Android Security Cookbook


Android Security Cookbook
eBook: $26.99
Formats: PDF, PacktLib, ePub and Mobi formats
$22.94
save 15%!
Print + free eBook + free PacktLib access to the book: $71.98    Print cover: $44.99
$44.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Analyze the security of Android applications and devices, and exploit common vulnerabilities in applications and Android operating systems
  • Develop custom vulnerability assessment tools using the Drozer Android Security Assessment Framework
  • Reverse-engineer Android applications for security vulnerabilities
  • Protect your Android application with up to date hardening techniques

Book Details

Language : English
Paperback : 350 pages [ 235mm x 191mm ]
Release Date : December 2013
ISBN : 1782167161
ISBN 13 : 9781782167167
Author(s) : Keith Makan, Scott Alexander-Bown
Topics and Technologies : All Books, Security and Testing, Android, Cookbooks, Open Source


Table of Contents

Preface
Chapter 1: Android Development Tools
Chapter 2: Engaging with Application Security
Chapter 3: Android Security Assessment Tools
Chapter 4: Exploiting Applications
Chapter 5: Protecting Applications
Chapter 6: Reverse Engineering Applications
Chapter 7: Secure Networking
Chapter 8: Native Exploitation and Analysis
Chapter 9: Encryption and Developing Device Administration Policies
Index
  • Chapter 1: Android Development Tools
    • Introduction
    • Installing the Android Development Tools (ADT)
    • Installing the Java Development Kit (JDK)
    • Updating the API sources
    • Alternative installation of the ADT
    • Installing the Native Development Kit (NDK)
    • Emulating Android
    • Creating Android Virtual Devices (AVDs)
    • Using the Android Debug Bridge (ADB) to interact with the AVDs
    • Copying files off/onto an AVD
    • Installing applications onto the AVDs via ADB
  • Chapter 2: Engaging with Application Security
    • Introduction
    • Inspecting application certificates and signatures
    • Signing Android applications
    • Verifying application signatures
    • Inspecting the AndroidManifest.xml file
    • Interacting with the activity manager via ADB
    • Extracting application resources via ADB
  • Chapter 3: Android Security Assessment Tools
    • Introduction
    • Installing and setting up Santoku
    • Setting up drozer
    • Running a drozer session
    • Enumerating installed packages
    • Enumerating activities
    • Enumerating content providers
    • Enumerating services
    • Enumerating broadcast receivers
    • Determining application attack surfaces
    • Launching activities
    • Writing a drozer module – a device enumeration module
    • Writing an application certificate enumerator
  • Chapter 4: Exploiting Applications
    • Introduction
    • Information disclosure via logcat
    • Inspecting network traffic
    • Passive intent sniffing via the activity manager
    • Attacking services
    • Attacking broadcast receivers
    • Enumerating vulnerable content providers
    • Extracting data from vulnerable content providers
    • Inserting data into content providers
    • Enumerating SQL-injection vulnerable content providers
    • Exploiting debuggable applications
    • Man-in-the-middle attacks on applications
  • Chapter 5: Protecting Applications
    • Introduction
    • Securing application components
    • Protecting components with custom permissions
    • Protecting content provider paths
    • Defending against the SQL-injection attack
    • Application signature verification (anti-tamper)
    • Tamper protection by detecting the installer, emulator, and debug flag
    • Removing all log messages with ProGuard
    • Advanced code obfuscation with DexGuard
  • Chapter 6: Reverse Engineering Applications
    • Introduction
    • Compiling from Java to DEX
    • Decompiling DEX files
    • Interpreting the Dalvik bytecode
    • Decompiling DEX to Java
    • Decompiling the application's native libraries
    • Debugging the Android processes using the GDB server
  • Chapter 7: Secure Networking
    • Introduction
    • Validating self-signed SSL certificates
    • Using StrongTrustManager from the OnionKit library
    • SSL pinning
  • Chapter 8: Native Exploitation and Analysis
    • Introduction
    • Inspecting file permissions
    • Cross-compiling native executables
    • Exploitation of race condition vulnerabilities
    • Stack memory corruption exploitation
    • Automated native Android fuzzing

Keith Makan

Keith Makan is a former computer science and physics student, and a passionate hobbyist and security researcher. He spends most of his free time reading source code, performing reverse engineering and fuzz testing, and developing exploits for web application technology.

Keith works professionally as an IT security assessment specialist. His personal research has won him spots on the Google Application Security Hall of Fame numerous times. He has developed exploits against Google Chrome's WebKit XSSAuditor, Firefox's NoScript Add-on, and has often reported security flaws and developed exploits for WordPress plugins.


Scott Alexander-Bown

Scott Alexander-Bown is an accomplished developer with experience in financial services, software development, and mobile app agencies. He lives and breathes Android, and has a passion for mobile app security.

In his current role as senior developer, Scott specializes in mobile app development, reverse engineering, and app hardening. He also enjoys speaking about app security and has presented at various conferences for mobile app developers internationally.

Sorry, we don't have any reviews for this title yet.

Code Downloads

Download the code and support files for this book.


Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Android Security Cookbook +    Microsoft Dynamics CRM 2011 Scripting Cookbook =
50% Off
the second eBook
Price for both: £24.65

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Set up the Android development tools and frameworks
  • Engage in Application security concepts
  • Use the Drozer Android Security Assessment Framework
  • Customize and develop your own plugins for the Drozer Framework
  • Exploit, enumerate, and analyze common application level exploits
  • Protect applications from common vulnerabilities and exploits
  • Reverse-engineer applications for common code level vulnerabilities
  • Secure application networking, SSL/TLS
  • Encryption to protect application data

In Detail

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.

The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.

Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.

Approach

"Android Security Cookbook" breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.

Who this book is for

"Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software