Android Security Cookbook

Practical recipes to delve into Android's security mechanisms by troubleshooting common vulnerabilities in applications and Android OS versions

Android Security Cookbook

Keith Makan, Scott Alexander-Bown

Practical recipes to delve into Android's security mechanisms by troubleshooting common vulnerabilities in applications and Android OS versions
Mapt Subscription
FREE
$29.99/m after trial
eBook
$18.90
RRP $26.99
Save 29%
Print + eBook
$44.99
RRP $44.99
What do I get with a Mapt Pro subscription?
  • Unlimited access to all Packt’s 5,000+ eBooks and Videos
  • Early Access content, Progress Tracking, and Assessments
  • 1 Free eBook or Video to download and keep every month after trial
What do I get with an eBook?
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with Print & eBook?
  • Get a paperback copy of the book delivered to you
  • Download this book in EPUB, PDF, MOBI formats
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
What do I get with a Video?
  • Download this Video course in MP4 format
  • DRM FREE - read and interact with your content when you want, where you want, and how you want
  • Access this title in the Mapt reader
$0.00
$18.90
$44.99
$29.99p/m after trial
RRP $26.99
RRP $44.99
Subscription
eBook
Print + eBook
Start 30 Day Trial
Subscribe and access every Packt eBook & Video.
 
  • 5,000+ eBooks & Videos
  • 50+ New titles a month
  • 1 Free eBook/Video to keep every month
Start Free Trial
 
Preview in Mapt

Book Details

ISBN 139781782167167
Paperback350 pages

Book Description

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.

The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.

Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.

Table of Contents

Chapter 1: Android Development Tools
Introduction
Installing the Android Development Tools (ADT)
Installing the Java Development Kit (JDK)
Updating the API sources
Alternative installation of the ADT
Installing the Native Development Kit (NDK)
Emulating Android
Creating Android Virtual Devices (AVDs)
Using the Android Debug Bridge (ADB) to interact with the AVDs
Copying files off/onto an AVD
Installing applications onto the AVDs via ADB
Chapter 2: Engaging with Application Security
Introduction
Inspecting application certificates and signatures
Signing Android applications
Verifying application signatures
Inspecting the AndroidManifest.xml file
Interacting with the activity manager via ADB
Extracting application resources via ADB
Chapter 3: Android Security Assessment Tools
Introduction
Installing and setting up Santoku
Setting up drozer
Running a drozer session
Enumerating installed packages
Enumerating activities
Enumerating content providers
Enumerating services
Enumerating broadcast receivers
Determining application attack surfaces
Launching activities
Writing a drozer module – a device enumeration module
Writing an application certificate enumerator
Chapter 4: Exploiting Applications
Introduction
Information disclosure via logcat
Inspecting network traffic
Passive intent sniffing via the activity manager
Attacking services
Attacking broadcast receivers
Enumerating vulnerable content providers
Extracting data from vulnerable content providers
Inserting data into content providers
Enumerating SQL-injection vulnerable content providers
Exploiting debuggable applications
Man-in-the-middle attacks on applications
Chapter 5: Protecting Applications
Introduction
Securing application components
Protecting components with custom permissions
Protecting content provider paths
Defending against the SQL-injection attack
Application signature verification (anti-tamper)
Tamper protection by detecting the installer, emulator, and debug flag
Removing all log messages with ProGuard
Advanced code obfuscation with DexGuard
Chapter 6: Reverse Engineering Applications
Introduction
Compiling from Java to DEX
Decompiling DEX files
Interpreting the Dalvik bytecode
Decompiling DEX to Java
Decompiling the application's native libraries
Debugging the Android processes using the GDB server
Chapter 7: Secure Networking
Introduction
Validating self-signed SSL certificates
Using StrongTrustManager from the OnionKit library
SSL pinning
Chapter 8: Native Exploitation and Analysis
Introduction
Inspecting file permissions
Cross-compiling native executables
Exploitation of race condition vulnerabilities
Stack memory corruption exploitation
Automated native Android fuzzing
Chapter 9: Encryption and Developing Device Administration Policies
Introduction
Using cryptography libraries
Generating a symmetric encryption key
Securing SharedPreferences data
Password-based encryption
Encrypting a database with SQLCipher
Android KeyStore provider
Setting up device administration policies

