更新时间:2021-07-21 17:53:30
coverpage
Android Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Support files eBooks discount offers and more
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Chapter 1. Android Development Tools
Introduction
Installing the Android Development Tools (ADT)
Installing the Java Development Kit (JDK)
Updating the API sources
Alternative installation of the ADT
Installing the Native Development Kit (NDK)
Emulating Android
Creating Android Virtual Devices (AVDs)
Using the Android Debug Bridge (ADB) to interact with the AVDs
Copying files off/onto an AVD
Installing applications onto the AVDs via ADB
Chapter 2. Engaging with Application Security
Inspecting application certificates and signatures
Signing Android applications
Verifying application signatures
Inspecting the AndroidManifest.xml file
Interacting with the activity manager via ADB
Extracting application resources via ADB
Chapter 3. Android Security Assessment Tools
Installing and setting up Santoku
Setting up drozer
Running a drozer session
Enumerating installed packages
Enumerating activities
Enumerating content providers
Enumerating services
Enumerating broadcast receivers
Determining application attack surfaces
Launching activities
Writing a drozer module – a device enumeration module
Writing an application certificate enumerator
Chapter 4. Exploiting Applications
Information disclosure via logcat
Inspecting network traffic
Passive intent sniffing via the activity manager
Attacking services
Attacking broadcast receivers
Enumerating vulnerable content providers
Extracting data from vulnerable content providers
Inserting data into content providers
Enumerating SQL-injection vulnerable content providers
Exploiting debuggable applications
Man-in-the-middle attacks on applications
Chapter 5. Protecting Applications
Securing application components
Protecting components with custom permissions
Protecting content provider paths
Defending against the SQL-injection attack
Application signature verification (anti-tamper)
Tamper protection by detecting the installer emulator and debug flag
Removing all log messages with ProGuard
Advanced code obfuscation with DexGuard
Chapter 6. Reverse Engineering Applications
Compiling from Java to DEX
Decompiling DEX files
Interpreting the Dalvik bytecode
Decompiling DEX to Java
Decompiling the application's native libraries
Debugging the Android processes using the GDB server
Chapter 7. Secure Networking
Validating self-signed SSL certificates
Using StrongTrustManager from the OnionKit library
SSL pinning
Chapter 8. Native Exploitation and Analysis
Inspecting file permissions
Cross-compiling native executables
Exploitation of race condition vulnerabilities
Stack memory corruption exploitation
Automated native Android fuzzing
Chapter 9. Encryption and Developing Device Administration Policies
Using cryptography libraries
Generating a symmetric encryption key
Securing SharedPreferences data
Password-based encryption
Encrypting a database with SQLCipher
Android KeyStore provider
Setting up device administration policies
