Android Security

Table of contents

1. Preliminaries
2. Dedication
3. Foreword
4. Preface
   1. About the Book
   2. Assumptions
   3. Audience
   4. Support
   5. Structure
5. About the Authors
   1. Anmol Misra
   2. Abhishek Dubey
6. Acknowledgments
7. Chapter 1 Introduction
   1. 1.1 Why Android
   2. 1.2 Evolution of Mobile Threats
   3. 1.3 Android Overview
   4. 1.4 Android Marketplaces
   5. 1.5 Summary
   6. 1. Figure 1.1
      2. Figure 1.2
      3. Figure 1.3
      4. Figure 1.4
      5. Figure 1.5
      6. Figure 1.6
      7. Figure 1.7
      8. Figure 1.8
      9. Figure 1.9
      10. Figure 1.10
      11. Figure 1.11
      12. Figure 1.12
   7. 1. Table 1.1
8. Chapter 2 Android Architecture
   1. 2.1 Android Architecture Overview
      1. 2.1.1 Linux Kernel
      2. 2.1.2 Libraries
      3. 2.1.3 Android Runtime
      4. 2.1.4 Application Framework
      5. 2.1.5 Applications
   2. 2.2 Android Start Up and Zygote
   3. 2.3 Android SDK and Tools
      1. 2.3.1 Downloading and Installing the Android SDK
      2. 2.3.2 Developing with Eclipse and ADT
      3. 2.3.3 Android Tools
      4. 2.3.4 DDMS
      5. 2.3.5 ADB
      6. 2.3.6 ProGuard
   4. 2.4 Anatomy of the “Hello World” Application
      1. 2.4.1 Understanding Hello World
   5. 2.5 Summary
   6. 1. Figure 2.1
      2. Figure 2.2
      3. Figure 2.3
      4. Figure 2.4
      5. Figure 2.5
      6. Figure 2.6
      7. Figure 2.7
      8. Figure 2.8
      9. Figure 2.9
      10. Figure 2.10
      11. Figure 2.11
      12. Figure 2.12
      13. Figure 2.13
      14. Figure 2.14
      15. Figure 2.15
   7. 1. Table 2.1
      2. Table 2.2
      3. Table 2.3
      4. Table 2.4
      5. Table 2.5
      6. Table 2.6
9. Chapter 3 Android Application Architecture
   1. 3.1 Application Components
      1. 3.1.1 Activities
      2. 3.1.2 Intents
      3. 3.1.3 Broadcast Receivers
      4. 3.1.4 Services
      5. 3.1.5 Content Providers
   2. 3.2 Activity Lifecycles
   3. 3.3 Summary
   4. 1. Figure 3.1
      2. Figure 3.2
      3. Figure 3.3
      4. Figure 3.4
      5. Figure 3.5
      6. Figure 3.6
      7. Figure 3.7
      8. Figure 3.8
      9. Figure 3.9
      10. Figure 3.10
      11. Figure 3.11
      12. Figure 3.12
   5. 1. Table 3.1
      2. Table 3.2
      3. Table 3.3
10. Chapter 4 Android (in)Security
    1. 4.1 Android Security Model
    2. 4.2 Permission Enforcement—Linux
    3. 4.3 Android’s Manifest Permissions
       1. 4.3.1 Requesting Permissions
       2. 4.3.2 Putting It All Together
    4. 4.4 Mobile Security Issues
       1. 4.4.1 Device
       2. 4.4.2 Patching
       3. 4.4.3 External Storage
       4. 4.4.4 Keyboards
       5. 4.4.5 Data Privacy
       6. 4.4.6 Application Security
       7. 4.4.7 Legacy Code
    5. 4.5 Recent Android Attacks—A Walkthrough
       1. 4.5.1 Analysis of DroidDream Variant
       2. 4.5.2 Analysis of Zsone
       3. 4.5.3 Analysis of Zitmo Trojan
    6. 4.6 Summary
    7. 1. Figure 4.1
       2. Figure 4.2
       3. Figure 4.3
       4. Figure 4.4
       5. Figure 4.5
       6. Figure 4.6
       7. Figure 4.7
       8. Figure 4.8
       9. Figure 4.9
       10. Figure 4.10
       11. Figure 4.11
       12. Figure 4.12
       13. Figure 4.13
       14. Figure 4.14
       15. Figure 4.15
       16. Figure 4.16
