Client-Side Attacks – Static Analysis Techniques
Icon
7. Client-Side Attacks – Static Analysis Techniques
Icon
Attacking application components
Icon
Static analysis using QARK:
Icon
Summary
8
8. Client-Side Attacks – Dynamic Analysis Techniques
chevron up
Icon
8. Client-Side Attacks – Dynamic Analysis Techniques
Icon
Automated Android app assessments using Drozer
Icon
Introduction to Cydia Substrate
Icon
Runtime monitoring and analysis using Introspy
Icon
Hooking using Xposed framework
Icon
Dynamic instrumentation using Frida
Icon
Logging based vulnerabilities
Icon
WebView attacks
Icon
Summary
9
9. Android Malware
Icon
9. Android Malware
Icon
What do Android malwares do?
Icon
Writing Android malwares
Icon
Registering permissions
Icon
Malware analysis
Icon
Tools for automated analysis
Icon
Summary
10
10. Attacks on Android Devices
Icon
10. Attacks on Android Devices
Icon
MitM attacks
Icon
Dangers with apps that provide network level access
Icon
Using existing exploits
Icon
Malware
Icon
Bypassing screen locks
Icon
Pulling data from the sdcard
Icon
Summary
11
Index
Icon
Index

Logging based vulnerabilities

Inspecting adb logs often provides us a great deal of information during a penetration test. Mobile app developers use the Log class to log debugging information in to the device logs. These logs are accessible to any other application with READ_LOGS permission prior to the Android 4.1 version. This permission has been removed after Android 4.1 and only system apps can access the device logs. However, an attacker with physical access can still use the adb logcat command to view the logs. It is also possible to write a malicious app and read the logs with elevated privileges on a rooted device.

The Yahoo messenger app was vulnerable to this attack as it was logging user chats along with the session ID into the logs. Any app that has READ_LOGS permission could access these chats as well as the session ID.

Following are the details of the vulnerable Yahoo messenger application:

Package name: com.yahoo.mobile.client.android.im

Version: 1.8.4

The following steps show...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hacking Android
End of Section 8
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon