eBook - ePub
Hacking Android
Srinivasa Rao Kotipalli, Mohammed A. Imran
This is a test
Buch teilen
- 376 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Hacking Android
Srinivasa Rao Kotipalli, Mohammed A. Imran
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Explore every nook and cranny of the Android OS to modify your device and guard it against security threats
About This Book
- Understand and counteract against offensive security threats to your applications
- Maximize your device's power and potential to suit your needs and curiosity
- See exactly how your smartphone's OS is put together (and where the seams are)
Who This Book Is For
This book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus.
What You Will Learn
- Acquaint yourself with the fundamental building blocks of Android Apps in the right way
- Pentest Android apps and perform various attacks in the real world using real case studies
- Take a look at how your personal data can be stolen by malicious attackers
- Understand the offensive maneuvers that hackers use
- Discover how to defend against threats
- Get to know the basic concepts of Android rooting
- See how developers make mistakes that allow attackers to steal data from phones
- Grasp ways to secure your Android apps and devices
- Find out how remote attacks are possible on Android devices
In Detail
With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security.
Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you'll get to grips with various tools and techniques that can be used in your everyday pentests. You'll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.
Style and approach
This comprehensive guide takes a step-by-step approach and is explained in a conversational and easy-to-follow style. Each topic is explained sequentially in the process of performing a successful penetration test. We also include detailed explanations as well as screenshots of the basic and advanced concepts.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Hacking Android als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Hacking Android von Srinivasa Rao Kotipalli, Mohammed A. Imran im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Computer Networking. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
Information
Hacking Android
Table of Contents
Hacking Android
Credits
About the Authors
About the Reviewer
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up the Lab
Installing the required tools
Java
Android Studio
Setting up an AVD
Real device
Apktool
Dex2jar/JD-GUI
Burp Suite
Configuring the AVD
Drozer
Prerequisites
QARK (No support for windows)
Getting ready
Advanced REST Client for Chrome
Droid Explorer
Cydia Substrate and Introspy
SQLite browser
Frida
Setting up Frida server
Setting up frida-client
Testing the setup
Vulnerable apps
Kali Linux
ADB Primer
Checking for connected devices
Getting a shell
Listing the packages
Pushing files to the device
Pulling files from the device
Installing apps using adb
Troubleshooting adb connections
Summary
2. Android Rooting
What is rooting?
Why would we root a device?
Advantages of rooting
Unlimited control over the device
Installing additional apps
More features and customization
Disadvantages of rooting
It compromises the security of your device
Bricking your device
Voids warranty
Locked and unlocked boot loaders
Determining boot loader unlock status on Sony devices
Unlocking boot loader on Sony through a vendor specified method
Rooting unlocked boot loaders on a Samsung device
Stock recovery and Custom recovery
Prerequisites
Rooting Process and Custom ROM installation
Installing recovery softwares
Using Odin
Using Heimdall
Rooting a Samsung Note 2
Flashing the Custom ROM to the phone
Summary
3. Fundamental Building Blocks of Android Apps
Basics of Android apps
Android app structure
How to get an APK file?
Storage location of APK files
/data/app/
/system/app/
/data/app-private/
Example of extracting preinstalled apps
Example of extracting user installed apps
Android app components
Activities
Services
Broadcast receivers
Content providers
Android app build process
Building DEX files from the command line
What happens when an app is run?
ART – the new Android Runtime
Understanding app sandboxing
UID per app
App sandboxing
Is there a way to break out of this sandbox?
Summary
4. Overview of Attacking Android Apps
Introduction to Android apps
Web Based apps
Native apps
Hybrid apps
Understanding the app's attack surface
Mobile application architecture
Threats at the client side
Threats at the backend
Guidelines for testing and securing mobile apps
OWASP Top 10 Mobile Risks (2014)
M1: Weak Server-Side Controls
M2: Insecure Data Storage
M3: Insufficient Transport Layer Protection
M4: Unintended Data Leakage
M5: Poor Authorization and Authentication
M6: Broken Cryptography
M7: Client-Side Injection
M8: Security Decisions via Untrusted Inputs
M9: Improper Session Handling
M10: Lack of Binary Protections
Automated tools
Drozer
Performing Android security assessments with Drozer
Installing testapp.apk
Listing out all the modules
Retrieving package information
Identifying the attack surface
Identifying and exploiting Android app vulnerabilities using Drozer
Attacks on exported activities
What is the problem here?
QARK (Quick Android Review Kit)
Running QARK in interactive mode
Reporting
Running QARK in seamless mode:
Summary
5. Data Storage and Its Security
What is data storage?
Android local data storage techniques
Shared preferences
SQLite databases
Internal storage
External storage
Shared preferences
Real world application demo
SQLite databases
Internal storage
External storage
User dictionary cache
Insecure data storage – NoSQL database
NoSQL demo application functionality
Backup techniques
Backup the app data using adb backup command
Convert .ab format to tar format using Android backup extractor
Extracting the TAR file using the pax or star utility
Analyzing the extracted content for security issues
Being safe
Summary
6. Server-Side Attacks
Different types of mobile apps and their threat model
Mobile applications server-side attack surface
Mobile application architecture
Strategies for testing mobile backend
Setting up Burp Suite Proxy for testing
Proxy setting via APN
Proxy setting via Wi-Fi
Bypass certificate warnings and HSTS
HSTS – HTTP Strict Transport Security
Bypassing certificate pinning
Bypass SSL pinning using AndroidSSLTrustKiller
Setting up a demo application
Installing OWASP GoatDroid
Threats at the backend
Relating OWASP top 10 mobile risks and web attacks
Authentication/authorization issues
Authentication vulnerabilities
Authorization vulnerabilities
Session management
Insufficient Transport Layer Security
In...