Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Android Security Cookbook
Android Security Cookbook

Android Security Cookbook: Practical recipes to delve into Android's security mechanisms by troubleshooting common vulnerabilities in applications and Android OS versions

eBook
R$49.99 R$218.99
Paperback
R$272.99
Subscription
Free Trial
Renews at R$50p/m

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing
Table of content icon View table of contents Preview book icon Preview Book

Android Security Cookbook

Chapter 1. Android Development Tools

In this chapter, we will cover the following recipes:

  • Installing the Android Development Tools (ADT)
  • Installing the Java Development Kit (JDK)
  • Updating the API sources
  • Alternative installation of the ADT
  • Installing the Native Development Kit (NDK)
  • Emulating Android
  • Creating Android Virtual Devices (AVDs)
  • Using the Android Debug Bridge (ADB) to interact with the AVDs
  • Copying files off/onto an AVD
  • Installing applications on the AVDs via ADB

Introduction

A very clever person once said that, "you should keep your friends close but your enemies closer". Being a security professional means keeping an eye on what developers are doing, have done, and are likely to do. This is because the decisions they make greatly affect the security landscape; after all, if no one wrote bad software, no one would exploit it!

Given that this book is aimed at anyone interested in analyzing, hacking, or developing the Android platform, the know thy enemy concept applies to you too! Android developers need to stay somewhat up to date with what Android hackers are up to if they hope to catch security vulnerabilities before they negatively affect the users. Conversely, Android hackers need to stay up to date with what Android developers are doing.

The upcoming chapters will walk you through getting the latest and greatest development and hacking tools and will get you to interact directly with the Android security architecture, both by breaking applications and securing them.

This chapter focuses on getting the Android Development Tools (ADT) up and running and discusses how to troubleshoot an installation and keep them up to date. If you feel you are already well-acquainted with the Android development environment and tool chains, feel free to skip this chapter.

Without further ado, let's talk about grabbing and installing the latest Android Development Tools.

Installing the Android Development Tools (ADT)

Given that there are many versions of the Android framework already deployed on mobile platforms and a variety of handsets that support it, Android developers need tools that give them access to many device- and operating system-specific Application Programming Interfaces (APIs) available on the Android platform.

We're talking about not just the Android APIs but also handset-specific APIs. Each handset manufacturer likes to invest in the developer mindshare in their own way by providing exclusive APIs and services to their developers, for example, the HTC OpenSense APIs. The ADT consolidates access to these APIs; provides all the necessary tools to debug, develop, and deploy your Android apps; and makes it easy for you to download them and keep them up to date.

How to do it...

The following steps will walk you through the process of downloading the ADT and getting them up and running:

  1. You'll need to head over to https://developer.android.com and navigate to the ADT Download page or just visit https://developer.android.com/sdk/index.html#download. You should see a page like the one in the following screenshot:
    How to do it...
  2. Once you're there, click on Download the SDK and the following screen should appear:
    How to do it...
  3. Of course, you will need to accept the license agreement before downloading and select the appropriate CPU type, or register size if you're not sure how to check your CPU type.

    On Windows, you need to complete the following steps:

    1. Click on Start.
    2. Right-click on My Computer.
    3. Select Properties.
    4. A window with your computer's system-specific information should pop up. The information you are looking for should be under the System section, labeled System type.
    How to do it...

    To check your system type on Ubuntu, Debian, or Unix-based distributions, perform the following steps:

    1. Open a terminal either by pressing Ctrl + Alt + T or simply launching it using the graphical interface.
    2. Execute the following command:
       	uname -a
      
    3. Alternatively, you could use lscpu that should show you something like the following screenshot:
    How to do it...
  4. When you're happy with the license agreement and you've selected the correct system type, click on Download in the ADT Download page. Once the ZIP file has been downloaded, it should look like the following screenshot on Windows:
    How to do it...

The archive will have the same structure on the Linux- or Unix-based distributions.

Installing the Java Development Kit (JDK)

Android uses a customized version of the Java runtime to support its applications. This means, before we can get going with Eclipse and developing Android applications, we actually need to install the Java runtime and development tools. These are available in the Java Development Kit (JDK).

How to do it...

Installing the JDK on Windows works as follows:

  1. Grab a copy of the JDK from Oracle's Downloads page, http://www.oracle.com/technetwork/java/javase/downloads/index.html. Click on DOWNLOAD. The following screenshot shows the Downloads page:
    How to do it...
  2. Make sure to select the appropriate version for your system type; see the previous walkthrough to find out how to check your system type. The following screenshot highlights the Windows system types supported by the Oracle Java JDK:
    How to do it...
  3. After downloading the JDK, run the jdk-[version]-[platform version].exe file. For instance, you could have an EXE file named something like jdk-7u21-windows-i586.exe. All you need to do now is follow the prompts until the installation of all the setups is completed. The following screenshot is what the install wizard should look like once it's launched:
    How to do it...

Once the install wizard has done its job, you should see a fresh install of your JDK and JRE under C:\Program Files\Java\jdk[version] and should now be able to launch Eclipse.

There's more…

Installing the Java Runtime and Development tools on Ubuntu Linux is somewhat simpler. Seeing that Ubuntu has a sophisticated package and repository manager, all you need to do is make use of it by firing off a few simple commands from the terminal window. You need to execute the following steps:

  1. Open a terminal, either by searching for the terminal application via your Unity, KDE, or Gnome desktop or by pressing Ctrl + Alt + T.
  2. You may need to update your package list before installation, unless you've already done that a couple of minutes ago. You can do this by executing either of the following commands:
    sudo aptitude update //If you have aptitude installed 
    

    Or:

    sudo apt-get update
    

    You should see your terminal print out all the downloads it's performing from your repositories as shown in the following screenshot:

    There's more…
  3. Once that's done, execute the following command:
    sudo apt-get install openjdk-[version]-jdk apt-get 
    

    You will need to enter your password if you have been added to your sudoers file correctly. Alternatively, you could borrow root privileges to do this by executing the following command, assuming that you have the root user's password:

    su root
    

    This is displayed in the following screenshot:

    There's more…

Once your JDK is installed properly, you should be able to launch Eclipse and get going with your Android development. When you launch Eclipse, you should see the following screenshot:

There's more…

After successful installation, the toolbar in your Eclipse installation should look something like the one in the following screenshot:

There's more…

Updating the API sources

The SDK manager and related tools come bundled with the ADT package; they provide access to the latest and most stable APIs, Android emulator images, and various debugging and application testing tools. The following walkthrough shows you how to update your APIs and other Android development-related resources.

How to do it...

Updating the APIs for your ADT works as follows:

  1. Navigate to the SDK manager. If you're doing this all from Windows, you should find it in the root of the ADT-bundle folder called SDK Manager.exe. Ubuntu users will find it at [path to ADT-bundle]/sdk/tools/android.
  2. All you need to do is launch the SDK manager. It should start up and begin retrieving a fresh list of the available API and documentation packages.
    How to do it...
  3. You will need to make sure that you select the Tools package; of course, you could also select any other additional packages. A good idea would be to download the last two versions. Android is very backward compatible so you don't really need to worry too much about the older APIs and documentation, unless you're using it to support really old Android devices.
  4. You will need to indicate that you accept the license agreement. You can either do this for every single object being installed or you can click on Accept All.
  5. Once you've accepted the licenses, you can collect your documentation and APIs by clicking on Install as shown in the following screenshot:
    How to do it...

Alternative installation of the ADT

If the preceding methods for installing Eclipse and the ADT plugin don't work for some reason, you could always take the old school route and download your own copy of Eclipse and install the ADT plugin manually via Eclipse.

How to do it...

