eBook - ePub
Android Security Cookbook
Keith Makan, Scott Alexander-Bown
This is a test
- 350 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Android Security Cookbook
Keith Makan, Scott Alexander-Bown
Book details
Book preview
Table of contents
Citations
About This Book
In Detail
Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.
The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.
Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.
Approach
"Android Security Cookbook" breaks down and enumerates the processes used to exploit and remediate Android app security vulnerabilities in the form of detailed recipes and walkthroughs.
Who this book is for
"Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Android Security Cookbook an online PDF/ePUB?
Yes, you can access Android Security Cookbook by Keith Makan, Scott Alexander-Bown in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
Android Security Cookbook
Table of Contents
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Android Development Tools
Introduction
Installing the Android Development Tools (ADT)
How to do it...
Installing the Java Development Kit (JDK)
How to do it...
There's moreâŚ
Updating the API sources
How to do it...
Alternative installation of the ADT
How to do it...
Installing the Native Development Kit (NDK)
How to do it...
Emulating Android
How to do it...
Creating Android Virtual Devices (AVDs)
How to do itâŚ
There's moreâŚ
Emulating a memory card or an external storage
The partition sizes
See also
Using the Android Debug Bridge (ADB) to interact with the AVDs
How to do it...
There's moreâŚ
See also
Copying files off/onto an AVD
How to do it...
Installing applications onto the AVDs via ADB
How to do it...
2. Engaging with Application Security
Introduction
Inspecting application certificates and signatures
Getting ready
How to do itâŚ
How it worksâŚ
There's more...
See also
Signing Android applications
Getting ready
How to do it...
How it works...
See also
Verifying application signatures
Getting ready
How to do it...
Inspecting the AndroidManifest.xml file
Getting ready
How to do it...
How it works...
See also
Interacting with the activity manager via ADB
Getting ready
How to do itâŚ
There's more...
See also
Extracting application resources via ADB
Getting ready
How to do itâŚ
There's more...
3. Android Security Assessment Tools
Introduction
Installing and setting up Santoku
Getting ready
How to do it...
There's more...
Setting up drozer
How to do it...
There's moreâŚ
Running a drozer session
How to do it...
Enumerating installed packages
How to do it...
How it works...
There's more...
See also
Enumerating activities
How to do it...
There's more...
See also
Enumerating content providers
How to do it...
How it works...
There's more...
See also
Enumerating services
How to do it...
How it worksâŚ
See also
Enumerating broadcast receivers
How to do it...
See also
Determining application attack surfaces
How to do it...
How it worksâŚ
See also
Launching activities
How to do it...
How it works...
There's moreâŚ
See also
Writing a drozer module â a device enumeration module
How to do it...
How it works...
See also
Writing an application certificate enumerator
How to do it...
4. Exploiting Applications
Introduction
Protecting user data
Protecting applications from one another (isolation and privilege separation)
Protecting communication of sensitive information
Information disclosure via logcat
Getting ready
How to do it...
There's more...
See also
Inspecting network traffic
Getting ready
How to do itâŚ
How it works...
See also
Passive intent sniffing via the activity manager
Getting ready
How to do it...
How it works...
See also
Attacking services
How to do it...
See also
Attacking broadcast receivers
How to do it...
How it worksâŚ
See also
Enumerating vulnerable content providers
How to do it...
How it works...
See also
Extracting data from vulnerable content providers
How to do it...
See also
Inserting data into content providers
How to do it...
Enumerating SQL-injection vulnerable content providers
How to do it...
See also
Exploiting debuggable applications
How to do it...
See also
Man-in-the-middle attacks on applications
Getting ready
How to do it...
See also
5. Protecting Applications
Introduction
Securing application components
How to do it...
How it worksâŚ
See also
Protecting components with custom permissions
How to do itâŚ
Defining a permission group
How it works...
See also
Protecting content provider paths
How to do it...
See also
Defending against the SQL-injection attack
How to do it...
See also
Application signature verification (anti-tamper)
Getting ready
How to do it...
There's more...
Responding to tamper detection
See also
Tamper protection by detecting the installer, emulator, and debug flag
How to do it...
How it works...
There's more...
See also
Removing all log messages with ProGuard
Getting ready
How to do it...
How it works...
There's more...
ProGuard output
Limitations
See also
Advanced code obfuscation with DexGuard
Getting ready
Installing the DexGuard Eclipse plugin
Enabling DexGuard for the Ant build system
Enabling DexGuard for the Gradle build system
How to do it...
There's more...
See also
6. Reverse Engineering Applications
Introduction
Compiling from Java to DEX
Getting ready
How to do it...
How it works...
Decompiling DEX files
Understanding the DEX file format
The DEX file header
The StringIds section
The TypeIds section
The ProtoIds section
The FieldIds section
The MethodIds section
The ClassDefs section
Getting ready
How to do itâŚ
There's more...
See also
Interpreting the Dalvik bytecode
Understanding the Dalvik bytecode
Getting ready
How to do it...
See also
Decompiling DEX to Java
Getting ready
How to do it...
Decompiling the application's native libraries
Getting ready
How to do it...
See also
Debugging the Android processes using the GDB server
Getting ready
How to do it...
7. Secure Networking
Introduction
Validating self-signed SSL certificates
Getting ready
How to do it...
There's more...
Using self-signed SSL certificates in a...