Android Security Cookbook

Android Security Cookbook
eBook: $26.99
Formats: PDF, PacktLib, ePub and Mobi formats
save 15%!
Print + free eBook + free PacktLib access to the book: $71.98    Print cover: $44.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Table of Contents
Sample Chapters
  • Analyze the security of Android applications and devices, and exploit common vulnerabilities in applications and Android operating systems
  • Develop custom vulnerability assessment tools using the Drozer Android Security Assessment Framework
  • Reverse-engineer Android applications for security vulnerabilities
  • Protect your Android application with up to date hardening techniques

Book Details

Language : English
Paperback : 350 pages [ 235mm x 191mm ]
Release Date : December 2013
ISBN : 1782167161
ISBN 13 : 9781782167167
Author(s) : Keith Makan, Scott Alexander-Bown
Topics and Technologies : All Books, Security and Testing, Android, Cookbooks, Open Source

Table of Contents

Chapter 1: Android Development Tools
Chapter 2: Engaging with Application Security
Chapter 3: Android Security Assessment Tools
Chapter 4: Exploiting Applications
Chapter 5: Protecting Applications
Chapter 6: Reverse Engineering Applications
Chapter 7: Secure Networking
Chapter 8: Native Exploitation and Analysis
Chapter 9: Encryption and Developing Device Administration Policies
  • Chapter 1: Android Development Tools
    • Introduction
    • Installing the Android Development Tools (ADT)
    • Installing the Java Development Kit (JDK)
    • Updating the API sources
    • Alternative installation of the ADT
    • Installing the Native Development Kit (NDK)
    • Emulating Android
    • Creating Android Virtual Devices (AVDs)
    • Using the Android Debug Bridge (ADB) to interact with the AVDs
    • Copying files off/onto an AVD
    • Installing applications onto the AVDs via ADB
  • Chapter 2: Engaging with Application Security
    • Introduction
    • Inspecting application certificates and signatures
    • Signing Android applications
    • Verifying application signatures
    • Inspecting the AndroidManifest.xml file
    • Interacting with the activity manager via ADB
    • Extracting application resources via ADB
  • Chapter 3: Android Security Assessment Tools
    • Introduction
    • Installing and setting up Santoku
    • Setting up drozer
    • Running a drozer session
    • Enumerating installed packages
    • Enumerating activities
    • Enumerating content providers
    • Enumerating services
    • Enumerating broadcast receivers
    • Determining application attack surfaces
    • Launching activities
    • Writing a drozer module – a device enumeration module
    • Writing an application certificate enumerator
  • Chapter 4: Exploiting Applications
    • Introduction
    • Information disclosure via logcat
    • Inspecting network traffic
    • Passive intent sniffing via the activity manager
    • Attacking services
    • Attacking broadcast receivers
    • Enumerating vulnerable content providers
    • Extracting data from vulnerable content providers
    • Inserting data into content providers
    • Enumerating SQL-injection vulnerable content providers
    • Exploiting debuggable applications
    • Man-in-the-middle attacks on applications
  • Chapter 5: Protecting Applications
    • Introduction
    • Securing application components
    • Protecting components with custom permissions
    • Protecting content provider paths
    • Defending against the SQL-injection attack
    • Application signature verification (anti-tamper)
    • Tamper protection by detecting the installer, emulator, and debug flag
    • Removing all log messages with ProGuard
    • Advanced code obfuscation with DexGuard
  • Chapter 6: Reverse Engineering Applications
    • Introduction
    • Compiling from Java to DEX
    • Decompiling DEX files
    • Interpreting the Dalvik bytecode
    • Decompiling DEX to Java
    • Decompiling the application's native libraries
    • Debugging the Android processes using the GDB server
  • Chapter 7: Secure Networking
    • Introduction
    • Validating self-signed SSL certificates
    • Using StrongTrustManager from the OnionKit library
    • SSL pinning
  • Chapter 8: Native Exploitation and Analysis
    • Introduction
    • Inspecting file permissions
    • Cross-compiling native executables
    • Exploitation of race condition vulnerabilities
    • Stack memory corruption exploitation
    • Automated native Android fuzzing

Keith Makan

Keith Makan is the lead author of Android Security Cookbook, Packt Publishing. He is an avid computer security enthusiast and a passionate security researcher. Keith has published numerous vulnerabilities in Android applications, WordPress plugins, and popular browser security software such as Firefox's NoScript and Google Chrome's XSS Auditor. His research has also won him numerous listings on the Google Application Security Hall of Fame. Keith has been working as a professional security assessment specialist, penetration tester, and security advisory for over 2 years.

Scott Alexander-Bown

Scott Alexander-Bown is an accomplished developer with experience in financial services, software development, and mobile app agencies. He lives and breathes Android, and has a passion for mobile app security.

In his current role as senior developer, Scott specializes in mobile app development, reverse engineering, and app hardening. He also enjoys speaking about app security and has presented at various conferences for mobile app developers internationally.

Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


- 1 submitted: last submission 15 May 2014

Errata Type: Typo Page No: 42

It is:

openssl pcks7 –inform DER –in META-INF/CERT.RSA –noout
–print_certs –text

Should be:

openssl pkcs7 –inform DER –in META-INF/CERT.RSA –noout
–print_certs –text

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Android Security Cookbook +    jQuery UI 1.10: The User Interface Library for jQuery =
50% Off
the second eBook
Price for both: $39.00

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Set up the Android development tools and frameworks
  • Engage in Application security concepts
  • Use the Drozer Android Security Assessment Framework
  • Customize and develop your own plugins for the Drozer Framework
  • Exploit, enumerate, and analyze common application level exploits
  • Protect applications from common vulnerabilities and exploits
  • Reverse-engineer applications for common code level vulnerabilities
  • Secure application networking, SSL/TLS
  • Encryption to protect application data

In Detail

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.

The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.

Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.


"Android Security Cookbook" breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.

Who this book is for

"Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software