Android Security Cookbook

By Keith Makan , Scott Alexander-Bown
  • Instant online access to over 8,000+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Android Development Tools

About this book

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.

The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.

Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.

Publication date:
December 2013
Publisher
Packt
Pages
350
ISBN
9781782167167

 

Chapter 1. Android Development Tools

In this chapter, we will cover the following recipes:

  • Installing the Android Development Tools (ADT)

  • Installing the Java Development Kit (JDK)

  • Updating the API sources

  • Alternative installation of the ADT

  • Installing the Native Development Kit (NDK)

  • Emulating Android

  • Creating Android Virtual Devices (AVDs)

  • Using the Android Debug Bridge (ADB) to interact with the AVDs

  • Copying files off/onto an AVD

  • Installing applications on the AVDs via ADB

 

Introduction


A very clever person once said that, "you should keep your friends close but your enemies closer". Being a security professional means keeping an eye on what developers are doing, have done, and are likely to do. This is because the decisions they make greatly affect the security landscape; after all, if no one wrote bad software, no one would exploit it!

Given that this book is aimed at anyone interested in analyzing, hacking, or developing the Android platform, the know thy enemy concept applies to you too! Android developers need to stay somewhat up to date with what Android hackers are up to if they hope to catch security vulnerabilities before they negatively affect the users. Conversely, Android hackers need to stay up to date with what Android developers are doing.

The upcoming chapters will walk you through getting the latest and greatest development and hacking tools and will get you to interact directly with the Android security architecture, both by breaking applications and securing them.

This chapter focuses on getting the Android Development Tools (ADT) up and running and discusses how to troubleshoot an installation and keep them up to date. If you feel you are already well-acquainted with the Android development environment and tool chains, feel free to skip this chapter.

Without further ado, let's talk about grabbing and installing the latest Android Development Tools.

 

Installing the Android Development Tools (ADT)


Given that there are many versions of the Android framework already deployed on mobile platforms and a variety of handsets that support it, Android developers need tools that give them access to many device- and operating system-specific Application Programming Interfaces (APIs) available on the Android platform.

We're talking about not just the Android APIs but also handset-specific APIs. Each handset manufacturer likes to invest in the developer mindshare in their own way by providing exclusive APIs and services to their developers, for example, the HTC OpenSense APIs. The ADT consolidates access to these APIs; provides all the necessary tools to debug, develop, and deploy your Android apps; and makes it easy for you to download them and keep them up to date.

How to do it...

The following steps will walk you through the process of downloading the ADT and getting them up and running:

  1. You'll need to head over to https://developer.android.com and navigate to the ADT Download page or just visit https://developer.android.com/sdk/index.html#download. You should see a page like the one in the following screenshot:

  2. Once you're there, click on Download the SDK and the following screen should appear:

  3. Of course, you will need to accept the license agreement before downloading and select the appropriate CPU type, or register size if you're not sure how to check your CPU type.

    On Windows, you need to complete the following steps:

    1. Click on Start.

    2. Right-click on My Computer.

    3. Select Properties.

    4. A window with your computer's system-specific information should pop up. The information you are looking for should be under the System section, labeled System type.

    To check your system type on Ubuntu, Debian, or Unix-based distributions, perform the following steps:

    1. Open a terminal either by pressing Ctrl + Alt + T or simply launching it using the graphical interface.

    2. Execute the following command:

       	uname -a
      
    3. Alternatively, you could use lscpu that should show you something like the following screenshot:

  4. When you're happy with the license agreement and you've selected the correct system type, click on Download in the ADT Download page. Once the ZIP file has been downloaded, it should look like the following screenshot on Windows:

The archive will have the same structure on the Linux- or Unix-based distributions.

 

Installing the Java Development Kit (JDK)


Android uses a customized version of the Java runtime to support its applications. This means, before we can get going with Eclipse and developing Android applications, we actually need to install the Java runtime and development tools. These are available in the Java Development Kit (JDK).

