Android Security Cookbook -- Table of Contents -- Android Security Cookbook -- Credits -- About the Authors -- About the Reviewers -- www.PacktPub.com -- Support files, eBooks, discount offers and more -- Why Subscribe? -- Free Access for Packt account holders -- Preface -- What this book covers -- What you need for this book -- Who this book is for -- Conventions -- Reader feedback -- Customer support -- Downloading the example code -- Errata -- Piracy -- Questions -- 1. Android Development Tools -- Introduction -- Installing the Android Development Tools (ADT) -- How to do it... -- Installing the Java Development Kit (JDK) -- How to do it... -- There's more… -- Updating the API sources -- How to do it... -- Alternative installation of the ADT -- How to do it... -- Installing the Native Development Kit (NDK) -- How to do it... -- Emulating Android -- How to do it... -- Creating Android Virtual Devices (AVDs) -- How to do it… -- There's more… -- Emulating a memory card or an external storage -- The partition sizes -- See also -- Using the Android Debug Bridge (ADB) to interact with the AVDs -- How to do it... -- There's more… -- See also -- Copying files off/onto an AVD -- How to do it... -- Installing applications onto the AVDs via ADB -- How to do it... -- 2. Engaging with Application Security -- Introduction -- Inspecting application certificates and signatures -- Getting ready -- How to do it… -- How it works… -- There's more... -- See also -- Signing Android applications -- Getting ready -- How to do it... -- How it works... -- See also -- Verifying application signatures -- Getting ready -- How to do it... -- Inspecting the AndroidManifest.xml file -- Getting ready -- How to do it... -- How it works... -- See also -- Interacting with the activity manager via ADB -- Getting ready -- How to do it… -- There's more... -- See also.

Extracting application resources via ADB -- Getting ready -- How to do it… -- There's more... -- 3. Android Security Assessment Tools -- Introduction -- Installing and setting up Santoku -- Getting ready -- How to do it... -- There's more... -- Setting up drozer -- How to do it... -- There's more… -- Running a drozer session -- How to do it... -- Enumerating installed packages -- How to do it... -- How it works... -- There's more... -- See also -- Enumerating activities -- How to do it... -- There's more... -- See also -- Enumerating content providers -- How to do it... -- How it works... -- There's more... -- See also -- Enumerating services -- How to do it... -- How it works… -- See also -- Enumerating broadcast receivers -- How to do it... -- See also -- Determining application attack surfaces -- How to do it... -- How it works… -- See also -- Launching activities -- How to do it... -- How it works... -- There's more… -- See also -- Writing a drozer module - a device enumeration module -- How to do it... -- How it works... -- See also -- Writing an application certificate enumerator -- How to do it... -- 4. Exploiting Applications -- Introduction -- Protecting user data -- Protecting applications from one another (isolation and privilege separation) -- Protecting communication of sensitive information -- Information disclosure via logcat -- Getting ready -- How to do it... -- There's more... -- See also -- Inspecting network traffic -- Getting ready -- How to do it… -- How it works... -- See also -- Passive intent sniffing via the activity manager -- Getting ready -- How to do it... -- How it works... -- See also -- Attacking services -- How to do it... -- See also -- Attacking broadcast receivers -- How to do it... -- How it works… -- See also -- Enumerating vulnerable content providers -- How to do it... -- How it works... -- See also.

Extracting data from vulnerable content providers -- How to do it... -- See also -- Inserting data into content providers -- How to do it... -- Enumerating SQL-injection vulnerable content providers -- How to do it... -- See also -- Exploiting debuggable applications -- How to do it... -- See also -- Man-in-the-middle attacks on applications -- Getting ready -- How to do it... -- See also -- 5. Protecting Applications -- Introduction -- Securing application components -- How to do it... -- How it works… -- See also -- Protecting components with custom permissions -- How to do it… -- Defining a permission group -- How it works... -- See also -- Protecting content provider paths -- How to do it... -- See also -- Defending against the SQL-injection attack -- How to do it... -- See also -- Application signature verification (anti-tamper) -- Getting ready -- How to do it... -- There's more... -- Responding to tamper detection -- See also -- Tamper protection by detecting the installer, emulator, and debug flag -- How to do it... -- How it works... -- There's more... -- See also -- Removing all log messages with ProGuard -- Getting ready -- How to do it... -- How it works... -- There's more... -- ProGuard output -- Limitations -- See also -- Advanced code obfuscation with DexGuard -- Getting ready -- Installing the DexGuard Eclipse plugin -- Enabling DexGuard for the Ant build system -- Enabling DexGuard for the Gradle build system -- How to do it... -- There's more... -- See also -- 6. Reverse Engineering Applications -- Introduction -- Compiling from Java to DEX -- Getting ready -- How to do it... -- How it works... -- Decompiling DEX files -- Understanding the DEX file format -- The DEX file header -- The StringIds section -- The TypeIds section -- The ProtoIds section -- The FieldIds section -- The MethodIds section -- The ClassDefs section.

Getting ready -- How to do it… -- There's more... -- See also -- Interpreting the Dalvik bytecode -- Understanding the Dalvik bytecode -- Getting ready -- How to do it... -- See also -- Decompiling DEX to Java -- Getting ready -- How to do it... -- Decompiling the application's native libraries -- Getting ready -- How to do it... -- See also -- Debugging the Android processes using the GDB server -- Getting ready -- How to do it... -- 7. Secure Networking -- Introduction -- Validating self-signed SSL certificates -- Getting ready -- How to do it... -- There's more... -- Using self-signed SSL certificates in a live environment -- HttpsUrlConnection -- Antipattern - what not to do! -- See also -- Using StrongTrustManager from the OnionKit library -- Getting ready -- How to do it... -- There's more... -- The Orbot and Tor networks -- Pinning and CACert -- See also -- SSL pinning -- How to do it... -- There's more... -- Enhancements -- Limitations -- See also -- 8. Native Exploitation and Analysis -- Introduction -- Inspecting file permissions -- Getting ready -- How to do it... -- There's more... -- See also -- Cross-compiling native executables -- How to do it... -- There's more... -- See also -- Exploitation of race condition vulnerabilities -- Getting ready -- How to do it... -- See also -- Stack memory corruption exploitation -- Getting ready -- How to do it... -- See also -- Automated native Android fuzzing -- Getting ready -- How to do it... -- Setting up Busybox -- Fuzzing dexdump -- How it works... -- See also -- 9. Encryption and Developing Device Administration Policies -- Introduction -- Using cryptography libraries -- How to do it... -- How it works... -- There's more... -- See also -- Generating a symmetric encryption key -- How to do it... -- How it works… -- There's more... -- Using AES-GCM for strong symmetric encryption.

Antipattern - setting the seed -- Android's PRNG bug -- See also -- Securing SharedPreferences data -- Getting ready -- How to do it... -- How it works... -- See also -- Password-based encryption -- Getting ready -- How to do it... -- How it works... -- There's more… -- See also -- Encrypting a database with SQLCipher -- Getting ready -- How to do it... -- How it works… -- There's more... -- IOCipher -- See also -- Android KeyStore provider -- Getting ready -- How to do it... -- How it works... -- There's more... -- See also -- Setting up device administration policies -- Getting ready -- How to do it... -- How it works... -- There's more... -- Disabling device camera -- See also -- Index.