Hacking Android Explore Every Nook and Cranny of the Android OS to Modify Your Device and Guard It Against Security Threats
Explore every nook and cranny of the Android OS to modify your device and guard it against security threatsKey Features[*] Understand and counteract against offensive security threats to your applications[*]Maximize your device’s power and potential to suit your needs and curiosity[*] See exactly ho...
Saved in:
| Main Author | |
|---|---|
| Format | eBook |
| Language | English |
| Published |
Birmingham
Packt Publishing, Limited
2016
Packt Publishing Limited |
| Edition | 1 |
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Explore every nook and cranny of the Android OS to modify your device and guard it against security threatsKey Features[*] Understand and counteract against offensive security threats to your applications[*]Maximize your device’s power and potential to suit your needs and curiosity[*] See exactly how your smartphone’s OS is put together (and where the seams are)Book DescriptionWith the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab. What you will learn[*] Acquaint yourself with the fundamental building blocks of Android Apps in the right way[*] Pentest Android apps and perform various attacks in the real world using real case studies[*] Take a look at how your personal data can be stolen by malicious attackers[*] Understand the offensive maneuvers that hackers use[*] Discover how to defend against threats[*] Get to know the basic concepts of Android rooting[*] See how developers make mistakes that allow attackers to steal data from phones[*] Grasp ways to secure your Android apps and devices[*] Find out how remote attacks are possible on Android devicesWho this book is forThis book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus. |
|---|---|
| AbstractList | Explore every nook and cranny of the Android OS to modify your device and guard it against security threatsKey Features[*] Understand and counteract against offensive security threats to your applications[*]Maximize your device’s power and potential to suit your needs and curiosity[*] See exactly how your smartphone’s OS is put together (and where the seams are)Book DescriptionWith the mass explosion of Android mobile phones in the world, mobile devices have become an integral part of our everyday lives. Security of Android devices is a broad subject that should be part of our everyday lives to defend against ever-growing smartphone attacks. Everyone, starting with end users all the way up to developers and security professionals should care about android security. Hacking Android is a step-by-step guide that will get you started with Android security. You’ll begin your journey at the absolute basics, and then will slowly gear up to the concepts of Android rooting, application security assessments, malware, infecting APK files, and fuzzing. On this journey you’ll get to grips with various tools and techniques that can be used in your everyday pentests. You’ll gain the skills necessary to perform Android application vulnerability assessment and penetration testing and will create an Android pentesting lab. What you will learn[*] Acquaint yourself with the fundamental building blocks of Android Apps in the right way[*] Pentest Android apps and perform various attacks in the real world using real case studies[*] Take a look at how your personal data can be stolen by malicious attackers[*] Understand the offensive maneuvers that hackers use[*] Discover how to defend against threats[*] Get to know the basic concepts of Android rooting[*] See how developers make mistakes that allow attackers to steal data from phones[*] Grasp ways to secure your Android apps and devices[*] Find out how remote attacks are possible on Android devicesWho this book is forThis book is for anyone who wants to learn about Android security. Software developers, QA professionals, and beginner- to intermediate-level security professionals will find this book helpful. Basic knowledge of Android programming would be a plus. |
