What this book covers

Chapter 1, Getting Started with Android Security, teaches readers the basics of Android security architecture. It will discuss Permission Models and how permissions are enforced in applications. It will also talk about Dalvik Virtual Environment and the application APK basics.

Chapter 2, Preparing the Battlefield, provides the reader with a step-by-step process to set up a penetration testing environment to perform Android pentesting. It will also talk about Android Debug Bridge, as well as some of the important tools required for pentesting Android.

Chapter 3, Reversing and Auditing Android Apps, covers some of the methods and techniques that are used to reverse the Android applications. It will also discuss different tools, which could help a penetration tester in Android application auditing. Also, it will list the various kinds of vulnerabilities existing in Android applications, (the ones that put the user's data at risk).

Chapter 4, Traffic Analysis for Android Devices, covers the interception of traffic in applications on the Android device. It explains both the active and passive ways of intercepting the traffic, as well as intercepting both HTTP and HTTPS network traffic. It will also look at how to capture traffic and analyze its services as one of the most useful steps for application auditing on the Android platform.

Chapter 5, Android Forensics, starts with a basic walkthrough of Android Forensics, and takes the reader through various techniques of data extraction on Android-based smartphones. It will cover both logical and physical acquisition of forensic data, as well as the tools that could ease the process of data extraction.

Chapter 6, Playing with SQLite, helps the reader to gain an in-depth knowledge of the SQLite databases used by Android to store data. Often, due to the mistakes made by developers, the SQLite query accepts unsanitized input, or is not used without proper permissions, which leads to injection attacks.

Chapter 7, Lesser-known Android Attacks, covers various lesser-known techniques helpful in Android penetration testing. It will include topics such as WebView vulnerabilities and exploitation, infecting legitimate applications, and cross application scripting.

Chapter 8, ARM Exploitation, allows readers to gain introductory exploitation knowledge about the ARM platform on which most smartphones run today. Readers will learn about ARM assembly, as well as exploiting Buffer Overflows, Ret2Libc, and ROP.

Chapter 9, Writing the Pentest Report, provides a short walkthrough on how to write reports to audit an Android application. It takes the reader through various components of a pentesting report one-by-one, and finally helps them build a penetration testing report.