Free Sample
+ Collection

Learning Pentesting for Android Devices

Aditya Gupta

Android’s popularity makes it a prime target for attacks, which is why this tutorial is so essential. It takes you from security basics to forensics and penetration testing in easy, user-friendly steps.
RRP $17.99
RRP $29.99
Print + eBook

Want this title & more?

$12.99 p/month

Subscribe to PacktLib

Enjoy full and instant access to over 2000 books and videos – you’ll find everything you need to stay ahead of the curve and make sure you can always get the job done.

Book Details

ISBN 139781783288984
Paperback154 pages

About This Book

  • Explore the security vulnerabilities in Android applications and exploit them
  • Venture into the world of Android forensics and get control of devices using exploits
  • Hands-on approach covers security vulnerabilities in Android using methods such as Traffic Analysis, SQLite vulnerabilities, and Content Providers Leakage


Who This Book Is For

This book is intended for all those who are looking to get started in Android security or Android application penetration testing. You don’t need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android.

Table of Contents

Chapter 1: Getting Started with Android Security
Introduction to Android
Digging deeper into Android
Sandboxing and the permission model
Application signing
Android startup process
Chapter 2: Preparing the Battlefield
Setting up the development environment
Useful utilities for Android Pentest
Chapter 3: Reversing and Auditing Android Apps
Android application teardown
Reversing an Android application
Using Apktool to reverse an Android application
Auditing Android applications
Content provider leakage
Insecure file storage
OWASP top 10 vulnerabilities for mobiles
Chapter 4: Traffic Analysis for Android Devices
Android traffic interception
Ways to analyze Android traffic
HTTPS Proxy interception
Extracting sensitive files with packet capture
Chapter 5: Android Forensics
Types of forensics
Using dd to extract data
Using Andriller to extract an application's data
Using AFLogical to extract contacts, calls, and text messages
Dumping application databases manually
Logging the logcat
Using backup to extract an application's data
Chapter 6: Playing with SQLite
Understanding SQLite in depth
Security vulnerability
Chapter 7: Lesser-known Android Attacks
Android WebView vulnerability
Infecting legitimate APKs
Vulnerabilities in ad libraries
Cross-Application Scripting in Android
Chapter 8: ARM Exploitation
Introduction to ARM architecture
Setting up the environment
Simple stack-based buffer overflow
Return-oriented programming
Android root exploits
Chapter 9: Writing the Pentest Report
Basics of a penetration testing report
Writing the pentest report
Security Audit of
Table of Contents
2. Auditing and Methodology
3. Conclusions

What You Will Learn

  • Understand the basics of Android Security Architecture and Permission Model Bypassing
  • Use and explore Android Debug Bridge (ADB)
  • Study the internals of an Android application from a security viewpoint
  • Learn to reverse an Android application
  • Perform the Traffic Analysis on Android devices
  • Dive into the concepts of Android forensics and data acquisition
  • Acquire the knowledge of Application Level vulnerabilities and exploitation such as Webkit-Based Exploitation, Root Exploits, and Use After free vulnerabilities
  • Write a penetration testing report for an Android application auditing project

In Detail

Android is the most popular mobile smartphone operating system at present, with over a million applications. Every day hundreds of applications are published to the PlayStore, which users from all over the world download and use. Often, these applications have serious security weaknesses in them, which could lead an attacker to exploit the application and get access to sensitive information. This is where penetration testing comes into play to check for various vulnerabilities.

Learning Pentesting for Android is a practical and hands-on guide to take you from the very basic level of Android Security gradually to pentesting and auditing Android. It is a step-by-step guide, covering a variety of techniques and methodologies that you can learn and use in order to perform real life penetration testing on Android devices and applications.

The book starts with the basics of Android Security and the permission model, which we will bypass using a custom application, written by us. Thereafter we will move to the internals of Android applications from a security point of view, and will reverse and audit them to find the security weaknesses using manual analysis as well as using automated tools.

We will then move to a dynamic analysis of Android applications, where we will learn how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device. We will then learn some different ways of doing Android forensics and use tools such as Lime and Volatility. After that, we will look into SQLite databases, and learn to find and exploit the injection vulnerabilities. Also, we will look into webkit-based vulnerabilities; root exploits, and how to exploit devices to get full access along with a reverse connect shell. Finally, we will learn how to write a penetration testing report for an Android application auditing project.


Read More