Downloading and plugging in the ADT works as follows:

  1. Download Eclipse—Helios or a later version—from http://www.eclipse.org/downloads/. Please make sure to select the appropriate version for your operating system. You should see a page that looks like the following screenshot:
    How to do it...
  2. Download the ADT bundle for your platform version from the Android website, http://developer.android.com/sdk/installing/installing-adt.html. The following screenshot displays a part of the page on this website:
    How to do it...
  3. Make sure you have the Java JDK installed.
  4. If your JDK installation is good to go, run the Eclipse installer you downloaded in step 1.
  5. Once Eclipse is installed and ready to go, plugin your ADT.
  6. Open Eclipse and click on the Help button in the menu bar.
    How to do it...
  7. Click on Install New Software....
  8. The Available Software dialog box will pop up. You need to click on Add….
    How to do it...
  9. The Add Repository dialog box will show up. You need to click on the Archive... button.
  10. A file browser should pop up. At this point, you will need to navigate to the ADT ZIP file that you downloaded in the previous steps.
    How to do it...
  11. After finding the ADT file, click on Open.
  12. Then click on OK.
  13. You will be shown the available packages in the .zip archive. Click on Select All and then on Next.
    How to do it...
  14. You will now need to accept the license agreement; of course, you reserve the right not to. It's always a good idea to give it a read. If you're happy, select the I accept the terms of the license agreements option and then click on Finish.
    How to do it...
  15. The software installation will now begin. You may get a warning stating that the content is unsigned and the authenticity cannot be verified. Click on OK.
    How to do it...
  16. Restart Eclipse.

The Android SDK, the device emulator, and the supporting Eclipse functionality should be ready to go now. See your Eclipse toolbar. It should have some new icons.

Installing the Native Development Kit (NDK)

If you want to do any low-level exploitation or development on your Android device, you will need to make sure that you can write applications at a lower level on the Android platform. Low level means development in languages like C/C++ using compilers that are built to suit the embedded platform and its various nuances.

What's the difference between Java and the native/low-level programming languages? Well, this topic alone could fill an entire book. But to state just the bare surface-level differences, Java code is compiled and statically—meaning the source code is analyzed—checked before being run in a virtual machine. For Android Java, this virtual machine is called the Dalvik—more on this later. The natively developed components of Android run verbatim—as their source code specifies—on the embedded Linux-like operating system that comes shipped with the Android devices. There is no extra layer of interpretation and checking—besides the odd compiler extensions and optimizations—that goes into getting the native code to run.

The tool chains and documentation provided by the Android team to make native development a painless experience for the Android developers is called the Native Development Kit (NDK). The NDK contains all the tools that the Android developers need to compile their C/C++ code for the Android devices and accommodates ARM-, MIPS-, and x86-embedded platforms. It includes some tools that help the native developers analyze and debug the native applications. This walkthrough discusses how to get the NDK up and running on your machine.

Before we get going, you will need to consult the system requirements list on http://developer.android.com/tools/sdk/ndk/index.html#Reqs to make sure that you're machine is good to go.

How to do it...

Getting the NDK on your machine is as simple as downloading it and making sure that it actually runs. We can use the following steps:

  1. Downloading the NDK is pretty straightforward. Go to http://developer.android.com/tools/sdk/ndk/index.html to grab the latest copy and make sure to select the appropriate version for your system type.
    How to do it...
  2. Unzip the NDK to a convenient location.

Emulating Android

The Android SDK comes with a pretty neat tool called the emulator, which allows you to emulate the Android devices. The emulator is shipped with some of the most popular handsets and lets you create an emulated handset of your own. Using this tool, you can flash new kernels, mess around with the platform and, of course, debug apps and test your Android malware and application exploits. Throughout the book we will use this tool quite a bit, so, it's important that you get to know the Android emulator.

The emulator is pretty straightforward to use. When you want to launch a device, all you need to do is open the Android Virtual Device (AVD) tool either from your SDK folder or straight from Eclipse. Then, you can either set up a new device with its own memory card, CPU, and screen size as well as other custom features or you can select one of the preconfigured devices from a list. In this section, I'm going to cover exactly these things.

Just a quick disclaimer: the following screenshots were taken on a Windows 7 machine, but the AVD manager and device emulator work exactly the same on both Windows and Linux platforms, so Linux users will also be able to follow the walkthrough.

How to do it...