What You Will Learn

  • Set up the Android development tools and frameworks
  • Engage in Application security concepts
  • Use the Drozer Android Security Assessment Framework
  • Customize and develop your own plugins for the Drozer Framework
  • Exploit, enumerate, and analyze common application level exploits
  • Protect applications from common vulnerabilities and exploits
  • Reverse-engineer applications for common code level vulnerabilities
  • Secure application networking, SSL/TLS
  • Encryption to protect application data

Authors

Table of Contents

Chapter 1: Android Development Tools
Introduction
Installing the Android Development Tools (ADT)
Installing the Java Development Kit (JDK)
Updating the API sources
Alternative installation of the ADT
Installing the Native Development Kit (NDK)
Emulating Android
Creating Android Virtual Devices (AVDs)
Using the Android Debug Bridge (ADB) to interact with the AVDs
Copying files off/onto an AVD
Installing applications onto the AVDs via ADB
Chapter 2: Engaging with Application Security
Introduction
Inspecting application certificates and signatures
Signing Android applications
Verifying application signatures
Inspecting the AndroidManifest.xml file
Interacting with the activity manager via ADB
Extracting application resources via ADB
Chapter 3: Android Security Assessment Tools
Introduction
Installing and setting up Santoku
Setting up drozer
Running a drozer session
Enumerating installed packages
Enumerating activities
Enumerating content providers
Enumerating services
Enumerating broadcast receivers
Determining application attack surfaces
Launching activities
Writing a drozer module – a device enumeration module
Writing an application certificate enumerator
Chapter 4: Exploiting Applications
Introduction
Information disclosure via logcat
Inspecting network traffic
Passive intent sniffing via the activity manager
Attacking services
Attacking broadcast receivers
Enumerating vulnerable content providers
Extracting data from vulnerable content providers
Inserting data into content providers
Enumerating SQL-injection vulnerable content providers
Exploiting debuggable applications
Man-in-the-middle attacks on applications
Chapter 5: Protecting Applications
Introduction
Securing application components
Protecting components with custom permissions
Protecting content provider paths
Defending against the SQL-injection attack
Application signature verification (anti-tamper)
Tamper protection by detecting the installer, emulator, and debug flag
Removing all log messages with ProGuard
Advanced code obfuscation with DexGuard
Chapter 6: Reverse Engineering Applications
Introduction
Compiling from Java to DEX
Decompiling DEX files
Interpreting the Dalvik bytecode
Decompiling DEX to Java
Decompiling the application's native libraries
Debugging the Android processes using the GDB server
Chapter 7: Secure Networking
Introduction
Validating self-signed SSL certificates
Using StrongTrustManager from the OnionKit library
SSL pinning
Chapter 8: Native Exploitation and Analysis
Introduction
Inspecting file permissions
Cross-compiling native executables
Exploitation of race condition vulnerabilities
Stack memory corruption exploitation
Automated native Android fuzzing
Chapter 9: Encryption and Developing Device Administration Policies
Introduction
Using cryptography libraries
Generating a symmetric encryption key
Securing SharedPreferences data
Password-based encryption
Encrypting a database with SQLCipher
Android KeyStore provider
Setting up device administration policies

Book Details

ISBN 139781782167167
Paperback350 pages
Read More

Read More Reviews

Recommended for You

Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Book Cover
Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide
$ 35.99
$ 7.20
Mastering Web Application Development with AngularJS Book Cover
Mastering Web Application Development with AngularJS
$ 26.99
$ 5.40
Web Penetration Testing with Kali Linux Book Cover
Web Penetration Testing with Kali Linux
$ 29.99
$ 21.00
Mastering Object-oriented Python Book Cover
Mastering Object-oriented Python
$ 26.99
$ 18.90
Network Analysis using Wireshark Cookbook Book Cover
Network Analysis using Wireshark Cookbook
$ 29.99
$ 6.00
Android Application Security Essentials Book Cover
Android Application Security Essentials
$ 26.99
$ 18.90