ABHISHEK DUBEY | ANMOL MISRA ANDROID SECURITY ATTACKS AND DEFENSES ANDROID SECURITY ATTACKS AND DEFENSES I ABHISHEK DUBEY ANMOL MISRA eRe P.....i.animprint'"the Taylor& FrancisCroop,anInfonnabusiness AN AUERBACH BOOK CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20130403 International Standard Book Number-13: 978-1-4398-9647-1 (eBook - PDF) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information stor- age or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copy- right.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that pro- vides licenses and registration for a variety of users. For organizations that have been granted a pho- tocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedication To Mom, Dad, Sekhar, and Anupam - Anmol To Maa, Papa , and Anubha - Abhishek v Contents Dedication v Foreword xiii Preface xv About the Authors xvii Acknowledgments xix Chapter 1 Introduction 1 1.1 Why Android 1 1.2 Evolution of Mobile Threats 5 1.3 Android Overview 11 1.4 Android Marketplaces 13 1.5 Summary 15 Chapter 2 Android Architecture 17 2.1 Android Architecture Overview 17 2.1.1 Linux Kernel 18 2.1.2 Libraries 25 2.1.3 Android Runtime 26 2.1.4 Application Framework 26 2.1.5 Applications 27 vii viii Android Security: Attacks and Defenses 2.2 Android Start Up and Zygote 28 2.3 Android SDK and Tools 28 2.3.1 Downloading and Installing the Android SDK 29 2.3.2 Developing with Eclipse and ADT 31 2.3.3 Android Tools 31 2.3.4 DDMS 34 2.3.5 ADB 35 2.3.6 ProGuard 35 2.4 Anatomy of the “Hello World” Application 39 2.4.1 Understanding Hello World 39 2.5 Summary 43 Chapter 3 Android Application Architecture 47 3.1 Application Components 47 3.1.1 Activities 48 3.1.2 Intents 51 3.1.3 Broadcast Receivers 57 3.1.4 Services 58 3.1.5 Content Providers 60 3.2 Activity Lifecycles 61 3.3 Summary 70 Chapter 4 Android (in)Security 71 4.1 Android Security Model 71 4.2 Permission Enforcement—Linux 72 4.3 Android’s Manifest Permissions 75 4.3.1 Requesting Permissions 76 4.3.2 Putting It All Together 79 4.4 Mobile Security Issues 86 4.4.1 Device 86 4.4.2 Patching 86 4.4.3 External Storage 87 4.4.4 Keyboards 87 4.4.5 Data Privacy 87 4.4.6 Application Security 87 4.4.7 Legacy Code 88 Contents ix 4.5 Recent Android Attacks—A Walkthrough 88 4.5.1 Analysis of DroidDream Variant 88 4.5.2 Analysis of Zsone 90 4.5.3 Analysis of Zitmo Trojan 91 4.6 Summary 93 Chapter 5 Pen Testing Android 97 5.1 Penetration Testing Methodology 97 5.1.1 External Penetration Test 98 5.1.2 Internal Penetration Test 98 5.1.3 Penetration Test Methodologies 99 5.1.4 Static Analysis 99 5.1.5 Steps to Pen Test Android OS and Devices 100 5.2 Tools for Penetration Testing Android 100 5.2.1 Nmap 100 5.2.2 BusyBox 101 5.2.3 Wireshark 103 5.2.4 Vulnerabilities in the Android OS 103 5.3 Penetration Testing—Android Applications 106 5.3.1 Android Applications 106 5.3.2 Application Security 113 5.4 Miscellaneous Issues 117 5.5 Summary 118 Chapter 6 Reverse Engineering Android Applications 119 6.1 Introduction 119 6.2 What is Malware? 121 6.3 Identifying Android Malware 122 6.4 Reverse Engineering Methodology for Android Applications 123 6.5 Summary 144 Chapter 7 Modifying the Behavior of Android Applications without Source Code 147 7.1 Introduction 147 7.1.1 To Add Malicious Behavior 148
Description: