What do you think?
Rate this book
Learning Pentesting for Android Devices
A practical guide to learning penetration testing for Android devices and applicationsAbout This BookExplore the security vulnerabilities in Android applications and exploit themVenture into the world of Android forensics and get control of devices using exploitsHands-on approach covers security vulnerabilities in Android using methods such as Traffic Analysis, SQLite vulnerabilities, and Content Providers LeakageWho This Book Is ForThis book is intended for all those who are looking to get started in Android security or Android application penetration testing. You don't need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android.
What You Will LearnUnderstand the basics of Android Security Architecture and Permission Model BypassingUse and explore Android Debug Bridge (ADB)Study the internals of an Android application from a security viewpointLearn to reverse an Android applicationPerform the Traffic Analysis on Android devicesDive into the concepts of Android forensics and data acquisitionAcquire the knowledge of Application Level vulnerabilities and exploitation such as Webkit-Based Exploitation, Root Exploits, and Use After free vulnerabilitiesWrite a penetration testing report for an Android application auditing projectIn DetailAndroid is the most popular mobile smartphone operating system at present, with over a million applications. Every day hundreds of applications are published to the PlayStore, which users from all over the world download and use. Often, these applications have serious security weaknesses in them, which could lead an attacker to exploit the application and get access to sensitive information. This is where penetration testing comes into play to check for various vulnerabilities.
Learning Pentesting for Android is a practical and hands-on guide to take you from the very basic level of Android Security gradually to pentesting and auditing Android. It is a step-by-step guide, covering a variety of techniques and methodologies that you can learn and use in order to perform real life penetration testing on Android devices and applications.
The book starts with the basics of Android Security and the permission model, which we will bypass using a custom application, written by us. Thereafter we will move to the internals of Android applications from a security point of view, and will reverse and audit them to find the security weaknesses using manual analysis as well as using automated tools.
We will then move to a dynamic analysis of Android applications, where we will learn how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device. We will then learn some different ways of doing Android forensics and use tools such as Lime and Volatility. After that, we will look into SQLite databases, and learn to find and exploit the injection vulnerabilities. Also, we will look into webkit-based vulnerabilities; root exploits, and how to exploit devices to get full access along with a reverse connect shell. Finally, we will learn how to write a penetration testing report for an Android application auditing project.
What You Will LearnUnderstand the basics of Android Security Architecture and Permission Model BypassingUse and explore Android Debug Bridge (ADB)Study the internals of an Android application from a security viewpointLearn to reverse an Android applicationPerform the Traffic Analysis on Android devicesDive into the concepts of Android forensics and data acquisitionAcquire the knowledge of Application Level vulnerabilities and exploitation such as Webkit-Based Exploitation, Root Exploits, and Use After free vulnerabilitiesWrite a penetration testing report for an Android application auditing projectIn DetailAndroid is the most popular mobile smartphone operating system at present, with over a million applications. Every day hundreds of applications are published to the PlayStore, which users from all over the world download and use. Often, these applications have serious security weaknesses in them, which could lead an attacker to exploit the application and get access to sensitive information. This is where penetration testing comes into play to check for various vulnerabilities.
Learning Pentesting for Android is a practical and hands-on guide to take you from the very basic level of Android Security gradually to pentesting and auditing Android. It is a step-by-step guide, covering a variety of techniques and methodologies that you can learn and use in order to perform real life penetration testing on Android devices and applications.
The book starts with the basics of Android Security and the permission model, which we will bypass using a custom application, written by us. Thereafter we will move to the internals of Android applications from a security point of view, and will reverse and audit them to find the security weaknesses using manual analysis as well as using automated tools.
We will then move to a dynamic analysis of Android applications, where we will learn how to capture and analyze network traffic on Android devices and extract sensitive information and files from a packet capture from an Android device. We will then learn some different ways of doing Android forensics and use tools such as Lime and Volatility. After that, we will look into SQLite databases, and learn to find and exploit the injection vulnerabilities. Also, we will look into webkit-based vulnerabilities; root exploits, and how to exploit devices to get full access along with a reverse connect shell. Finally, we will learn how to write a penetration testing report for an Android application auditing project.
