You are previewing Android Security.
O'Reilly logo
Android Security

Book Description

Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics of the Android platform and its security issues.

Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission requirements. It also rates the Android permissions based on security implications and covers JEB Decompiler.

The authors describe how to write Android bots in JAVA and how to use reversing tools to decompile any Android application. They also cover the Android file system, including import directories and files, so readers can perform basic forensic analysis on file system and SD cards. The book includes access to a wealth of resources on its website: www.androidinsecurity.com. It explains how to crack SecureApp.apk discussed in the text and also makes the application available on its site.

The book includes coverage of advanced topics such as reverse engineering and forensics, mobile device pen-testing methodology, malware analysis, secure coding, and hardening guidelines for Android. It also explains how to analyze security implications for Android mobile devices/applications and incorporate them into enterprise SDLC processes.

The book’s site includes a resource section where readers can access downloads for applications, tools created by users, and sample applications created by the authors under the Resource section. Readers can easily download the files and use them in conjunction with the text, wherever needed. Visit www.androidinsecurity.com for more information.

Table of Contents

    1. About the Book
    2. Assumptions
    3. Audience
    4. Support
    5. Structure
    1. Anmol Misra
    2. Abhishek Dubey
    1. 1.1 Why Android
    2. 1.2 Evolution of Mobile Threats
    3. 1.3 Android Overview
    4. 1.4 Android Marketplaces
    5. 1.5 Summary
      1. Figure 1.1
      2. Figure 1.2
      3. Figure 1.3
      4. Figure 1.4
      5. Figure 1.5
      6. Figure 1.6
      7. Figure 1.7
      8. Figure 1.8
      9. Figure 1.9
      10. Figure 1.10
      11. Figure 1.11
      12. Figure 1.12
      1. Table 1.1
    1. 2.1 Android Architecture Overview
      1. 2.1.1 Linux Kernel
      2. 2.1.2 Libraries
      3. 2.1.3 Android Runtime
      4. 2.1.4 Application Framework
      5. 2.1.5 Applications
    2. 2.2 Android Start Up and Zygote
    3. 2.3 Android SDK and Tools
      1. 2.3.1 Downloading and Installing the Android SDK
      2. 2.3.2 Developing with Eclipse and ADT
      3. 2.3.3 Android Tools
      4. 2.3.4 DDMS
      5. 2.3.5 ADB
      6. 2.3.6 ProGuard
    4. 2.4 Anatomy of the “Hello World” Application
      1. 2.4.1 Understanding Hello World
    5. 2.5 Summary
      1. Figure 2.1
      2. Figure 2.2
      3. Figure 2.3
      4. Figure 2.4
      5. Figure 2.5
      6. Figure 2.6
      7. Figure 2.7
      8. Figure 2.8
      9. Figure 2.9
      10. Figure 2.10
      11. Figure 2.11
      12. Figure 2.12
      13. Figure 2.13
      14. Figure 2.14
      15. Figure 2.15
      1. Table 2.1
      2. Table 2.2
      3. Table 2.3
      4. Table 2.4
      5. Table 2.5
      6. Table 2.6
    1. 3.1 Application Components
      1. 3.1.1 Activities
      2. 3.1.2 Intents
      3. 3.1.3 Broadcast Receivers
      4. 3.1.4 Services
      5. 3.1.5 Content Providers
    2. 3.2 Activity Lifecycles
    3. 3.3 Summary
      1. Figure 3.1
      2. Figure 3.2
      3. Figure 3.3
      4. Figure 3.4
      5. Figure 3.5
      6. Figure 3.6
