Table of Contents
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Android Development Tools
Introduction
Installing the Android Development Tools (ADT)
How to do it...
Installing the Java Development Kit (JDK)
How to do it...
There's more…
Updating the API sources
How to do it...
Alternative installation of the ADT
How to do it...
Installing the Native Development Kit (NDK)
How to do it...
Emulating Android
How to do it...
Creating Android Virtual Devices (AVDs)
How to do it…
There's more…
Emulating a memory card or an external storage
The partition sizes
See also
Using the Android Debug Bridge (ADB) to interact with the AVDs
How to do it...
There's more…
See also
Copying files off/onto an AVD
How to do it...
Installing applications onto the AVDs via ADB
How to do it...
2. Engaging with Application Security
Introduction
Inspecting application certificates and signatures
Getting ready
How to do it…
How it works…
There's more...
See also
Signing Android applications
Getting ready
How to do it...
How it works...
See also
Verifying application signatures
Getting ready
How to do it...
Inspecting the AndroidManifest.xml file
Getting ready
How to do it...
How it works...
See also
Interacting with the activity manager via ADB
Getting ready
How to do it…
There's more...
See also
Extracting application resources via ADB
Getting ready
How to do it…
There's more...
3. Android Security Assessment Tools
Introduction
Installing and setting up Santoku
Getting ready
How to do it...
There's more...
Setting up drozer
How to do it...
There's more…
Running a drozer session
How to do it...
Enumerating installed packages
How to do it...
How it works...
There's more...
See also
Enumerating activities
How to do it...
There's more...
See also
Enumerating content providers
How to do it...
How it works...
There's more...
See also
Enumerating services
How to do it...
How it works…
See also
Enumerating broadcast receivers
How to do it...
See also
Determining application attack surfaces
How to do it...
How it works…
See also
Launching activities
How to do it...
How it works...
There's more…
See also
Writing a drozer module – a device enumeration module
How to do it...
How it works...
See also
Writing an application certificate enumerator
How to do it...
4. Exploiting Applications
Introduction
Protecting user data
Protecting applications from one another (isolation and privilege separation)
Protecting communication of sensitive information
Information disclosure via logcat
Getting ready
How to do it...
There's more...
See also
Inspecting network traffic
Getting ready
How to do it…
How it works...
See also
Passive intent sniffing via the activity manager
Getting ready
How to do it...
How it works...
See also
Attacking services
How to do it...
See also
Attacking broadcast receivers
How to do it...
How it works…
See also
Enumerating vulnerable content providers
How to do it...
How it works...
See also
Extracting data from vulnerable content providers
How to do it...
See also
Inserting data into content providers
How to do it...
Enumerating SQL-injection vulnerable content providers
How to do it...
See also
Exploiting debuggable applications
How to do it...
See also
Man-in-the-middle attacks on applications
Getting ready
How to do it...
See also
5. Protecting Applications
Introduction
Securing application components
How to do it...
How it works…
See also
Protecting components with custom permissions
How to do it…
Defining a permission group
How it works...
See also
Protecting content provider paths
How to do it...
See also
Defending against the SQL-injection attack
How to do it...
See also
Application signature verification (anti-tamper)
Getting ready
How to do it...
There's more...
Responding to tamper detection
See also
Tamper protection by detecting the installer, emulator, and debug flag
How to do it...
How it works...
There's more...
See also
Removing all log messages with ProGuard
Getting ready
How to do it...
How it works...
There's more...
ProGuard output
Limitations
See also
Advanced code obfuscation with DexGuard
Getting ready
Installing the DexGuard Eclipse plugin
Enabling DexGuard for the Ant build system
Enabling DexGuard for the Gradle build system
How to do it...
There's more...
See also
6. Reverse Engineering Applications
Introduction
Compiling from Java to DEX
Getting ready
How to do it...
How it works...
Decompiling DEX files
Understanding the DEX file format
The DEX file header
The StringIds section
The TypeIds section
The ProtoIds section
The FieldIds section
The MethodIds section
The ClassDefs section
Getting ready
How to do it…
There's more...
See also
Interpreting the Dalvik bytecode
Understanding the Dalvik bytecode
Getting ready
How to do it...
See also
Decompiling DEX to Java
Getting ready
How to do it...
Decompiling the application's native libraries
Getting ready
How to do it...
See also
Debugging the Android processes using the GDB server
Getting ready
How to do it...
7. Secure Networking
Introduction
Validating self-signed SSL certificates
Getting ready
How to do it...
There's more...
Using self-signed SSL certificates in a live environment
HttpsUrlConnection
Antipattern – what not to do!
See also
Using StrongTrustManager from the OnionKit library
Getting ready
How to do it...
There's more...
The Orbot and Tor networks
Pinning and CACert
See also
SSL pinning
How to do it...
There's more...
Enhancements
Limitations
See also
8. Native Exploitation and Analysis
Introduction
Inspecting file permissions
Getting ready
How to do it...
There's more...
See also
Cross-compiling native executables
How to do it...
There's more...
See also
Exploitation of race condition vulnerabilities
Getting ready
How to do it...
See also
Stack memory corruption exploitation
Getting ready
How to do it...
See also
Automated native Android fuzzing
Getting ready
How to do it...
Setting up Busybox
Fuzzing dexdump
How it works...
See also
9. Encryption and Developing Device Administration Policies
Introduction
Using cryptography libraries
How to do it...
How it works...
There's more...
See also
Generating a symmetric encryption key
How to do it...
How it works…
There's more...
Using AES-GCM for strong symmetric encryption
Antipattern – setting the seed
Android's PRNG bug
See also
Securing SharedPreferences data
Getting ready
How to do it...
How it works...
See also
Password-based encryption
Getting ready
How to do it...
How it works...
There's more…
See also
Encrypting a database with SQLCipher
Getting ready
How to do it...
How it works…
There's more...
IOCipher
See also
Android KeyStore provider
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up device administration policies
Getting ready
How to do it...
How it works...
There's more...
Disabling device camera
See also
Index