Chapter 4. Exploiting Applications

In this chapter, we will cover the following recipes:

  • Information disclosure via logcat
  • Inspecting the network traffic
  • Passive intent sniffing via the activity manager
  • Attacking services
  • Attacking broadcast receivers
  • Enumerating vulnerable content providers
  • Extracting data from vulnerable content providers
  • Inserting data into content providers
  • Enumerating SQL-injection vulnerable content providers
  • Exploiting debuggable applications
  • Man-in-the-middle attacks on applications


So far, we've covered some of the basic development and security assessment tools, and we even covered some examples of extending and customizing these tools. This chapter will focus on the use of these tools to analyze the Android applications ...

Get Android Security Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.