| Author | Rao Kotipalli, Srinivasa |
| Author_xml | – sequence: 1 fullname: Rao Kotipalli, Srinivasa |
| BookMark | eNo9j01LAzEURSOo2NbiX3AnLgbyJnn5WNahWqHgRtwOmeSl1I6JZqaI_96Bipt77uJw4c7ZecqJztgctEFjDOd4yWYWESRHwCu2HIZ3zrkQVitjZ-xm4_xhn3a3qxRK3odrdhFdP9Dyjwv29rh-bTbV9uXpuVltKycAuaiUQUsKphTgrALvI1INUTsZnO5q6x1YbruI2nRKkgyaFCehakABUYoFuz8Nf7t-pBJoV44_U2k_XPGt1eb_gZ7cu5P7WfLXkYaxpS7ng6c0Fte364dGKtDcKPEL-fpE8g |
| ContentType | eBook |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 1785888005 9781785888007 |
| Edition | 1 |
| ExternalDocumentID | 9781785888007 EBC4617086 |
| GroupedDBID | AABBV AAZEP ABARN ABWNX ACLGV ADVEM AEIUR AERYV AHWGJ AIXPE AJFER ALMA_UNASSIGNED_HOLDINGS AZZ BBABE GEOUK MYL QD8 ABQPQ AFOJC |
| ID | FETCH-LOGICAL-a31503-6859e6185931a961ccf5e21f7a4da7b29ca1909bf578b64e4d7e60e3621531f43 |
| IngestDate | Wed Jul 30 02:17:05 EDT 2025 Wed Sep 03 01:32:50 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| LCCallNum_Ident | QA76.774.A53.K68 2016 |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-a31503-6859e6185931a961ccf5e21f7a4da7b29ca1909bf578b64e4d7e60e3621531f43 |
| OCLC | 955140515 1457221116 |
| PQID | EBC4617086 |
| PageCount | 376 |
| ParticipantIDs | walterdegruyter_marc_9781785888007 proquest_ebookcentral_EBC4617086 |
| PublicationCentury | 2000 |
| PublicationDate | 2016 [2016] |
| PublicationDateYYYYMMDD | 2016-01-01 |
| PublicationDate_xml | – year: 2016 text: 2016 |
| PublicationDecade | 2010 |
| PublicationPlace | Birmingham |
| PublicationPlace_xml | – name: Birmingham – name: Berlin – name: Warsaw |
| PublicationYear | 2016 |
| Publisher | Packt Publishing, Limited Packt Publishing Limited |
| Publisher_xml | – name: Packt Publishing, Limited – name: Packt Publishing Limited |
| RestrictionsOnAccess | restricted access |
| SSID | ssj0003397689 |
| Score | 1.9637293 |
| Snippet | Explore every nook and cranny of the Android OS to modify your device and guard it against security threatsKey Features[*] Understand and counteract against... |
| SourceID | walterdegruyter proquest |
| SourceType | Publisher |
| SubjectTerms | COMPUTERS / Programming / Mobile Devices Operating systems (Computers) Security measures |
| Subtitle | Explore Every Nook and Cranny of the Android OS to Modify Your Device and Guard It Against Security Threats |
| TableOfContents | Cover -- Copyright -- Credits -- About the Authors -- About the Reviewer -- www.PacktPub.com -- Table of Contents -- Preface -- Chapter 1: Setting Up the Lab -- Installing the required tools -- Java -- Android Studio -- Setting up an AVD -- Real device -- Apktool -- Dex2jar/JD-GUI -- Burp Suite -- Configuring the AVD -- Drozer -- Prerequisites -- QARK (No support for windows) -- Getting ready -- Advanced REST Client for Chrome -- Droid Explorer -- Cydia Substrate and Introspy -- SQLite browser -- Frida -- Setting up Frida server -- Setting up frida-client -- Vulnerable apps -- Kali Linux -- ADB Primer -- Checking for connected devices -- Getting a shell -- Listing the packages -- Pushing files to the device -- Pulling files from the device -- Installing apps using adb -- Troubleshooting adb connections -- Summary -- Chapter 2: Android Rooting -- What is rooting? -- Why would we root a device? -- Advantages of rooting -- Unlimited control over the device -- Installing additional apps -- More features and customization -- Disadvantages of rooting -- It compromises the security of your device -- Bricking your device -- Voids warranty -- Locked and unlocked boot loaders -- Determining boot loader unlock status on Sony devices -- Unlocking boot loader on Sony through a vendor specified method -- Rooting unlocked boot loaders on a Samsung device -- Stock recovery and Custom recovery -- Prerequisites -- Rooting Process and Custom ROM installation -- Installing recovery softwares -- Using Odin -- Using Heimdall -- Rooting a Samsung Note 2 -- Flashing the Custom ROM to the phone -- Summary -- Chapter 3: Fundamental Building Blocks of Android Apps -- Basics of Android apps -- Android app structure -- How to get an APK file? -- Storage location of APK files -- /data/app/ -- /system/app/ -- /data/app-private/ -- Android app components -- Activities Finding out the package name of your target application -- Getting information about a package -- Dumping the AndroidManifes.xml file -- Finding out the attack surface: -- Attacks on activities -- Attacks on services -- Broadcast receivers -- Content provider leakage and SQL Injection using Drozer -- Attacking SQL Injection using Drozer -- Path traversal attacks in content providers -- Reading /etc/hosts -- Reading kernel version -- Exploiting debuggable apps -- Introduction to Cydia Substrate -- Runtime monitoring and analysis using Introspy -- Hooking using Xposed framework -- Dynamic instrumentation using Frida -- What is Frida? -- Prerequisites -- Steps to perform dynamic hooking with Frida -- Logging based vulnerabilities -- WebView attacks -- Accessing sensitive local resources through file scheme -- Other WebView issues -- Summary -- Chapter 9: Android Malware -- What do Android malwares do? -- Writing Android malwares -- Writing a simple reverse shell Trojan using socket programming -- Registering permissions -- Writing a simple SMS stealer -- The user interface -- Registering permissions -- Code on the server -- A note on infecting legitimate apps -- Malware analysis -- Static analysis -- Disassembling Android apps using Apktool -- Decompiling Android apps using dex2jar and JD-GUI -- Dynamic analysis -- Analyzing HTTP/HTTPS traffic using Burp -- Analysing network traffic using tcpdump and Wireshark -- Tools for automated analysis -- How to be safe from Android malwares? -- Summary -- Chapter 10: Attacks on Android Devices -- MitM attacks -- Dangers with apps that provide network level access -- Using existing exploits -- Malware -- Bypassing screen locks -- Bypassing pattern lock using adb -- Removing the gesture.key file -- Cracking SHA1 hashes from the gesture.key file -- Bypassing password/PIN using adb Services -- Broadcast receivers -- Content providers -- Android app build process -- Building DEX files from the command line -- What happens when an app is run? -- ART - the new Android Runtime -- Understanding app sandboxing -- UID per app -- App sandboxing -- Is there a way to break out of this sandbox? -- Summary -- Chapter 4: Overview of Attacking Android Apps -- Introduction to Android apps -- Web Based apps -- Native apps -- Hybrid apps -- Understanding the app's attack surface -- Mobile application architecture -- Threats at the client side -- Threats at the backend -- Guidelines for testing and securing mobile apps -- OWASP Top 10 Mobile Risks (2014) -- M1: Weak Server-Side Controls -- M2: Insecure Data Storage -- M3: Insufficient Transport Layer Protection -- M4: Unintended Data Leakage -- M5: Poor Authorization and Authentication -- M6: Broken Cryptography -- M7: Client-Side Injection -- M8: Security Decisions via Untrusted Inputs -- M9: Improper Session Handling -- M10: Lack of Binary Protections -- Automated tools -- Drozer -- Performing Android security assessments with Drozer -- Installing testapp.apk -- Listing out all the modules -- Retrieving package information -- Identifying the attack surface -- Identifying and exploiting Android app