    8. 1. Table 4.1
11. Chapter 5 Pen Testing Android
    1. 5.1 Penetration Testing Methodology
       1. 5.1.1 External Penetration Test
       2. 5.1.2 Internal Penetration Test
       3. 5.1.3 Penetration Test Methodologies
       4. 5.1.4 Static Analysis
       5. 5.1.5 Steps to Pen Test Android OS and Devices
    2. 5.2 Tools for Penetration Testing Android
       1. 5.2.1 Nmap
       2. 5.2.2 BusyBox
       3. 5.2.3 Wireshark
       4. 5.2.4 Vulnerabilities in the Android OS
    3. 5.3 Penetration Testing—Android Applications
       1. 5.3.1 Android Applications
       2. 5.3.2 Application Security
    4. 5.4 Miscellaneous Issues
       1. 5.4.1 Data Storage on Internal, External, and Cloud
    5. 5.5 Summary
    6. 1. Figure 5.1
       2. Figure 5.2
       3. Figure 5.3
       4. Figure 5.4
       5. Figure 5.5
       6. Figure 5.6
       7. Figure 5.7
       8. Figure 5.8
       9. Figure 5.9
       10. Figure 5.10
       11. Figure 5.11
       12. Figure 5.12
       13. Figure 5.13 (a)
       14. Figure 5.13 (b)
    7. 1. Table 5.1
12. Chapter 6 Reverse Engineering Android Applications
    1. 6.1 Introduction
    2. 6.2 What is Malware?
    3. 6.3 Identifying Android Malware
    4. 6.4 Reverse Engineering Methodology for Android Applications
    5. 6.5 Summary
    6. 1. Figure 6.1
       2. Figure 6.2
       3. Figure 6.3
       4. Figure 6.4
       5. Figure 6.5
       6. Figure 6.6
       7. Figure 6.7
       8. Figure 6.8
       9. Figure 6.9
       10. Figure 6.10
       11. Figure 6.11
       12. Figure 6.12
       13. Figure 6.13
       14. Figure 6.14
       15. Figure 6.15
       16. Figure 6.16
       17. Figure 6.17
       18. Figure 6.18
       19. Figure 6.19
       20. Figure 6.20
       21. Figure 6.21
       22. Figure 6.22
       23. Figure 6.23
       24. Figure 6.24
       25. Figure 6.25
    7. 1. Table 6.1
       2. Table 6.2
       3. Table 6.3
       4. Table 6.4
13. Chapter 7 Modifying the Behavior of Android Applications without Source Code
    1. 7.1 Introduction
       1. 7.1.1 To Add Malicious Behavior
       2. 7.1.2 To Eliminate Malicious Behavior
       3. 7.1.3 To Bypass Intended Functionality
    2. 7.2 DEX File Format
    3. 7.3 Case Study: Modifying the Behavior of an Application
    4. 7.4 Real World Example 1—Google Wallet Vulnerability
    5. 7.5 Real World Example 2—Skype Vulnerability (CVE-2011-1717)
    6. 7.6 Defensive Strategies
       1. 7.6.1 Perform Code Obfuscation
       2. 7.6.2 Perform Server Side Processing
       3. 7.6.3 Perform Iterative Hashing and Use Salt
       4. 7.6.4 Choose the Right Location for Sensitive Information
       5. 7.6.5 Cryptography
       6. 7.6.6 Conclusion
    7. 7.7 Summary
    8. 1. Figure 7.1
       2. Figure 7.2
       3. Figure 7.3
       4. Figure 7.4
       5. Figure 7.5
       6. Figure 7.6
       7. Figure 7.7
       8. Figure 7.8
       9. Figure 7.9
       10. Figure 7.10
       11. Figure 7.11
       12. Figure 7.12
       13. Figure 7.13
       14. Figure 7.14
       15. Figure 7.15
       16. Figure 7.16
       17. Figure 7.17
       18. Figure 7.18
       19. Figure 7.19
       20. Figure 7.20
14. Chapter 8 Hacking Android
    1. 8.1 Introduction
    2. 8.2 Android File System
       1. 8.2.1 Mount Points
