The Mobile Application Hacker's Handbook -- Contents -- Introduction -- Chapter 1 Mobile Application (In)security -- The Evolution of Mobile Applications -- Common Mobile Application Functions -- Benefits of Mobile Applications -- Mobile Application Security -- Key Problem Factors -- Underdeveloped Security Awareness -- Ever-Changing Attack Surfaces -- Economic and Time Constraints -- Custom Development -- The OWASP Mobile Security Project -- OWASP Mobile Top Ten -- OWASP Mobile Security Tools -- The Future of Mobile Application Security -- Summary -- Chapter 2 Analyzing iOS Applications -- Understanding the Security Model -- Initializing iOS with Secure Boot Chain -- Introducing the Secure Enclave -- Restricting Application Processes with Code Signing -- Isolating Applications with Process-Level Sandboxing -- Protecting Information with Data-at-Rest Encryption -- Protecting Against Attacks with Exploit Mitigation Features -- Understanding iOS Applications -- Distribution of iOS Applications -- Apple App Store -- Enterprise Distribution -- Application Structure -- Installing Applications -- Understanding Application Permissions -- Jailbreaking Explained -- Reasons for Jailbreaking -- Types of Jailbreaks -- Building a Test Environment -- Accessing the Device -- Building a Basic Toolkit -- Cydia -- BigBoss Recommended Tools -- Apple's CC Tools -- Debuggers -- Tools for Signing Binaries -- Installipa -- Exploring the Filesystem -- Property Lists -- Binary Cookies -- SQLite Databases -- Understanding the Data Protection API -- Understanding the iOS Keychain -- Access Control and Authentication Policies in iOS 8 -- Accessing the iOS Keychain -- Understanding Touch ID -- Reverse Engineering iOS Binaries -- Analyzing iOS Binaries -- Identifying Security-Related Features -- Position-Independent Executable -- Stack-Smashing Protection.

Automatic Reference Counting -- Decrypting App Store Binaries -- Decrypting iOS Binaries Using a Debugger -- Automating the Decryption Process -- Inspecting Decrypted Binaries -- Inspecting Objective-C Applications -- Inspecting Swift Applications -- Disassembling and Decompiling iOS Applications -- Summary -- Chapter 3 Attacking iOS Applications -- Introduction to Transport Security -- Identifying Transport Insecurities -- Certificate Validation -- SSL Session Security -- Intercepting Encrypted Communications -- Bypassing Certificate Pinning -- Identifying Insecure Storage -- Patching iOS Applications with Hopper -- Attacking the iOS Runtime -- Understanding Objective-C and Swift -- Instrumenting the iOS Runtime -- Introduction to Cydia Substrate -- Using the Cydia Substrate C API -- Tweak Development Using Theos and Logos -- Instrumentation Using Cycript -- Instrumentation Using Frida -- Instrumenting the Runtime Using the Dynamic Linker -- Instrumenting the Runtime Using the Dynamic Linker -- Inspecting iOS Applications using Snoop-it -- Understanding Interprocess Communication -- Attacking Protocol Handlers -- Application Extensions -- Attacking Using Injection -- Injecting into UIWebViews -- Injecting into Client-Side Data Stores -- Injecting into XML -- Injecting into File-Handling Routines -- Summary -- Chapter 4 Identifying iOS Implementation Insecurities -- Disclosing Personally Identifiable Information -- Handling Device Identifiers -- Processing the Address Book -- Handling Geolocation Data -- Identifying Data Leaks -- Leaking Data in Application Logs -- Identifying Pasteboard Leakage -- Handling Application State Transitions -- Keyboard Caching -- HTTP Response Caching -- Memory Corruption in iOS Applications -- Format String Vulnerabilities -- Object Use-After-Free -- Other Native Code Implementation Issues -- Summary.

Chapter 5 Writing Secure iOS Applications -- Protecting Data in Your Application -- General Design Principles -- Implementing Encryption -- Protecting Your Data in Transit -- Avoiding Injection Vulnerabilities -- Preventing SQL Injection -- Avoiding Cross-Site Scripting -- Securing Your Application with Binary Protections -- Detecting Jailbreaks -- Jailbreak Artifacts -- Nondefault Open Ports -- Weakening of the Sandbox -- Evidence of System Modifications -- Securing Your Application Runtime -- Tamperproofing Your Application -- Implementing Anti-Debugging Protections -- Obfuscating Your Application -- Summary -- Chapter 6 Analyzing Android Applications -- Creating Your First Android Environment -- Understanding Android Applications -- Reviewing Android OS Basics -- Getting to Know Android Packages -- Observing the Structure of a Package -- Installing Packages -- Using Tools to Explore Android -- ADB -- BusyBox -- Standard Android Tools -- drozer -- Introduction to Application Components -- Defining Components -- Interacting with Components -- Looking Under the Hood -- Installing an Application -- Running an Application -- Understanding the Security Model -- Code Signing -- Discovered Vulnerabilities -- Understanding Permissions -- Inspecting the Android Permission Model -- Protection Levels -- Application Sandbox -- Filesystem Encryption -- Generic Exploit Mitigation Protections -- Rooting Explained -- Rooting Objectives -- Rooting Methods -- Reverse-Engineering Applications -- Retrieving APK Files -- Viewing Manifests -- aapt -- AXMLPrinter2 -- drozer -- Disassembling DEX Bytecode -- Dexdump -- Smali and Baksmali -- IDA -- Decompiling DEX Bytecode -- Dex2jar and JD-GUI -- JEB -- Decompiling Optimized DEX Bytecode -- Reversing Native Code -- Additional Tools -- Apktool -- Jadx -- JAD -- Dealing with ART -- Summary.