How to do it...

Installing the JDK on Windows works as follows:

  1. Grab a copy of the JDK from Oracle's Downloads page, http://www.oracle.com/technetwork/java/javase/downloads/index.html. Click on DOWNLOAD. The following screenshot shows the Downloads page:

  2. Make sure to select the appropriate version for your system type; see the previous walkthrough to find out how to check your system type. The following screenshot highlights the Windows system types supported by the Oracle Java JDK:

  3. After downloading the JDK, run the jdk-[version]-[platform version].exe file. For instance, you could have an EXE file named something like jdk-7u21-windows-i586.exe. All you need to do now is follow the prompts until the installation of all the setups is completed. The following screenshot is what the install wizard should look like once it's launched:

Once the install wizard has done its job, you should see a fresh install of your JDK and JRE under C:\Program Files\Java\jdk[version] and should now be able to launch Eclipse.

There's more…

Installing the Java Runtime and Development tools on Ubuntu Linux is somewhat simpler. Seeing that Ubuntu has a sophisticated package and repository manager, all you need to do is make use of it by firing off a few simple commands from the terminal window. You need to execute the following steps:

  1. Open a terminal, either by searching for the terminal application via your Unity, KDE, or Gnome desktop or by pressing Ctrl + Alt + T.

  2. You may need to update your package list before installation, unless you've already done that a couple of minutes ago. You can do this by executing either of the following commands:

    sudo aptitude update //If you have aptitude installed 
    

    Or:

    sudo apt-get update
    

    You should see your terminal print out all the downloads it's performing from your repositories as shown in the following screenshot:

  3. Once that's done, execute the following command:

    sudo apt-get install openjdk-[version]-jdk apt-get 
    

    You will need to enter your password if you have been added to your sudoers file correctly. Alternatively, you could borrow root privileges to do this by executing the following command, assuming that you have the root user's password:

    su root
    

    This is displayed in the following screenshot:

Once your JDK is installed properly, you should be able to launch Eclipse and get going with your Android development. When you launch Eclipse, you should see the following screenshot:

After successful installation, the toolbar in your Eclipse installation should look something like the one in the following screenshot:

 

Updating the API sources


The SDK manager and related tools come bundled with the ADT package; they provide access to the latest and most stable APIs, Android emulator images, and various debugging and application testing tools. The following walkthrough shows you how to update your APIs and other Android development-related resources.

How to do it...

Updating the APIs for your ADT works as follows:

  1. Navigate to the SDK manager. If you're doing this all from Windows, you should find it in the root of the ADT-bundle folder called SDK Manager.exe. Ubuntu users will find it at [path to ADT-bundle]/sdk/tools/android.

  2. All you need to do is launch the SDK manager. It should start up and begin retrieving a fresh list of the available API and documentation packages.

  3. You will need to make sure that you select the Tools package; of course, you could also select any other additional packages. A good idea would be to download the last two versions. Android is very backward compatible so you don't really need to worry too much about the older APIs and documentation, unless you're using it to support really old Android devices.

  4. You will need to indicate that you accept the license agreement. You can either do this for every single object being installed or you can click on Accept All.

  5. Once you've accepted the licenses, you can collect your documentation and APIs by clicking on Install as shown in the following screenshot:

 

Alternative installation of the ADT


If the preceding methods for installing Eclipse and the ADT plugin don't work for some reason, you could always take the old school route and download your own copy of Eclipse and install the ADT plugin manually via Eclipse.

How to do it...

