You are previewing Android Security Cookbook.
O'Reilly logo
Android Security Cookbook

Book Description

Practical recipes to delve into Android’s security mechanisms by troubleshooting common vulnerabilities in applications and Android OS versions

  • Analyze the security of Android applications and devices, and exploit common vulnerabilities in applications and Android operating systems

  • Develop custom vulnerability assessment tools using the Drozer Android Security Assessment Framework

  • Reverse-engineer Android applications for security vulnerabilities

  • Protect your Android application with up to date hardening techniques

In Detail

The Android operating system is built to protect its users and support the most complex to the simplest applications. Android is built on the Linux kernel and relies on many of Linux’s security mechanisms to protect its users. Applications on the Android platform are supported and protected by the Android application framework by means of mechanisms such as the Permissions Framework and Androids Binder.

Unfortunately, application and system developers may sometimes weaken the inherent security strengths of Android by introducing high level application and low level security flaws to system software; often, this allows attackers to harm users or even take control of a victim’s device or steal sensitive information.

"Android Security Cookbook" covers a variety of topics including analyzing android devices, operating systems, and applications down to code level for security vulnerabilities. It also discusses some measures that application developers can put in place to protect their applications and devices from common vulnerabilities and attacks.

"Android Security Cookbook" discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Mercury and how to develop plugins to customize the framework. Other topics covered include how to perform secure networking from within Android applications, how to reverse-engineer Android applications to find common vulnerabilities, and how to find and remediate common memory corruption vulnerabilities on ARM devices.

In summary, "Android Security Cookbook" provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.