230 pages, Kindle Edition
First published January 1, 2014
5 people are currently reading
37 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
December 15, 2018
It doesn't go into great detail or explores in-depth pentesting techniques, but it's good as a prerequisite to other more advanced readings.
It covers the basic needs and it's enjoyable.
It covers the basic needs and it's enjoyable.
June 19, 2014
I really love this book! "Learning Pentesting for Android Devices" is a book for all curious guys that want to understand how things are working inside their Android device. The goal of the book is to explore which vulnerability and issues could be present in an Android application and how to prevent and to reveal them. This is just an interesting argument, but what is really more interesting is the way to reach this goal: becoming for a couple of hours an "hacker" and jump on the dark side of the development! Yes, because decompiling, reverse engineering, exploiting and attacking will be really more clear to you after reading this book!
The book starts with a couple of chapters about Android howtos: what is an Android app, how it is generated and which tools should be used to achieve the goal. After that, Aditya brings you on the reverse path: in chapter 3, starting from an app, he brings you to the source code! There is a very clear description about which tools could be used, how to use them and which limits you could experiencing during this adventure. In chapter 4, the classical network attacks are explored: network traffic analysis, proxy interception, man in the middle and so on.
More or less after an half of the book, Aditya starts with a very not so common description of Android vulnerability and attacks (from the device point of view!). This is really uncommon and very very interesting for understanding how the Android phone you have in pocket is made. A specific chapter is dedicated to SQLite, one of the most common SQL database deployed in several millions of devices and to the WebView, one of the most common Android widget.
In the end, even if this book is for every developer with a basic knowledge about Android programming, I must suggest it to everyone has intention to start and develop an Android app. Your app will be surely more secure in the end and there will be no risk about finding the source code of your app in internet!
The book starts with a couple of chapters about Android howtos: what is an Android app, how it is generated and which tools should be used to achieve the goal. After that, Aditya brings you on the reverse path: in chapter 3, starting from an app, he brings you to the source code! There is a very clear description about which tools could be used, how to use them and which limits you could experiencing during this adventure. In chapter 4, the classical network attacks are explored: network traffic analysis, proxy interception, man in the middle and so on.
More or less after an half of the book, Aditya starts with a very not so common description of Android vulnerability and attacks (from the device point of view!). This is really uncommon and very very interesting for understanding how the Android phone you have in pocket is made. A specific chapter is dedicated to SQLite, one of the most common SQL database deployed in several millions of devices and to the WebView, one of the most common Android widget.
In the end, even if this book is for every developer with a basic knowledge about Android programming, I must suggest it to everyone has intention to start and develop an Android app. Your app will be surely more secure in the end and there will be no risk about finding the source code of your app in internet!
June 16, 2014
The book is a very nice introduction to pentesting for Android Devices. It is very easy to follow the book and you dont need to open your notebook to follow the book. It covers many aspects of security of apps and devices. Some topics covered are reverse engineering, network traffic analysis, auditing android apps, etc..Both novice and experienced Android developers can read the book. In every chapter, one aspect of android app or device security is discussed. Tools used for security and pentesting are introduced and usage of the tools are shown step by step. I learnt many new information and tools from this book. In the last chapter it has even a template for pentesting report. I recommend this book to people who wants to get introduced to android security and pentesting.
June 22, 2014
This is a great book for those who would like to explore and experiment about android application and platform security. Authors have designed the book very well beginning with basics of android security architecture and going deeper into the nuances of the platform security. The tools that are explained here really helps the testers for auditing and perform reverse engineering the android applications and also helps in understanding different kinds of android vulnerabilities and attacks.
June 3, 2014
I like this book because the author introduces briefly with samples and tools the things that you need to know about the security. Contains the most common attacks reverse engineering, network traffic, include malicius javascript, sql injection, file permisson, and includes an example of a vulnerability test of an app.
May 25, 2016
Basic scope, lacks depth. A third of the book is just screenshots of installation process for various tools and the rest could be summarised in a few blog posts.
Displaying 1 - 6 of 6 reviews