Book description
Practical recipes to delve into Android’s security mechanisms by troubleshooting common vulnerabilities in applications and Android OS versions
- Analyze the security of Android applications and devices, and exploit common vulnerabilities in applications and Android operating systems
- Develop custom vulnerability assessment tools using the Drozer Android Security Assessment Framework
- Reverse-engineer Android applications for security vulnerabilities
- Protect your Android application with up to date hardening techniques
In Detail
The Android operating system is built to protect its users and support the most complex to the simplest applications. Android is built on the Linux kernel and relies on many of Linux’s security mechanisms to protect its users. Applications on the Android platform are supported and protected by the Android application framework by means of mechanisms such as the Permissions Framework and Androids Binder.
Unfortunately, application and system developers may sometimes weaken the inherent security strengths of Android by introducing high level application and low level security flaws to system software; often, this allows attackers to harm users or even take control of a victim’s device or steal sensitive information.
"Android Security Cookbook" covers a variety of topics including analyzing android devices, operating systems, and applications down to code level for security vulnerabilities. It also discusses some measures that application developers can put in place to protect their applications and devices from common vulnerabilities and attacks.
"Android Security Cookbook" discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Mercury and how to develop plugins to customize the framework. Other topics covered include how to perform secure networking from within Android applications, how to reverse-engineer Android applications to find common vulnerabilities, and how to find and remediate common memory corruption vulnerabilities on ARM devices.
In summary, "Android Security Cookbook" provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Table of contents
-
Android Security Cookbook
- Table of Contents
- Android Security Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Preface
-
1. Android Development Tools
- Introduction
- Installing the Android Development Tools (ADT)
- Installing the Java Development Kit (JDK)
- Updating the API sources
- Alternative installation of the ADT
- Installing the Native Development Kit (NDK)
- Emulating Android
- Creating Android Virtual Devices (AVDs)
- Using the Android Debug Bridge (ADB) to interact with the AVDs
- Copying files off/onto an AVD
- Installing applications onto the AVDs via ADB
- 2. Engaging with Application Security
-
3. Android Security Assessment Tools
- Introduction
- Installing and setting up Santoku
- Setting up drozer
- Running a drozer session
- Enumerating installed packages
- Enumerating activities
- Enumerating content providers
- Enumerating services
- Enumerating broadcast receivers
- Determining application attack surfaces
- Launching activities
- Writing a drozer module – a device enumeration module
- Writing an application certificate enumerator
-
4. Exploiting Applications
- Introduction
- Information disclosure via logcat
- Inspecting network traffic
- Passive intent sniffing via the activity manager
- Attacking services
- Attacking broadcast receivers
- Enumerating vulnerable content providers
- Extracting data from vulnerable content providers
- Inserting data into content providers
- Enumerating SQL-injection vulnerable content providers
- Exploiting debuggable applications
- Man-in-the-middle attacks on applications
-
5. Protecting Applications
- Introduction
- Securing application components
- Protecting components with custom permissions
- Protecting content provider paths
- Defending against the SQL-injection attack
- Application signature verification (anti-tamper)
- Tamper protection by detecting the installer, emulator, and debug flag
- Removing all log messages with ProGuard
- Advanced code obfuscation with DexGuard
- 6. Reverse Engineering Applications
- 7. Secure Networking
- 8. Native Exploitation and Analysis
- 9. Encryption and Developing Device Administration Policies
- Index
Product information
- Title: Android Security Cookbook
- Author(s):
- Release date: December 2013
- Publisher(s): Packt Publishing
- ISBN: 9781782167167
You might also like
book
Android Security Internals
Android Security Internals delves into Android components and subsystems to give you a deep and complete …
book
Android Security
Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses …
book
Android Apps Security
Android Apps Security provides guiding principles for how to best design and develop Android apps with …
book
Application Security for the Android Platform
With the Android platform fast becoming a target of malicious hackers, application security is crucial. This …