Chapter 7 Attacking Android Applications -- Exposing Security Model Quirks -- Interacting with Application Components -- Default Export Behavior -- Explicitly Exported -- Implicitly Exported -- Finding Exported Components -- Supreme User Contexts -- Permission Protection Levels -- Attacking Application Components -- A Closer Look at Intents -- Introducing Sieve: Your First Target Application -- Exploiting Activities -- Unprotected Activities -- Tapjacking -- Recent Application Screenshots -- Fragment Injection -- Trust Boundaries -- Exploiting Insecure Content Providers -- Unprotected Content Providers -- SQL Injection -- File-Backed Content Providers -- Pattern-Matching Flaws -- Attacking Insecure Services -- Unprotected Started Services -- Unprotected Bound Services -- Abusing Broadcast Receivers -- Unprotected Broadcast Receivers -- Intent Sniffing -- Secret Codes -- Accessing Storage and Logging -- File and Folder Permissions -- File Encryption Practices -- SD Card Storage -- Logging -- Misusing Insecure Communications -- Web Traffic Inspection -- Finding HTTP Content -- Finding HTTPS Content -- SSL Validation Flaws -- WebViews -- Other Communication Mechanisms -- Clipboard -- Local Sockets -- TCP/UDP Protocols with Other Hosts -- Exploiting Other Vectors -- Abusing Native Code -- Finding Native Code -- Attaching a Debugger -- Exploiting Misconfigured Package Attributes -- Application Backups -- Debuggable Flag -- Additional Testing Techniques -- Patching Applications -- Manipulating the Runtime -- Tool: Xposed Framework -- Tool: Cydia Substrate -- Use Case: SSL Certificate Pinning -- Use Case: Root Detection -- Use Case: Runtime Monitoring -- Summary -- Chapter 8 Identifying and Exploiting Android Implementation Issues -- Reviewing Pre-Installed Applications -- Finding Powerful Applications -- Finding Remote Attack Vectors.

Browsers and Document Readers -- BROWSABLE Activities -- Custom Update Mechanisms -- Remote Loading of Code -- WebViews -- Listening Services -- Messaging Applications -- Finding Local Vulnerabilities -- Exploiting Devices -- Using Attack Tools -- Ettercap -- Burp Suite -- drozer -- Explanation of Privilege Levels -- Non-System Application without Context -- Non-System Application with Context -- Installed Package -- ADB Shell Access -- System User Access -- Root User Access -- Practical Physical Attacks -- Getting ADB Shell Access -- Bypassing Lock Screens -- Installing a Rogue drozer Agent through ADB -- Practical Remote Attacks -- Remote Exploits -- Man-in-the-Middle Exploits -- Malware -- Infiltrating User Data -- Using Existing drozer Modules -- Record Microphone -- Read and Send SMS Messages -- Read Contacts -- User GPS Location -- Capturing the User's Screen -- Stealing Files from SD Card -- Other Techniques for Privileged Scenarios -- Extracting Wi-Fi Keys -- User Accounts -- Cracking Patterns, PINs, and Passwords -- Reading Extended Clipboards -- Simulating User Interaction -- Extracting Application Data with Physical Access -- Summary -- Chapter 9 Writing Secure Android Applications -- Principle of Least Exposure -- Application Components -- Data Storage -- Interacting with Untrusted Sources -- Requesting Minimal Permissions -- Bundling Files Inside the APK -- Essential Security Mechanisms -- Reviewing Entry Points into Application Components -- Securing Activities -- Securing Content Providers -- Securing Broadcast Receivers -- Storing Files Securely -- Creating Files and Folders Securely -- Using Encryption -- Using Random Numbers, Key Generation, and Key Storage -- Exposing Files Securely to Other Applications -- Creating Secure Communications -- Internet Communications -- Local Communications -- Securing WebViews -- JavaScript.

JavaScriptInterface.