To emulate a device from Eclipse, use the following steps:

  1. Click on the AVD manager icon on your toolbar.
    How to do it...
  2. The AVD will pop up. You can either select a preconfigured featured device or you can set up a device according to your own criteria. For this recipe, let's stick to configuring our own devices.
  3. Click on New….
    How to do it...
  4. The Create new Android Virtual Device (AVD) dialog box should pop up. You will need to fill in some metrics for the new virtual devices and give it a name. You can enter whatever you feel here as this recipe is just to get you to emulate your first device.
  5. Once you're done, click on OK. The new device should show up in the AVD dialog box.
  6. Click on the device you just created and click on Start….
    How to do it...

At this point, the AVD will prompt you for the screen-size options; the default values aren't too bad. Click on Launch when you're done, and in a few seconds your new AVD will start up.

How to do it...

Creating Android Virtual Devices (AVDs)

Some of you may prefer working with your AVDs from the command-line interface for some reason or other. Maybe you have some awesome scripts that you'd like to write to set up some awesome AVDs. This recipe details how to create AVDs and launches them straight from the command line.

How to do it…

Before you can create your own AVDs, you will need to specify some attributes for it; the most important one being the system image that will be used. To do so, execute the following steps:

  1. You can find a list of the system images available to you by using the following command:
    [path-to-sdk-install]/tools/android list targets
    

    Or use the following command from the Windows terminal:

    C:\[path-to-sdk-install]\tools\android list targets
    

    As an example, enter the following into the command prompt:

    C:\Users\kmakan\Documents\adt-bundle-windows-x86-20130219\sdk\tools\android list targets
    

    This command will list the system images available on your system. If you'd like more, you'll need to install them via the SDK manager. The pieces of information that you're looking for in this list are the target IDs because you'll need them to identify the system image, which you will need to specify in the next step.

  2. Create the AVD using the following command:
    [path-to-sdk-install]/tools/android create avd –n [name of your new AVD] –t [system image target id]
    

    You will need to decide on a name for the AVD you've just created, which you will specify using the –n switch. The system image ID you selected from the previous step must be specified using the –t switch. If everything goes well, you should have just created a brand new virtual machine.

  3. You can launch your brand new AVD using the following command:
    [path-to-sdk-install]/tools/emulator –avd [avd name]
    

    Here, [avd name] is the AVD name you decided on in the previous step. If all goes well, your new AVD should start right up.

There's more…

You probably want to know a little more about the commands. Regarding the emulator, it's capable of emulating a device with different configurations.

Emulating a memory card or an external storage

You can specify that your virtual device also emulates some external storage using the –c options when you create it, as shown in the following command:

android create –avd –n [avd name] –t [image id] –c [size][K|M]

For example, see the following command:

android create –avd –n virtdroid –t 1 –c 128

You will obviously need to supply the size of your new emulated memory card. You also need to specify the unit by specifying either K for kilobytes or M for megabytes.

The partition sizes

Another very useful thing that you may want to do is specify how much space you'd like to grant the internal storage partitions. You can do this by using the -partition-size switch, which you specify when you invoke the emulator as shown in the following command:

emulator –avd [name] –partition-size [size in MBs]

You will also need to supply a size for the partitions. By default, the unit of measurement is megabytes (MBs).

See also

There are many other options that you can make use of when it comes to the emulator. If you're interested in learning more, check out the documents provided in the following links:

Using the Android Debug Bridge (ADB) to interact with the AVDs

Interacting with the emulated Android device is one of the most important skills for both a developer and an Android security engineer/auditor. The Android Debug Bridge (ADB) provides the functionality needed to interact with the native-level components of an Android device. It allows the developers and security engineers to read the contents of the filesystem and interact with the package manager, application manager, kernel driver interfaces, and initialization scripts to mention a few.

How to do it...

Interacting with a virtual device using the ADB works as follows:

  1. You'll need to start an AVD first or, if you like, simply plug in your own Android device via a USB to whatever machine you'd like to use—given that this machine has the SDK installed. You can start the AVD using the following command:
    emulator –avd [name]
    
  2. We can list all the connected Android Devices by using the following command for a Windows machine:
    C;\\[path-to-sdk-install]\platform-tools\adb devices
    

    Or, if you're using a Linux machine, use the following command:

    [path-to-sdk-install]/platform-tools/adb devices
    

    This command should give you a list of the connected devices, which is basically all the devices that you will be able to connect to using ADB. You need to pay attention to the device names in the list. You will need to identify the devices when you launch a connection to them using ADB.