Table of Contents

  1. Android Security Cookbook
    1. Table of Contents
    2. Android Security Cookbook
    3. Credits
    4. About the Authors
    5. About the Reviewers
    6. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    8. 1. Android Development Tools
      1. Introduction
      2. Installing the Android Development Tools (ADT)
        1. How to do it...
      3. Installing the Java Development Kit (JDK)
        1. How to do it...
        2. There's more…
      4. Updating the API sources
        1. How to do it...
      5. Alternative installation of the ADT
        1. How to do it...
      6. Installing the Native Development Kit (NDK)
        1. How to do it...
      7. Emulating Android
        1. How to do it...
      8. Creating Android Virtual Devices (AVDs)
        1. How to do it…
        2. There's more…
          1. Emulating a memory card or an external storage
          2. The partition sizes
        3. See also
      9. Using the Android Debug Bridge (ADB) to interact with the AVDs
        1. How to do it...
        2. There's more…
        3. See also
      10. Copying files off/onto an AVD
        1. How to do it...
      11. Installing applications onto the AVDs via ADB
        1. How to do it...
    9. 2. Engaging with Application Security
      1. Introduction
      2. Inspecting application certificates and signatures
        1. Getting ready
        2. How to do it…
        3. How it works…
        4. There's more...
        5. See also
      3. Signing Android applications
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      4. Verifying application signatures
        1. Getting ready
        2. How to do it...
      5. Inspecting the AndroidManifest.xml file
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      6. Interacting with the activity manager via ADB
        1. Getting ready
        2. How to do it…
        3. There's more...
        4. See also
      7. Extracting application resources via ADB
        1. Getting ready
        2. How to do it…
        3. There's more...
    10. 3. Android Security Assessment Tools
      1. Introduction
      2. Installing and setting up Santoku
        1. Getting ready
        2. How to do it...
        3. There's more...
      3. Setting up drozer
        1. How to do it...
        2. There's more…
      4. Running a drozer session
        1. How to do it...
      5. Enumerating installed packages
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      6. Enumerating activities
        1. How to do it...
        2. There's more...
        3. See also
      7. Enumerating content providers
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      8. Enumerating services
        1. How to do it...
        2. How it works…
        3. See also
      9. Enumerating broadcast receivers
        1. How to do it...
        2. See also
      10. Determining application attack surfaces
        1. How to do it...
        2. How it works…
        3. See also
      11. Launching activities
        1. How to do it...
        2. How it works...
        3. There's more…
        4. See also
      12. Writing a drozer module – a device enumeration module
        1. How to do it...
        2. How it works...
        3. See also
      13. Writing an application certificate enumerator
        1. How to do it...
    11. 4. Exploiting Applications
      1. Introduction
        1. Protecting user data
        2. Protecting applications from one another (isolation and privilege separation)
        3. Protecting communication of sensitive information
      2. Information disclosure via logcat
        1. Getting ready
        2. How to do it...
        3. There's more...
        4. See also
      3. Inspecting network traffic
        1. Getting ready
        2. How to do it…
        3. How it works...
        4. See also
      4. Passive intent sniffing via the activity manager
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Attacking services
        1. How to do it...
        2. See also
      6. Attacking broadcast receivers
        1. How to do it...
        2. How it works…
        3. See also
      7. Enumerating vulnerable content providers
        1. How to do it...
        2. How it works...
        3. See also
      8. Extracting data from vulnerable content providers
        1. How to do it...
        2. See also
      9. Inserting data into content providers
        1. How to do it...
      10. Enumerating SQL-injection vulnerable content providers
        1. How to do it...
        2. See also
      11. Exploiting debuggable applications
        1. How to do it...
        2. See also
      12. Man-in-the-middle attacks on applications
        1. Getting ready
        2. How to do it...
        3. See also
    12. 5. Protecting Applications
      1. Introduction
      2. Securing application components
        1. How to do it...
        2. How it works…
        3. See also
      3. Protecting components with custom permissions
        1. How to do it…
          1. Defining a permission group
        2. How it works...
        3. See also
      4. Protecting content provider paths
        1. How to do it...
        2. See also
      5. Defending against the SQL-injection attack
        1. How to do it...
        2. See also
      6. Application signature verification (anti-tamper)
        1. Getting ready
        2. How to do it...
        3. There's more...
          1. Responding to tamper detection
        4. See also
      7. Tamper protection by detecting the installer, emulator, and debug flag
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      8. Removing all log messages with ProGuard
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. ProGuard output
          2. Limitations
        5. See also
      9. Advanced code obfuscation with DexGuard
        1. Getting ready
          1. Installing the DexGuard Eclipse plugin
          2. Enabling DexGuard for the Ant build system
          3. Enabling DexGuard for the Gradle build system
        2. How to do it...
        3. There's more...
        4. See also
    13. 6. Reverse Engineering Applications
      1. Introduction
      2. Compiling from Java to DEX
        1. Getting ready
        2. How to do it...
        3. How it works...
      3. Decompiling DEX files
        1. Understanding the DEX file format
          1. The DEX file header
          2. The StringIds section
          3. The TypeIds section
          4. The ProtoIds section
          5. The FieldIds section
          6. The MethodIds section
          7. The ClassDefs section
        2. Getting ready
        3. How to do it…
        4. There's more...
        5. See also
      4. Interpreting the Dalvik bytecode
        1. Understanding the Dalvik bytecode
        2. Getting ready
        3. How to do it...
        4. See also
      5. Decompiling DEX to Java
        1. Getting ready
        2. How to do it...
      6. Decompiling the application's native libraries
        1. Getting ready
        2. How to do it...
        3. See also
      7. Debugging the Android processes using the GDB server
        1. Getting ready
        2. How to do it...
    14. 7. Secure Networking
      1. Introduction
      2. Validating self-signed SSL certificates
        1. Getting ready
        2. How to do it...
        3. There's more...
          1. Using self-signed SSL certificates in a live environment
          2. HttpsUrlConnection
          3. Antipattern – what not to do!
        4. See also
      3. Using StrongTrustManager from the OnionKit library
        1. Getting ready
        2. How to do it...
        3. There's more...
          1. The Orbot and Tor networks
          2. Pinning and CACert
        4. See also
      4. SSL pinning
        1. How to do it...
        2. There's more...
          1. Enhancements
          2. Limitations
        3. See also
    15. 8. Native Exploitation and Analysis
      1. Introduction
      2. Inspecting file permissions
        1. Getting ready
        2. How to do it...
        3. There's more...
        4. See also
      3. Cross-compiling native executables
        1. How to do it...
        2. There's more...
        3. See also
      4. Exploitation of race condition vulnerabilities
        1. Getting ready
        2. How to do it...
        3. See also
      5. Stack memory corruption exploitation
        1. Getting ready
        2. How to do it...
        3. See also
      6. Automated native Android fuzzing
        1. Getting ready
        2. How to do it...
          1. Setting up Busybox
          2. Fuzzing dexdump
        3. How it works...
        4. See also
    16. 9. Encryption and Developing Device Administration Policies
      1. Introduction
      2. Using cryptography libraries
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      3. Generating a symmetric encryption key
        1. How to do it...
        2. How it works…
        3. There's more...
          1. Using AES-GCM for strong symmetric encryption
          2. Antipattern – setting the seed
          3. Android's PRNG bug
        4. See also
      4. Securing SharedPreferences data
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Password-based encryption
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more…
        5. See also
      6. Encrypting a database with SQLCipher
        1. Getting ready
        2. How to do it...
        3. How it works…
        4. There's more...
          1. IOCipher
        5. See also
      7. Android KeyStore provider
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      8. Setting up device administration policies
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Disabling device camera
        5. See also
    17. Index