Android Security Cookbook电子书

Android Security Cookbook

Table of Contents

Android Security Cookbook

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Errata

Piracy

Questions

1. Android Development Tools

Introduction

Installing the Android Development Tools (ADT)

How to do it...

Installing the Java Development Kit (JDK)

How to do it...

There's more…

Updating the API sources

How to do it...

Alternative installation of the ADT

How to do it...

Installing the Native Development Kit (NDK)

How to do it...

Emulating Android

How to do it...

Creating Android Virtual Devices (AVDs)

How to do it…

There's more…

Emulating a memory card or an external storage

The partition sizes

See also

Using the Android Debug Bridge (ADB) to interact with the AVDs

How to do it...

There's more…

See also

Copying files off/onto an AVD

How to do it...

Installing applications onto the AVDs via ADB

How to do it...

2. Engaging with Application Security

Introduction

Inspecting application certificates and signatures

Getting ready

How to do it…

How it works…

There's more...

See also

Signing Android applications

Getting ready

How to do it...

How it works...

See also

Verifying application signatures

Getting ready

How to do it...

Inspecting the AndroidManifest.xml file

Getting ready

How to do it...

How it works...

See also

Interacting with the activity manager via ADB

Getting ready

How to do it…

There's more...

See also

Extracting application resources via ADB

Getting ready

How to do it…

There's more...

3. Android Security Assessment Tools

Introduction

Installing and setting up Santoku

Getting ready

How to do it...

There's more...

Setting up drozer

How to do it...

There's more…

Running a drozer session

How to do it...

Enumerating installed packages

How to do it...

How it works...

There's more...

See also

Enumerating activities

How to do it...

There's more...

See also

Enumerating content providers

How to do it...

How it works...

There's more...

See also

Enumerating services

How to do it...

How it works…

See also

Enumerating broadcast receivers

How to do it...

See also

Determining application attack surfaces

How to do it...

How it works…

See also

Launching activities

How to do it...

How it works...

There's more…

See also

Writing a drozer module – a device enumeration module

How to do it...

How it works...

See also

Writing an application certificate enumerator

How to do it...

4. Exploiting Applications

Introduction

Protecting user data

Protecting applications from one another (isolation and privilege separation)

Protecting communication of sensitive information

Information disclosure via logcat

Getting ready

How to do it...

There's more...

See also

Inspecting network traffic

Getting ready

How to do it…

How it works...

See also

Passive intent sniffing via the activity manager

Getting ready

How to do it...

How it works...

See also

Attacking services

How to do it...

See also

Attacking broadcast receivers

How to do it...

How it works…

See also

Enumerating vulnerable content providers

How to do it...

How it works...

See also

Extracting data from vulnerable content providers

How to do it...

See also

Inserting data into content providers

How to do it...

Enumerating SQL-injection vulnerable content providers

How to do it...

See also

Exploiting debuggable applications

How to do it...

See also

Man-in-the-middle attacks on applications

Getting ready

How to do it...

See also

5. Protecting Applications

Introduction

Securing application components

How to do it...

How it works…

See also

Protecting components with custom permissions

How to do it…

Defining a permission group

How it works...

See also

Protecting content provider paths

How to do it...

See also

Defending against the SQL-injection attack

How to do it...

See also

Application signature verification (anti-tamper)

Getting ready

How to do it...

There's more...

Responding to tamper detection

See also

Tamper protection by detecting the installer, emulator, and debug flag

How to do it...

How it works...

There's more...

See also

Removing all log messages with ProGuard

Getting ready

How to do it...

How it works...

There's more...

ProGuard output

Limitations

See also

Advanced code obfuscation with DexGuard

Getting ready

Installing the DexGuard Eclipse plugin

Enabling DexGuard for the Ant build system

Enabling DexGuard for the Gradle build system

How to do it...

There's more...

See also

6. Reverse Engineering Applications

Introduction

Compiling from Java to DEX

Getting ready

How to do it...

How it works...

Decompiling DEX files

Understanding the DEX file format

The DEX file header

The StringIds section

The TypeIds section

The ProtoIds section

The FieldIds section

The MethodIds section

The ClassDefs section

Getting ready

How to do it…

There's more...

See also

Interpreting the Dalvik bytecode

Understanding the Dalvik bytecode

Getting ready

How to do it...

See also

Decompiling DEX to Java

Getting ready

How to do it...

Decompiling the application's native libraries

Getting ready

How to do it...

See also

Debugging the Android processes using the GDB server

Getting ready

How to do it...

7. Secure Networking

Introduction

Validating self-signed SSL certificates

Getting ready

How to do it...

There's more...

Using self-signed SSL certificates in a live environment

HttpsUrlConnection

Antipattern – what not to do!

See also

Using StrongTrustManager from the OnionKit library

Getting ready

How to do it...

There's more...

The Orbot and Tor networks

Pinning and CACert

See also

SSL pinning

How to do it...

There's more...

Enhancements

Limitations

See also

8. Native Exploitation and Analysis

Introduction

Inspecting file permissions

Getting ready

How to do it...

There's more...

See also

Cross-compiling native executables

How to do it...

There's more...

See also

Exploitation of race condition vulnerabilities

Getting ready

How to do it...

See also

Stack memory corruption exploitation

Getting ready

How to do it...

See also

Automated native Android fuzzing

Getting ready

How to do it...

Setting up Busybox

Fuzzing dexdump

How it works...

See also

9. Encryption and Developing Device Administration Policies

Introduction

Using cryptography libraries

How to do it...

How it works...

There's more...

See also

Generating a symmetric encryption key

How to do it...

How it works…

There's more...

Using AES-GCM for strong symmetric encryption

Antipattern – setting the seed

Android's PRNG bug

See also

Securing SharedPreferences data

Getting ready

How to do it...

How it works...

See also

Password-based encryption

Getting ready

How to do it...

How it works...

There's more…

See also

Encrypting a database with SQLCipher

Getting ready

How to do it...

How it works…

There's more...

IOCipher

See also

Android KeyStore provider

Getting ready

How to do it...

How it works...

There's more...

See also

Setting up device administration policies

Getting ready

How to do it...

How it works...

There's more...

Disabling device camera

See also

Index