Downloading and plugging in the ADT works as follows:

  1. Download Eclipse—Helios or a later version—from http://www.eclipse.org/downloads/. Please make sure to select the appropriate version for your operating system. You should see a page that looks like the following screenshot:

  2. Download the ADT bundle for your platform version from the Android website, http://developer.android.com/sdk/installing/installing-adt.html. The following screenshot displays a part of the page on this website:

  3. Make sure you have the Java JDK installed.

  4. If your JDK installation is good to go, run the Eclipse installer you downloaded in step 1.

  5. Once Eclipse is installed and ready to go, plugin your ADT.

  6. Open Eclipse and click on the Help button in the menu bar.

  7. Click on Install New Software....

  8. The Available Software dialog box will pop up. You need to click on Add….

  9. The Add Repository dialog box will show up. You need to click on the Archive... button.

  10. A file browser should pop up. At this point, you will need to navigate to the ADT ZIP file that you downloaded in the previous steps.

  11. After finding the ADT file, click on Open.

  12. Then click on OK.

  13. You will be shown the available packages in the .zip archive. Click on Select All and then on Next.

  14. You will now need to accept the license agreement; of course, you reserve the right not to. It's always a good idea to give it a read. If you're happy, select the I accept the terms of the license agreements option and then click on Finish.

  15. The software installation will now begin. You may get a warning stating that the content is unsigned and the authenticity cannot be verified. Click on OK.

  16. Restart Eclipse.

The Android SDK, the device emulator, and the supporting Eclipse functionality should be ready to go now. See your Eclipse toolbar. It should have some new icons.

 

Installing the Native Development Kit (NDK)


If you want to do any low-level exploitation or development on your Android device, you will need to make sure that you can write applications at a lower level on the Android platform. Low level means development in languages like C/C++ using compilers that are built to suit the embedded platform and its various nuances.

What's the difference between Java and the native/low-level programming languages? Well, this topic alone could fill an entire book. But to state just the bare surface-level differences, Java code is compiled and statically—meaning the source code is analyzed—checked before being run in a virtual machine. For Android Java, this virtual machine is called the Dalvik—more on this later. The natively developed components of Android run verbatim—as their source code specifies—on the embedded Linux-like operating system that comes shipped with the Android devices. There is no extra layer of interpretation and checking—besides the odd compiler extensions and optimizations—that goes into getting the native code to run.

The tool chains and documentation provided by the Android team to make native development a painless experience for the Android developers is called the Native Development Kit (NDK). The NDK contains all the tools that the Android developers need to compile their C/C++ code for the Android devices and accommodates ARM-, MIPS-, and x86-embedded platforms. It includes some tools that help the native developers analyze and debug the native applications. This walkthrough discusses how to get the NDK up and running on your machine.

Before we get going, you will need to consult the system requirements list on http://developer.android.com/tools/sdk/ndk/index.html#Reqs to make sure that you're machine is good to go.

How to do it...

Getting the NDK on your machine is as simple as downloading it and making sure that it actually runs. We can use the following steps:

  1. Downloading the NDK is pretty straightforward. Go to http://developer.android.com/tools/sdk/ndk/index.html to grab the latest copy and make sure to select the appropriate version for your system type.

  2. Unzip the NDK to a convenient location.

 

Emulating Android


The Android SDK comes with a pretty neat tool called the emulator, which allows you to emulate the Android devices. The emulator is shipped with some of the most popular handsets and lets you create an emulated handset of your own. Using this tool, you can flash new kernels, mess around with the platform and, of course, debug apps and test your Android malware and application exploits. Throughout the book we will use this tool quite a bit, so, it's important that you get to know the Android emulator.

The emulator is pretty straightforward to use. When you want to launch a device, all you need to do is open the Android Virtual Device (AVD) tool either from your SDK folder or straight from Eclipse. Then, you can either set up a new device with its own memory card, CPU, and screen size as well as other custom features or you can select one of the preconfigured devices from a list. In this section, I'm going to cover exactly these things.

Just a quick disclaimer: the following screenshots were taken on a Windows 7 machine, but the AVD manager and device emulator work exactly the same on both Windows and Linux platforms, so Linux users will also be able to follow the walkthrough.

How to do it...

To emulate a device from Eclipse, use the following steps:

  1. Click on the AVD manager icon on your toolbar.

  2. The AVD will pop up. You can either select a preconfigured featured device or you can set up a device according to your own criteria. For this recipe, let's stick to configuring our own devices.