vulnerabilities using Drozer -- QARK (Quick Android Review Kit) -- Running QARK in interactive mode -- Reporting -- Running QARK in seamless mode: -- Summary -- Chapter 5: Data Storage and Its Security -- What is data storage? -- Android local data storage techniques -- Shared preferences -- SQLite databases -- Internal storage -- External storage -- Shared preferences -- Real world application demo -- SQLite databases -- Internal storage -- External storage -- User dictionary cache -- Insecure data storage - NoSQL database -- NoSQL demo application functionality -- Backup techniques Bypassing screen locks using CVE-2013-6271 -- Pulling data from the sdcard -- Summary -- Index Backup the app data using adb backup command -- Convert .ab format to tar format using Android backup extractor -- Extracting the TAR file using the pax or star utility -- Analyzing the extracted content for security issues -- Being safe -- Summary -- Chapter 6: Server-Side Attacks -- Different types of mobile apps and their threat model -- Mobile applications server-side attack surface -- Mobile application architecture -- Strategies for testing mobile backend -- Setting up Burp Suite Proxy for testing -- Proxy setting via APN -- Proxy setting via Wi-Fi -- Bypass certificate warnings and HSTS -- Bypassing certificate pinning -- Bypass SSL pinning using AndroidSSLTrustKiller -- Setting up a demo application -- Threats at the backend -- Relating OWASP top 10 mobile risks and web attacks -- Authentication/authorization issues -- Session management -- Insufficient Transport Layer Security -- Input validation related issues -- Improper error handling -- Insecure data storage -- Attacks on the database -- Summary -- Chapter 7: Client-Side Attacks - Static Analysis Techniques -- Attacking application components -- Attacks on activities -- What does exported behavior mean to an activity? -- Intent filters -- Attacks on services -- Extending the Binder class: -- Using a Messenger -- Using AIDL -- Attacking AIDL services -- Attacks on broadcast receivers -- Attacks on content providers -- Querying content providers: -- Exploiting SQL Injection in content providers using adb -- Testing for Injection: -- Finding the column numbers for further extraction -- Running database functions -- Finding out SQLite version: -- Finding out table names -- Static analysis using QARK: -- Summary -- Chapter 8: Client-Side Attacks - Dynamic Analysis Techniques -- Automated Android app assessments using Drozer -- Listing out all the modules -- Retrieving package information Hacking Android: Explore every nook and cranny of the Android OS to modify your device and guard it against security threats |
| Title | Hacking Android |
| URI | https://ebookcentral.proquest.com/lib/[SITE_ID]/detail.action?docID=4617086 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8NAEF5re_FSFBXriyLeJJJ9JrlaKkWpCFbpLWw2ExGllZoqij_e2TSJTfCgXpZkSRZ2Bma-2ZlvlpBj12CMYDzhMIDIEZpqJ6JGOSD9RLoCDMt4a8MrNbgVF2M5bqx8LrNL0ujUfPzIK_mPVnEO9WpZsn_QbLkoTuAz6hdH1DCONfBbvhY3-pjH7DzDthsoatJtsmZ6cjlNH57104L1fGPzM6_6RS8H97Qe3F_jaunygVSV9bQIAqnnS4xj3cXtsdWW0jVTXxbgVX5bJS0mFEcr0UJf2B-WZ1TcghW_Cr7bb1kaP4b72fw9LdLGmTcerZMWWIrGBmnAZJO0c2F0c2Fskbvz_qg3cPJrHhzNEY5yR_kyAEVt5zWqA0WNSSQwmnhaxNqLWGA0wpYgStC6REqAiD1QLqDrRXNNE8G3SXMyncAO6caA-M5jwDnY1oYQoIOWCNESAMk0iA7pFlsJs2x0XgIb9s96wvam91WHHNW2GNquImFFZLu_-WiPrH3rdJ8009kcDhDCpNFhLukv31HytQ |
| linkProvider | ProQuest Ebooks |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.title=Hacking+Android&rft.au=Rao+Kotipalli%2C+Srinivasa&rft.date=2016-01-01&rft.pub=Packt+Publishing+Limited&rft.isbn=9781785888007&rft.externalDBID=n%2Fa&rft.externalDocID=9781785888007 |
| thumbnail_m | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Fsciendo.com%2Fdocument%2Fcover%2Fisbn%2F9781785888007%2Fproduct_pages |