Hacking Android

Key Features

• Understand and counteract against offensive security threats to your applications
• Maximize your device's power and potential to suit your needs and curiosity
• See exactly how your smartphone's OS is put together (and where the seams are)

Book Description

With the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security.

Hacking Android is a step-by-step guide that will get you started with Android security. You'll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you'll get to grips with various tools and techniques that can be used in your everyday pentests. You'll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab.

What you will learn

• Acquaint yourself with the fundamental building blocks of Android Apps in the right way
• Pentest Android apps and perform various attacks in the real world using real case studies
• Take a look at how your personal data can be stolen by malicious attackers
• Understand the offensive maneuvers that hackers use
• Discover how to defend against threats
• Get to know the basic concepts of Android rooting
• See how developers make mistakes that allow attackers to steal data from phones
• Grasp ways to secure your Android apps and devices
• Find out how remote attacks are possible on Android devices

About the Author

Srinivasa Rao Kotipalli (@srini0x00) is a security researcher from India. He has extensive hands-on experience in performing web application, infrastructure, and mobile security assessments. He worked as a security consultant at Tata Consultancy Services India for two and a half years and later joined a start-up in Malaysia. He has delivered training sessions on web, infrastructure, and mobile penetration testing for organizations across the world, in countries such as India, Malaysia, Brunei, and Vietnam. Through responsible disclosure programs, he has reported vulnerabilities in many top-notch organizations. He holds a bachelor's degree in information technology and is OSCP certified. He blogs at www.androidpentesting.com and www.infosecinstitute.com.

Mohammed A. Imran (@secfigo) is an experienced application security engineer and the founder of null Singapore and null Hyderabad. With more than 6 years of experience in product security and consulting, he spends most of his time on penetration testing, vulnerability assessments, and source code reviews of web and mobile applications. He has helped telecom, banking, and software development houses create and maintain secure SDLC programs. He has also created and delivered training on application security and secure coding practices to students, enterprises, and government organizations. He holds a master's degree in computer science and is actively involved in the information security community and organizes meetups regularly.

Table of Contents

1. Setting Up the Lab
2. Android Rooting
3. Fundamental Building Blocks of Android Apps
4. Overview of Attacking Android Apps
5. Data Storage and Its Security
6. Server-Side Attacks
7. Client-Side Attacks – Static Analysis Techniques
8. Client-Side Attacks – Dynamic Analysis Techniques
9. Android Malware
10. Attacks on Android Devices