       2. 8.2.2 File Systems
       3. 8.2.3 Directory Structure
    3. 8.3 Android Application Data
       1. 8.3.1 Storage Options
       2. 8.3.2 /data/data
    4. 8.4 Rooting Android Devices
    5. 8.5 Imaging Android
    6. 8.6 Accessing Application Databases
    7. 8.7 Extracting Data from Android Devices
    8. 8.8 Summary
    9. 1. Figure 8.1
       2. Figure 8.2
       3. Figure 8.3
       4. Figure 8.4
       5. Figure 8.5
       6. Figure 8.6
       7. Figure 8.7
       8. Figure 8.8
       9. Figure 8.9
       10. Figure 8.10
       11. Figure 8.11
       12. Figure 8.12
       13. Figure 8.13
       14. Figure 8.14
       15. Figure 8.15
       16. Figure 8.16
       17. Figure 8.17
    10. 1. Table 8.1
        2. Table 8.2
        3. Table 8.3
        4. Table 8.4
15. Chapter 9 Securing Android for the Enterprise Environment
    1. 9.1 Android in Enterprise
       1. 9.1.1 Security Concerns for Android in Enterprise
          1. Lack of Physical Control of Devices
          2. Use of “User-Owned” Untrusted Devices
          3. Connecting to “Unapproved and Untrusted Networks”
          4. Use of Untrusted Applications
          5. Connections with “Untrusted” Systems
          6. Unknown Content
          7. Use of GPS (location-related services)
          8. Lack of Control of Patching Applications and OS
       2. 9.1.2 End-User Awareness
       3. 9.1.3 Compliance/Audit Considerations
       4. 9.1.4 Recommended Security Practices for Mobile Devices
    2. 9.2 Hardening Android
       1. 9.2.1 Deploying Android Securely
          1. Unauthorized Device Access
             1. Setting Up a Screen Lock
             2. Setting up the SIM Lock
             3. Remote Wipe
          2. Other Settings
          3. Encryption
       2. 9.2.2 Device Administration
    3. 9.3 Summary
    4. 1. Figure 9.1
       2. Figure 9.2
       3. Figure 9.3
       4. Figure 9.4
       5. Figure 9.5
       6. Figure 9.6
       7. Figure 9.7
       8. Figure 9.8
       9. Figure 9.9
       10. Figure 9.10
       11. Figure 9.11
       12. Figure 9.12
16. Chapter 10 Browser Security and Future Threat Landscape
    1. 10.1 Mobile HTML Security
       1. 10.1.1 Cross-Site Scripting
       2. 10.1.2 SQL Injection
       3. 10.1.3 Cross-Site Request Forgery
       4. 10.1.4 Phishing
    2. 10.2 Mobile Browser Security
       1. 10.2.1 Browser Vulnerabilities
          1. Drive-by Downloads
    3. 10.3 The Future Landscape
       1. 10.3.1 The Phone as a Spying/Tracking Device
       2. 10.3.2 Controlling Corporate Networks and Other Devices through Mobile Devices
       3. 10.3.3 Mobile Wallets and NFC
    4. 10.4 Summary
    5. 1. Figure 10.1
       2. Figure 10.2
       3. Figure 10.3
       4. Figure 10.4
    6. 1. Table 10.1
       2. Table 10.2
17. Appendix A
18. 1. Table A.1
19. Appendix B: JEB Disassembler and Decompiler Overview
    1. B.1 Views
    2. B.2 Code Views
    3. B.3 Keyboard Shortcuts
    4. B.4 Options
    5. 1. Figure B.1
       2. Figure B.2
       3. Figure B.3
    6. 1. Table B.1
20. Appendix C: Cracking the SecureApp.Apk Application
21. Glossary
    1. Chapter 1
    2. Chapter 2
    3. Chapter 3
    4. Chapter 4
    5. Chapter 5
    6. Chapter 6
    7. Chapter 7
    8. Chapter 8
    9. Chapter 9
    10. Chapter 10