  3. You can launch a shell connection to your Android device using the following command:
    /sdk/platform-tools/abd shell –s [specific device]
    

    Or, if you happen to know that the Android device you want to connect to is the only emulated device, you can use the following command:

    /sdk/platform-tools/adb shell –e
    

    Or, if the device is the only USB-connected device, you can use the following command:

    /sdk/platform-tools/adb shell –d
    

    The switches –d, -e, and -p apply to the other ADB commands and not just the shell. If this works well, you should see a prompt string—the string displayed to identify the command shell being used—similar to the following command:

    root@android$
    

You should now have a full-fledged shell with some of the traditional Unix/Linux commands and utilities at your finger tips. Try searching around on the filesystem and getting to know where everything is kept.

There's more…

Now that you have a connected device, you'll need to know a little bit about navigating the Android filesystem and making use of the commands. Here's a small list to get you started:

  • ls {path}: This will list the contents of the directory at the path
  • cat {file}: This will print the contents of a text file on the screen
  • cd {path}: This will change the working directory to the one pointed to by the path
  • cd ../: This changes the working directory to the one that's exactly one level higher
  • pwd: This prints the current working directory
  • id: This checks your user ID

Copying files off/onto an AVD

In your upcoming adventures with the Android platform, you may want to at some point copy things off your Android devices, whether they are emulators or not. Copying files is pretty simple. All you need is the following:

  • A connected device you'd like to have
  • A file you'd like to copy off/on
  • A place you'd like to put this file in

How to do it...

To access files on your Android device using the ADB, you need to do the following:

  1. It's actually pretty simple to do this. You'll need to fire off the following command from your command-line interface:
    adb {options} pull [path to copy from] [local path to copy to]
    
  2. To copy files onto an AVD, you can use the following command:
    adb {options} push [local path to copy from] [path to copy to on avd]
    

Installing applications onto the AVDs via ADB

There may be times when you need to install Application Packages (APKs) on your local filesystem to an emulator or device that you own. Often Android-based security tools aren't available on the Play Store—because they would expose unruly users to too much risk or be abused by malware—and need to be installed manually. Also, you will probably be developing applications and Android native binaries to demonstrate and verify exploits.

How to do it...

Installing an APK using ADB can be done in the following ways:

  1. You will need to actually know where the APK is on your local machine, and when you find it, you can substitute it with path as shown in the following command:
    adb {options} install [path to apk]
    
  2. You can also use the device-specific commands to narrow down the device you want to install it onto. You can use the following command:
    adb {-e | -d | -p } install [path to apk]
    
Left arrow icon Right arrow icon

Key benefits

  • Analyze the security of Android applications and devices, and exploit common vulnerabilities in applications and Android operating systems
  • Develop custom vulnerability assessment tools using the Drozer Android Security Assessment Framework
  • Reverse-engineer Android applications for security vulnerabilities
  • Protect your Android application with up to date hardening techniques

Description

Android Security Cookbook discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems. The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs. The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework. Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices. In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking. In summary, Android Security Cookbook provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.

Who is this book for?

"Android Security Cookbook" is aimed at anyone who is curious about Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.

What you will learn

  • Set up the Android development tools and frameworks
  • Engage in Application security concepts
  • Use the Drozer Android Security Assessment Framework
  • Customize and develop your own plugins for the Drozer Framework
  • Exploit, enumerate, and analyze common application level exploits
  • Protect applications from common vulnerabilities and exploits
  • Reverse-engineer applications for common code level vulnerabilities
  • Secure application networking, SSL/TLS
  • Encryption to protect application data

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Dec 24, 2013
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781782167167
Vendor :
Google
Category :
Languages :

What do you get with a Packt Subscription?

