Book Image

Hacking Android

By : Srinivasa Rao Kotipalli
Book Image

Hacking Android

By: Srinivasa Rao Kotipalli

Overview of this book

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Table of Contents (17 chapters)
Hacking Android
About the Authors
About the Reviewer

Malware analysis

This section shows how to analyze Android malwares using both static and dynamic analysis techniques. We are going to use reverse engineering techniques that are commonly used in the real world to analyze malware using static analysis techniques. tcpdump is going to be used for dynamic analysis of the app to see the network calls being made by the app. We can also use tools such as introspy to capture the other sensitive API calls being made by the app. This section shows the analysis of the SMS stealer application that we used earlier.

Static analysis

Let's begin with static analysis using reverse engineering techniques. When an app has to be analyzed for malicious behavior, it is easier if we have access to its source code.

Disassembling Android apps using Apktool

We can use Apktool to disassemble the app and get the smali version of the code.

The following are the steps to achieve it:

  1. Navigate to the location of the app:

    $ pwd