  3. Click on New….

  4. The Create new Android Virtual Device (AVD) dialog box should pop up. You will need to fill in some metrics for the new virtual devices and give it a name. You can enter whatever you feel here as this recipe is just to get you to emulate your first device.

  5. Once you're done, click on OK. The new device should show up in the AVD dialog box.

  6. Click on the device you just created and click on Start….

At this point, the AVD will prompt you for the screen-size options; the default values aren't too bad. Click on Launch when you're done, and in a few seconds your new AVD will start up.

 

Creating Android Virtual Devices (AVDs)


Some of you may prefer working with your AVDs from the command-line interface for some reason or other. Maybe you have some awesome scripts that you'd like to write to set up some awesome AVDs. This recipe details how to create AVDs and launches them straight from the command line.

How to do it…

Before you can create your own AVDs, you will need to specify some attributes for it; the most important one being the system image that will be used. To do so, execute the following steps:

  1. You can find a list of the system images available to you by using the following command:

    [path-to-sdk-install]/tools/android list targets
    

    Or use the following command from the Windows terminal:

    C:\[path-to-sdk-install]\tools\android list targets
    

    As an example, enter the following into the command prompt:

    C:\Users\kmakan\Documents\adt-bundle-windows-x86-20130219\sdk\tools\android list targets
    

    This command will list the system images available on your system. If you'd like more, you'll need to install them via the SDK manager. The pieces of information that you're looking for in this list are the target IDs because you'll need them to identify the system image, which you will need to specify in the next step.

  2. Create the AVD using the following command:

    [path-to-sdk-install]/tools/android create avd –n [name of your new AVD] –t [system image target id]
    

    You will need to decide on a name for the AVD you've just created, which you will specify using the –n switch. The system image ID you selected from the previous step must be specified using the –t switch. If everything goes well, you should have just created a brand new virtual machine.

  3. You can launch your brand new AVD using the following command:

    [path-to-sdk-install]/tools/emulator –avd [avd name]
    

    Here, [avd name] is the AVD name you decided on in the previous step. If all goes well, your new AVD should start right up.

There's more…

You probably want to know a little more about the commands. Regarding the emulator, it's capable of emulating a device with different configurations.

Emulating a memory card or an external storage

You can specify that your virtual device also emulates some external storage using the –c options when you create it, as shown in the following command:

android create –avd –n [avd name] –t [image id] –c [size][K|M]

For example, see the following command:

android create –avd –n virtdroid –t 1 –c 128

You will obviously need to supply the size of your new emulated memory card. You also need to specify the unit by specifying either K for kilobytes or M for megabytes.

The partition sizes

Another very useful thing that you may want to do is specify how much space you'd like to grant the internal storage partitions. You can do this by using the -partition-size switch, which you specify when you invoke the emulator as shown in the following command:

emulator –avd [name] –partition-size [size in MBs]

You will also need to supply a size for the partitions. By default, the unit of measurement is megabytes (MBs).

See also

There are many other options that you can make use of when it comes to the emulator. If you're interested in learning more, check out the documents provided in the following links:

 

Using the Android Debug Bridge (ADB) to interact with the AVDs


Interacting with the emulated Android device is one of the most important skills for both a developer and an Android security engineer/auditor. The Android Debug Bridge (ADB) provides the functionality needed to interact with the native-level components of an Android device. It allows the developers and security engineers to read the contents of the filesystem and interact with the package manager, application manager, kernel driver interfaces, and initialization scripts to mention a few.

How to do it...