Free for first 7 days. $19.99 p/m after that. Cancel any time!
Product feature icon Unlimited ad-free access to the largest independent learning library in tech. Access this title and thousands more!
Product feature icon 50+ new titles added per month, including many first-to-market concepts and exclusive early access to books as they are being written.
Product feature icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Product feature icon Thousands of reference materials covering every tech concept you need to stay up to date.
Subscribe now
View plans & pricing

Product Details

Publication date : Dec 24, 2013
Length: 350 pages
Edition : 1st
Language : English
ISBN-13 : 9781782167167
Vendor :
Google
Category :
Languages :

Packt Subscriptions

See our plans and pricing
Modal Close icon
R$50 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
R$500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts
R$800 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just R$25 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total R$ 791.97
Asynchronous Android
R$245.99
Android Security Cookbook
R$272.99
Android Application Security Essentials
R$272.99
Total R$ 791.97 Stars icon
Banner background image

Table of Contents

10 Chapters
1. Android Development Tools Chevron down icon Chevron up icon
2. Engaging with Application Security Chevron down icon Chevron up icon
3. Android Security Assessment Tools Chevron down icon Chevron up icon
4. Exploiting Applications Chevron down icon Chevron up icon
5. Protecting Applications Chevron down icon Chevron up icon
6. Reverse Engineering Applications Chevron down icon Chevron up icon
7. Secure Networking Chevron down icon Chevron up icon
8. Native Exploitation and Analysis Chevron down icon Chevron up icon
9. Encryption and Developing Device Administration Policies Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.8
(6 Ratings)
5 star 83.3%
4 star 16.7%
3 star 0%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




Philip Arad Mar 27, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Android has quickly become one of the most popular mobile operating system with more than 46% share, not only to users but also developers and companies.Companies that are looking to be fully adapted to the mobile world, develop their own applications on the Android platform.These applications have seen massive growth in capability and complexity and became quite popular to malicious adversaries.Android users and developers express a need to be constantly aware of their mobile security risks and, because of this need, mobile security and risk assessment specialists and security engineers are in high demand.To address this problem efficiently, I recommend reading the book 'Android Security Cookbook' from 'Packt Publishing' (see[.......] )'Android Security Cookbook' discusses many common vulnerabilities and security related shortcomings in Android applications and operating systems.The book breaks down and enumerates the processes used to exploit and remediate these vulnerabilities in the form of detailed recipes and walkthroughs.The book also teaches readers to use an Android Security Assessment Framework called Drozer and how to develop plugins to customize the framework.Other topics covered include how to reverse-engineer Android applications to find common vulnerabilities, and how to find common memory corruption vulnerabilities on ARM devices.In terms of application protection this book will show various hardening techniques to protect application components, the data stored, secure networking.In summary, 'Android Security Cookbook' provides a practical analysis into many areas of Android application and operating system security and gives the reader the required skills to analyze the security of their Android devices.'Android Security Cookbook' is aimed at anyone who is interested in Android app security and wants to be able to take the necessary practical measures to protect themselves; this means that Android application developers, security researchers and analysts, penetration testers, and generally any CIO, CTO, or IT managers facing the impeding onslaught of mobile devices in the business environment will benefit from reading this book.
Amazon Verified review Amazon
Eli Apr 22, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book was a great Introduction to almost every aspect of Android Security. It covered all bases and didn't leave out any major topics (SQL Injection, ensuring Permissions are set correctly, and decompiling just to name a few). I would say that the prerequisites for reading this book are the basics of android and some Java programming. The author clearly explains every concept, describes how to accomplish the goal, and then explains why we accomplish the goal in the way that we did. I would recommend this book for anyone that is new to Android Security.
Amazon Verified review Amazon
Aditya Gupta Apr 09, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Being a Android Security Researcher myself, I was expecting a lot from this book. And to my surprise, this book has all the elements needed in an Android Security book, which is required for learning in depths of Android Security.I personally liked the Native Exploitation chapter the most, as it goes much beyond the normal application level, and gives you a clear picture of how exactly exploits work.If you are planning to get into Android Application Auditing, this is one of the must have books for you. Nothing less than what I was expected. Surely deserves a 5/5 rating.
Amazon Verified review Amazon
Venkata subramanian c. CVS. Jun 18, 2015
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Introduction itselfe is appealing, will submit my full review after completestudy.CVS.
Amazon Verified review Amazon
Benjamin Watson Mar 26, 2014
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book has been a great resource for me when needing to quickly up my IQ in assessing Android mobile applications. The authors have done a great job a laying out many resources and techniques. I would recommend this book to anyone who wants a solid introduction into Android Security concepts.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is included in a Packt subscription? Chevron down icon Chevron up icon

