search
BuyMeACoffee
githubEdit

Introduction

hashtag
Courses

hashtag
Free

LogoAndroid Hacking 101TryHackMechevron-right
LogoGitHub - ashishb/android-security-awesome: A collection of android security related resourcesGitHubchevron-right
https://workbook.securityboat.in/resources/android-app-pentestworkbook.securityboat.inchevron-right
LogoMobileHackingCheatSheet/pdf/Mobile_Hacking_Android_cheatsheet_v1.0.pdf at master · randorisec/MobileHackingCheatSheetGitHubchevron-right
https://mobile-security.gitbook.io/mobile-security-testing-guide/mobile-security.gitbook.iochevron-right

hashtag
Non-Free

LogoAndroid Hacking And Penetration TestingUdemychevron-right

hashtag
Labs

hashtag
Complete

LogoGitHub - t0thkr1s/allsafe-android: Intentionally vulnerable Android application.GitHubchevron-right
LogoGitHub - hafiz-ng/Beetlebug: Beetlebug is an open source insecure Android application with CTF challenges built for Android Penetration Testers and Bug Bounty hunters.GitHubchevron-right

hashtag
Precise

LogoGitHub - t4kemyh4nd/vulnwebview: Intentionally vulnerable webview implementions in AndroidGitHubchevron-right

hashtag
Easy

LogoGitHub - dineshshetty/Android-InsecureBankv2: Vulnerable Android application for developers and security enthusiasts to learn about Android insecuritiesGitHubchevron-right
LogoGitHub - payatu/diva-android: DIVA Android - Damn Insecure and vulnerable App for AndroidGitHubchevron-right
LogoGitHub - B3nac/InjuredAndroid: A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.GitHubchevron-right
LogoGitHub - rewanthtammana/Damn-Vulnerable-Bank: Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.GitHubchevron-right
LogoGitHub - logicalhacking/DVHMA: Damn Vulnerable Hybrid Mobile App (DVHMA) is an hybrid mobile app (for Android) that intentionally contains vulnerabilities.GitHubchevron-right
LogoGitHub - hax0rgb/InsecureShop: An Intentionally designed Vulnerable Android Application built in Kotlin.GitHubchevron-right
LogoGitHub - dan7800/VulnerableAndroidAppOracleGitHubchevron-right

hashtag
To Know

hashtag
About Android Security Model

Two distinct layers to Android Security model.

1. Implemented in the OS, and isolates installed app from one another

  • Each app has a specific UID, dynamically assigned.

  • An app can only access its UID files and no other (except if shared by another app or OS)

  • Each App runs as a separate process under a sperate UID

  • Prior to Android 4.3 = the only thing that was isolating apps = if root compromised entire system was compromised

  • Starting from Android 4.3 = SELinux

  • SELinux denies all process interaction + create policies to allow only expected applications

2. Security of an App itself (made by the developers)

  • The dev can selectively expose certain app functions to other apps

  • Configures App capabilities

  • All apps are in the /data/data folder (except if modified in manifest by dev)

  • The permissions declared in the manifest will be translated in permissions in the file system.

hashtag
About Apps

hashtag
Structure

An Android App comprises two main elements:

  1. The program's core functionality, written in Java code or Kotlin (official language today)

  2. The XML files that specify various configurations, including string values and the app's identity.

hashtag
Types

Native: They are those developed applications only and exclusively for mobile operating systems, either Android or IOS. In Android you use the Java or Kotlin programming language, while in IOS you make use of Swift or Objective-C. These programming languages are the official ones for the respective operating systems.

Hybrid: These applications use technologies such as HTML, CSS and JavaScript, all of these linked and processed through frameworks such as Apache Córdova "PhoneGap", Ionic, among others.

hashtag
Directories

App directories in device

/data/data/<package_name>. By default, the apps databases, settings, and all other data go here.

  • databases/: here go the app's databases

  • lib/: libraries and helpers for the app

  • files/: other related files

  • shared_prefs/: preferences and settings

  • cache/: well, caches

APK Anatomy

When decompiled :

  • AndroidManifest.xml: contains the application’s package name, access rights, referenced libraries as well as other metadata.

  • classes.dex: contains the application source code compiled in .dex file format.

  • resources.arsc: contains the application’s precompiled resources.

  • res/ : contains the application's resources not compiled into resources.arsc.

  • lib/ : contains compiled code that is platform-dependent. Each sub-directory in lib/ contains the specific source code for respective processors.

  • assets/ : contains the application’s assets.

  • META-INF/ : contains the MANIFEST.MF file, which stores metadata about the application. It also contains the certificate and signature of the APK.

PreviousAndroidNextReversing

Last updated