Interacting with a virtual device using the ADB works as follows:

  1. You'll need to start an AVD first or, if you like, simply plug in your own Android device via a USB to whatever machine you'd like to use—given that this machine has the SDK installed. You can start the AVD using the following command:

    emulator –avd [name]
    
  2. We can list all the connected Android Devices by using the following command for a Windows machine:

    C;\\[path-to-sdk-install]\platform-tools\adb devices
    

    Or, if you're using a Linux machine, use the following command:

    [path-to-sdk-install]/platform-tools/adb devices
    

    This command should give you a list of the connected devices, which is basically all the devices that you will be able to connect to using ADB. You need to pay attention to the device names in the list. You will need to identify the devices when you launch a connection to them using ADB.

  3. You can launch a shell connection to your Android device using the following command:

    /sdk/platform-tools/abd shell –s [specific device]
    

    Or, if you happen to know that the Android device you want to connect to is the only emulated device, you can use the following command:

    /sdk/platform-tools/adb shell –e
    

    Or, if the device is the only USB-connected device, you can use the following command:

    /sdk/platform-tools/adb shell –d
    

    The switches –d, -e, and -p apply to the other ADB commands and not just the shell. If this works well, you should see a prompt string—the string displayed to identify the command shell being used—similar to the following command:

You should now have a full-fledged shell with some of the traditional Unix/Linux commands and utilities at your finger tips. Try searching around on the filesystem and getting to know where everything is kept.

There's more…

Now that you have a connected device, you'll need to know a little bit about navigating the Android filesystem and making use of the commands. Here's a small list to get you started:

  • ls {path}: This will list the contents of the directory at the path

  • cat {file}: This will print the contents of a text file on the screen

  • cd {path}: This will change the working directory to the one pointed to by the path

  • cd ../: This changes the working directory to the one that's exactly one level higher

  • pwd: This prints the current working directory

  • id: This checks your user ID

 

Copying files off/onto an AVD


In your upcoming adventures with the Android platform, you may want to at some point copy things off your Android devices, whether they are emulators or not. Copying files is pretty simple. All you need is the following:

  • A connected device you'd like to have

  • A file you'd like to copy off/on

  • A place you'd like to put this file in

How to do it...

To access files on your Android device using the ADB, you need to do the following:

  1. It's actually pretty simple to do this. You'll need to fire off the following command from your command-line interface:

    adb {options} pull [path to copy from] [local path to copy to]
    
  2. To copy files onto an AVD, you can use the following command:

    adb {options} push [local path to copy from] [path to copy to on avd]
    
 

Installing applications onto the AVDs via ADB


There may be times when you need to install Application Packages (APKs) on your local filesystem to an emulator or device that you own. Often Android-based security tools aren't available on the Play Store—because they would expose unruly users to too much risk or be abused by malware—and need to be installed manually. Also, you will probably be developing applications and Android native binaries to demonstrate and verify exploits.

How to do it...

Installing an APK using ADB can be done in the following ways:

  1. You will need to actually know where the APK is on your local machine, and when you find it, you can substitute it with path as shown in the following command:

    adb {options} install [path to apk]
    
  2. You can also use the device-specific commands to narrow down the device you want to install it onto. You can use the following command:

    adb {-e | -d | -p } install [path to apk]
    

About the Authors

  • Keith Makan

    Keith Makan is the lead author of Android Security Cookbook, Packt Publishing. He is an avid computer security enthusiast and a passionate security researcher. Keith has published numerous vulnerabilities in Android applications, WordPress plugins, and popular browser security software such as Firefox's NoScript and Google Chrome's XSS Auditor. His research has also won him numerous listings on the Google Application Security Hall of Fame. Keith has been working as a professional security assessment specialist, penetration tester, and security advisory for over 2 years.

    Browse publications by this author
  • Scott Alexander-Bown

    Scott Alexander-Bown is an accomplished developer with experience in financial services, software development, and mobile app agencies. He lives and breathes Android, and has a passion for mobile app security.

    In his current role as senior developer, Scott specializes in mobile app development, reverse engineering, and app hardening. He also enjoys speaking about app security and has presented at various conferences for mobile app developers internationally.

    Browse publications by this author
Book Title
Access this book, plus 8,000 other titles for FREE
Access now