A subscription provides you with full access to view all Packt and licnesed content online, this includes exclusive access to Early Access titles. Depending on the tier chosen you can also earn credits and discounts to use for owning content

How can I cancel my subscription? Chevron down icon Chevron up icon

To cancel your subscription with us simply go to the account page - found in the top right of the page or at https://subscription.packtpub.com/my-account/subscription - From here you will see the ‘cancel subscription’ button in the grey box with your subscription information in.

What are credits? Chevron down icon Chevron up icon

Credits can be earned from reading 40 section of any title within the payment cycle - a month starting from the day of subscription payment. You also earn a Credit every month if you subscribe to our annual or 18 month plans. Credits can be used to buy books DRM free, the same way that you would pay for a book. Your credits can be found in the subscription homepage - subscription.packtpub.com - clicking on ‘the my’ library dropdown and selecting ‘credits’.

What happens if an Early Access Course is cancelled? Chevron down icon Chevron up icon

Projects are rarely cancelled, but sometimes it's unavoidable. If an Early Access course is cancelled or excessively delayed, you can exchange your purchase for another course. For further details, please contact us here.

Where can I send feedback about an Early Access title? Chevron down icon Chevron up icon

If you have any feedback about the product you're reading, or Early Access in general, then please fill out a contact form here and we'll make sure the feedback gets to the right team. 

Can I download the code files for Early Access titles? Chevron down icon Chevron up icon

We try to ensure that all books in Early Access have code available to use, download, and fork on GitHub. This helps us be more agile in the development of the book, and helps keep the often changing code base of new versions and new technologies as up to date as possible. Unfortunately, however, there will be rare cases when it is not possible for us to have downloadable code samples available until publication.

When we publish the book, the code files will also be available to download from the Packt website.

How accurate is the publication date? Chevron down icon Chevron up icon

The publication date is as accurate as we can be at any point in the project. Unfortunately, delays can happen. Often those delays are out of our control, such as changes to the technology code base or delays in the tech release. We do our best to give you an accurate estimate of the publication date at any given time, and as more chapters are delivered, the more accurate the delivery date will become.

How will I know when new chapters are ready? Chevron down icon Chevron up icon

We'll let you know every time there has been an update to a course that you've bought in Early Access. You'll get an email to let you know there has been a new chapter, or a change to a previous chapter. The new chapters are automatically added to your account, so you can also check back there any time you're ready and download or read them online.

I am a Packt subscriber, do I get Early Access? Chevron down icon Chevron up icon

Yes, all Early Access content is fully available through your subscription. You will need to have a paid for or active trial subscription in order to access all titles.

How is Early Access delivered? Chevron down icon Chevron up icon

Early Access is currently only available as a PDF or through our online reader. As we make changes or add new chapters, the files in your Packt account will be updated so you can download them again or view them online immediately.

How do I buy Early Access content? Chevron down icon Chevron up icon

Early Access is a way of us getting our content to you quicker, but the method of buying the Early Access course is still the same. Just find the course you want to buy, go through the check-out steps, and you’ll get a confirmation email from us with information and a link to the relevant Early Access courses.

What is Early Access? Chevron down icon Chevron up icon

Keeping up to date with the latest technology is difficult; new versions, new frameworks, new techniques. This feature gives you a head-start to our content, as it's being created. With Early Access you'll receive each chapter as it's written, and get regular updates throughout the product's development, as well as the final course as soon as it's ready.We created Early Access as a means of giving you the information you need, as soon as it's available. As we go through the process of developing a course, 99% of it can be ready but we can't publish until that last 1% falls in to place. Early Access helps to unlock the potential of our content early, to help you start your learning when you need it most. You not only get access to every chapter as it's delivered, edited, and updated, but you'll also get the finalized, DRM-free product to download in any format you want when it's published. As a member of Packt, you'll also be eligible for our exclusive offers, including a free course every day, and discounts on new and popular titles.