Topics
Day 1
Introduction to Android Security
Mobile application threat model – What makes mobile application security so different?
The Android Linux OS security
The Dalvik VM
The Android security mechanisms
Application file system isolation & insecure file access
The permission model
Database isolation
The Android emulator VS. physical device
The debug bridge
Rooting
AppUse VM
Static Analysis – Reverse Engineering & Patching the Application Binaries
The APK file package
APK extraction – investigating layout, manifest, permissions and binaries
Extracting the content of the classes.dex file
Using smali/baksmali Dalvik assembler/disassembler
Decompilation
Using dex2jar
Reverse engineer the app and change its behavior
Decompile / disassmble the dex classes using smali/baksmali
Code patching – modifying the code
Recompile
Resign the APK
Day 2
Application Dynamic Runtime Analysis
Monitoring process activity
Observing file access
Monitoring network connectivity
Analyzing logs using logcat
Memory dumps and analysis
Smali Debugging
Setting breakpoints
Native debugging with IDA (building signatures, types etc.)
Runtime instrumentation and manipulation using ReFrameworker
Traffic Analysis and Manipulation
Common vulnerabilities related to traffic
Proxies and sniffers
Sensitive information transmission
Importing SSL certificates & trusted CA’s
Bypassing server certificate validations
Exposing insecure traffic
Validating server certificates and avoiding man-in-the-middle
SSL pinning
Using the HostnameVerifier class
Using SSL with the HttpsURLConnection class
Client side certificate authentication
Day 3
Component & IPC Security
Major component types – activity, service, content provider, broadcast receiver
The intent structure
The intent filter
Component permissions and visibility
Authenticating callers of components
Binder interface
Pending intents
Direct component invocation by unauthorized apps
Unprotected content providers
Sticky broadcasts
Securely activating components
Avoiding access to restricted screens
Identifying Code Level Vulnerabilities
Verifying caller identity
Whitebox approach using a code review
Locating interesting code
How to perform
Detecting common code level vulnerabilities
Using Lint