O'Reilly logo

The Mobile Application Hacker's Handbook by Dominic Chell, Tyrone Erasmus, Shaun Colley, Ollie Whitehouse

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 7Attacking Android Applications

With everything you now know about Android applications and the environment under which they operate, you would be correct in assuming that every developer cannot get everything right. Without a deep technical understanding of every security mechanism at play, creating an application that has no vulnerabilities is tough for a developer.

An attacker who is seeking to find vulnerabilities in an application should consider multiple approaches and testing perspectives. The three high-level components to consider for each application are shown in Figure 7.1 and discussed in the list that follows.

  • Application container—Various ways may exist to defeat an application’s sandbox and gain access to application data. Attack vectors could include a malicious application that has been installed on a device, physical access to the device, or reviewing the application for other vulnerabilities.
  • Communications—Due to the choice of protocol and encryption implementation, intercepting and gaining access to the data traversing a channel could be possible. Attack vectors could include ARP (Address Resolution Protocol) poisoning, hosting a malicious wireless network or compromising upstream providers, and positioning yourself to intercept and modify network traffic on a larger scale.
  • Internet server—A server that a mobile application communicates with may include vulnerabilities. Access gained to this server will likely mean the complete compromise of information ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required