      7. Figure 3.7
      8. Figure 3.8
      9. Figure 3.9
      10. Figure 3.10
      11. Figure 3.11
      12. Figure 3.12
      1. Table 3.1
      2. Table 3.2
      3. Table 3.3
    1. 4.1 Android Security Model
    2. 4.2 Permission Enforcement—Linux
    3. 4.3 Android’s Manifest Permissions
      1. 4.3.1 Requesting Permissions
      2. 4.3.2 Putting It All Together
    4. 4.4 Mobile Security Issues
      1. 4.4.1 Device
      2. 4.4.2 Patching
      3. 4.4.3 External Storage
      4. 4.4.4 Keyboards
      5. 4.4.5 Data Privacy
      6. 4.4.6 Application Security
      7. 4.4.7 Legacy Code
    5. 4.5 Recent Android Attacks—A Walkthrough
      1. 4.5.1 Analysis of DroidDream Variant
      2. 4.5.2 Analysis of Zsone
      3. 4.5.3 Analysis of Zitmo Trojan
    6. 4.6 Summary
      1. Figure 4.1
      2. Figure 4.2
      3. Figure 4.3
      4. Figure 4.4
      5. Figure 4.5
      6. Figure 4.6
      7. Figure 4.7
      8. Figure 4.8
      9. Figure 4.9
      10. Figure 4.10
      11. Figure 4.11
      12. Figure 4.12
      13. Figure 4.13
      14. Figure 4.14
      15. Figure 4.15
      16. Figure 4.16
      1. Table 4.1
    1. 5.1 Penetration Testing Methodology
      1. 5.1.1 External Penetration Test
      2. 5.1.2 Internal Penetration Test
      3. 5.1.3 Penetration Test Methodologies
      4. 5.1.4 Static Analysis
      5. 5.1.5 Steps to Pen Test Android OS and Devices
    2. 5.2 Tools for Penetration Testing Android
      1. 5.2.1 Nmap
      2. 5.2.2 BusyBox
      3. 5.2.3 Wireshark
      4. 5.2.4 Vulnerabilities in the Android OS
    3. 5.3 Penetration Testing—Android Applications
      1. 5.3.1 Android Applications
      2. 5.3.2 Application Security
    4. 5.4 Miscellaneous Issues
      1. 5.4.1 Data Storage on Internal, External, and Cloud
    5. 5.5 Summary
      1. Figure 5.1
      2. Figure 5.2
      3. Figure 5.3
      4. Figure 5.4
      5. Figure 5.5
      6. Figure 5.6
      7. Figure 5.7
      8. Figure 5.8
      9. Figure 5.9
      10. Figure 5.10
      11. Figure 5.11
      12. Figure 5.12
      13. Figure 5.13 (a)
      14. Figure 5.13 (b)
      1. Table 5.1
    1. 6.1 Introduction
    2. 6.2 What is Malware?
    3. 6.3 Identifying Android Malware
    4. 6.4 Reverse Engineering Methodology for Android Applications
    5. 6.5 Summary
      1. Figure 6.1
      2. Figure 6.2
      3. Figure 6.3
      4. Figure 6.4
      5. Figure 6.5
      6. Figure 6.6
      7. Figure 6.7
      8. Figure 6.8
      9. Figure 6.9
      10. Figure 6.10
      11. Figure 6.11
      12. Figure 6.12
      13. Figure 6.13
      14. Figure 6.14
      15. Figure 6.15
      16. Figure 6.16
      17. Figure 6.17
      18. Figure 6.18
      19. Figure 6.19
      20. Figure 6.20
      21. Figure 6.21
      22. Figure 6.22
      23. Figure 6.23
      24. Figure 6.24
      25. Figure 6.25
      1. Table 6.1
      2. Table 6.2
      3. Table 6.3
      4. Table 6.4
    1. 7.1 Introduction
      1. 7.1.1 To Add Malicious Behavior
      2. 7.1.2 To Eliminate Malicious Behavior
      3. 7.1.3 To Bypass Intended Functionality
    2. 7.2 DEX File Format
    3. 7.3 Case Study: Modifying the Behavior of an Application
    4. 7.4 Real World Example 1—Google Wallet Vulnerability
    5. 7.5 Real World Example 2—Skype Vulnerability (CVE-2011-1717)
    6. 7.6 Defensive Strategies
      1. 7.6.1 Perform Code Obfuscation
      2. 7.6.2 Perform Server Side Processing
      3. 7.6.3 Perform Iterative Hashing and Use Salt
      4. 7.6.4 Choose the Right Location for Sensitive Information
      5. 7.6.5 Cryptography
      6. 7.6.6 Conclusion
    7. 7.7 Summary
      1. Figure 7.1
      2. Figure 7.2
      3. Figure 7.3
      4. Figure 7.4
      5. Figure 7.5
      6. Figure 7.6
      7. Figure 7.7
      8. Figure 7.8
      9. Figure 7.9
      10. Figure 7.10
      11. Figure 7.11
      12. Figure 7.12
      13. Figure 7.13
      14. Figure 7.14
      15. Figure 7.15
      16. Figure 7.16
      17. Figure 7.17
      18. Figure 7.18
      19. Figure 7.19
      20. Figure 7.20
    1. 8.1 Introduction
    2. 8.2 Android File System
      1. 8.2.1 Mount Points
      2. 8.2.2 File Systems
      3. 8.2.3 Directory Structure
    3. 8.3 Android Application Data
      1. 8.3.1 Storage Options
      2. 8.3.2 /data/data
    4. 8.4 Rooting Android Devices
    5. 8.5 Imaging Android
    6. 8.6 Accessing Application Databases
    7. 8.7 Extracting Data from Android Devices
    8. 8.8 Summary
      1. Figure 8.1
      2. Figure 8.2
      3. Figure 8.3
      4. Figure 8.4
      5. Figure 8.5
      6. Figure 8.6
      7. Figure 8.7
      8. Figure 8.8
      9. Figure 8.9
      10. Figure 8.10
      11. Figure 8.11
      12. Figure 8.12
      13. Figure 8.13
      14. Figure 8.14
      15. Figure 8.15
      16. Figure 8.16
      17. Figure 8.17
      1. Table 8.1
      2. Table 8.2
      3. Table 8.3
      4. Table 8.4
    1. 9.1 Android in Enterprise
      1. 9.1.1 Security Concerns for Android in Enterprise
        1. Lack of Physical Control of Devices
        2. Use of “User-Owned” Untrusted Devices
        3. Connecting to “Unapproved and Untrusted Networks”
        4. Use of Untrusted Applications
        5. Connections with “Untrusted” Systems
        6. Unknown Content
        7. Use of GPS (location-related services)
        8. Lack of Control of Patching Applications and OS
      2. 9.1.2 End-User Awareness
      3. 9.1.3 Compliance/Audit Considerations
      4. 9.1.4 Recommended Security Practices for Mobile Devices
    2. 9.2 Hardening Android
      1. 9.2.1 Deploying Android Securely
        1. Unauthorized Device Access
          1. Setting Up a Screen Lock
          2. Setting up the SIM Lock
          3. Remote Wipe
        2. Other Settings
        3. Encryption
      2. 9.2.2 Device Administration
    3. 9.3 Summary
      1. Figure 9.1
      2. Figure 9.2
      3. Figure 9.3
      4. Figure 9.4
      5. Figure 9.5
      6. Figure 9.6
      7. Figure 9.7
      8. Figure 9.8
      9. Figure 9.9
      10. Figure 9.10
      11. Figure 9.11
      12. Figure 9.12
    1. 10.1 Mobile HTML Security
      1. 10.1.1 Cross-Site Scripting
      2. 10.1.2 SQL Injection
      3. 10.1.3 Cross-Site Request Forgery
      4. 10.1.4 Phishing
    2. 10.2 Mobile Browser Security
      1. 10.2.1 Browser Vulnerabilities
        1. Drive-by Downloads
    3. 10.3 The Future Landscape
      1. 10.3.1 The Phone as a Spying/Tracking Device
      2. 10.3.2 Controlling Corporate Networks and Other Devices through Mobile Devices
      3. 10.3.3 Mobile Wallets and NFC
    4. 10.4 Summary
      1. Figure 10.1
      2. Figure 10.2
      3. Figure 10.3
      4. Figure 10.4
      1. Table 10.1
      2. Table 10.2
    1. Table A.1
    1. B.1 Views
    2. B.2 Code Views
    3. B.3 Keyboard Shortcuts
    4. B.4 Options
      1. Figure B.1
      2. Figure B.2
      3. Figure B.3
      1. Table B.1
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10