ebook img

Android Security: Attacks and Defenses PDF

280 Pages·2013·8.87 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Android Security: Attacks and Defenses

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY | ANMOL MISRA CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2013 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group, an Informa business No claim to original U.S. Government works Version Date: 20130403 International Standard Book Number-13: 978-1-4822-0986-0 (eBook - ePub) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at http://www.crcpress.com Dedication To Mom, Dad, Sekhar, and Anupam - Anmol To Maa, Papa, and Anubha - Abhishek Contents Dedication Foreword Preface About the Authors Acknowledgments Chapter 1 Introduction 1.1 Why Android 1.2 Evolution of Mobile Threats 1.3 Android Overview 1.4 Android Marketplaces 1.5 Summary Chapter 2 Android Architecture 2.1 Android Architecture Overview 2.1.1 Linux Kernel 2.1.2 Libraries 2.1.3 Android Runtime 2.1.4 Application Framework 2.1.5 Applications 2.2 Android Start Up and Zygote 2.3 Android SDK and Tools 2.3.1 Downloading and Installing the Android SDK 29 2.3.2 Developing with Eclipse and ADT 2.3.3 Android Tools 2.3.4 DDMS 2.3.5 ADB 2.3.6 ProGuard 2.4 Anatomy of the “Hello World” Application 2.4.1 Understanding Hello World 2.5 Summary Chapter 3 Android Application Architecture 3.1 Application Components 3.1.1 Activities 3.1.2 Intents 3.1.3 Broadcast Receivers 3.1.4 Services 3.1.5 Content Providers 3.2 Activity Lifecycles 3.3 Summary Chapter 4 Android (in)Security 4.1 Android Security Model 4.2 Permission Enforcement—Linux 4.3 Android’s Manifest Permissions 4.3.1 Requesting Permissions 4.3.2 Putting It All Together 4.4 Mobile Security Issues 4.4.1 Device 4.4.2 Patching 4.4.3 External Storage 4.4.4 Keyboards 4.4.5 Data Privacy 4.4.6 Application Security 4.4.7 Legacy Code 4.5 Recent Android Attacks—A Walkthrough 4.5.1 Analysis of DroidDream Variant 4.5.2 Analysis of Zsone 4.5.3 Analysis of Zitmo Trojan 4.6 Summary Chapter 5 Pen Testing Android 5.1 Penetration Testing Methodology 5.1.1 External Penetration Test 5.1.2 Internal Penetration Test 5.1.3 Penetration Test Methodologies 5.1.4 Static Analysis 5.1.5 Steps to Pen Test Android OS and Devices 100 5.2 Tools for Penetration Testing Android 5.2.1 Nmap 5.2.2 BusyBox 5.2.3 Wireshark 5.2.4 Vulnerabilities in the Android OS 5.3 Penetration Testing—Android Applications 5.3.1 Android Applications 5.3.2 Application Security 5.4 Miscellaneous Issues 5.5 Summary Chapter 6 Reverse Engineering Android Applications 6.1 Introduction 6.2 What is Malware? 6.3 Identifying Android Malware 6.4 Reverse Engineering Methodology for Android Applications 6.5 Summary Chapter 7 Modifying the Behavior of Android Applications without Source Code 7.1 Introduction 7.1.1 To Add Malicious Behavior 7.1.2 To Eliminate Malicious Behavior 7.1.3 To Bypass Intended Functionality 7.2 DEX File Format 7.3 Case Study: Modifying the Behavior of an Application 7.4 Real World Example 1—Google Wallet Vulnerability 161 7.5 Real World Example 2—Skype Vulnerability (CVE-2011-1717) 7.6 Defensive Strategies 7.6.1 Perform Code Obfuscation 7.6.2 Perform Server Side Processing 7.6.3 Perform Iterative Hashing and Use Salt 7.6.4 Choose the Right Location for Sensitive Information 7.6.5 Cryptography 7.6.6 Conclusion 7.7 Summary Chapter 8 Hacking Android 8.1 Introduction 8.2 Android File System 8.2.1 Mount Points 8.2.2 File Systems 8.2.3 Directory Structure 8.3 Android Application Data 8.3.1 Storage Options 8.3.2 datadata 8.4 Rooting Android Devices 8.5 Imaging Android 8.6 Accessing Application Databases 8.7 Extracting Data from Android Devices 8.8 Summary Chapter 9 Securing Android for the Enterprise Environment 9.1 Android in Enterprise 9.1.1 Security Concerns for Android in Enterprise 9.1.2 End-User Awareness 9.1.3 Compliance/Audit Considerations 9.1.4 Recommended Security Practices for Mobile Devices 9.2 Hardening Android 9.2.1 Deploying Android Securely 9.2.2 Device Administration 9.3 Summary Chapter 10 Browser Security and Future Threat Landscape 10.1 Mobile HTML Security 10.1.1 Cross-Site Scripting 10.1.2 SQL Injection 10.1.3 Cross-Site Request Forgery 10.1.4 Phishing 10.2 Mobile Browser Security 10.3 10.2.1 Browser Vulnerabilities 10.4 The Future Landscape 10.3.1 The Phone as a Spying/Tracking Device 10.3.2 Controlling Corporate Networks and Other Devices through Mobile Devices 10.3.3 Mobile Wallets and NFC 10.4 Summary Appendix A Appendix B B.1 Views B.2 Code Views B.3 Keyboard Shortcuts B.4 Options Appendix C

Description:
Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.