
Explore mobile first and state-of-the-art technology, and why mobile dominates today globally. Explore smartphones to wearables and internet of things, learn trends, mobile payments, and the need for security.
Discover why mobile security matters for Android apps. Get an intro to the OWASP top 10 mobile risks and key protections like secure storage, transport layer protection, authentication, and cryptography.
Learn the CIA triad—confidentiality, integrity, and availability—and how these pillars secure information with cryptography, access controls, backups, and disaster recovery.
Explore Android, a free, open-source Linux-based operating system developed by Google. Understand its dessert-named version history and learn to identify and fix security vulnerabilities in apps.
Explore android architecture from the linux kernel to the app framework. Learn how baldric virtual machine, the android runtime, and core services like activity manager enable app development.
Explore android data structure and file system concepts, including internal and external storage, /data/data package directories, adb access, and app data components like cache, databases, and shared preferences.
Explore how Android apps are built and packaged as APK files, inspect dex and resources, and understand activities, services, broadcast receivers, content providers, intents, permissions, and shared preferences.
Examine mobile security compliance for Android apps, covering PCI DSS, HIPAA, and FIPS standards, and discuss how open-source Android and sandboxing influence policy enforcement.
Install the ca certificate from burp suite on android devices and emulators to trust proxies and intercept ssl traffic for testing.
Examine how a man-in-the-middle attack intercepts traffic between a mobile device and gateway, using ssl strip to downgrade https to http and capture credentials in clear text.
apk files are zip-based packages for Android apps, containing classes.dex, resources, and the manifest; signing certificates and sha hashes aid reverse engineering of activities, intents, services, and content providers.
Explore reverse engineering of Android apps by turning unreadable bytecode in apk files into readable Java source, using decompiling tools and automated workflows to decompile, modify, and rebuild apps.
Learn to reverse an Android app by converting a dex file to a jar and decompiling it with jadx to reveal readable source code.
Learn static analysis of Android malware by using reverse engineering tools to reconstruct code, inspect Android manifest permissions and background services, and examine decompiled binaries and encrypted data.
Perform dynamic analysis of Android malware with DroidBox, observing runtime behavior, network activity, and file operations in a sandboxed emulator.
Examine insecure data storage in Android apps, focusing on shared preferences storing credentials in clear text and other storage options. Encrypt key-value data with crypto libraries and use password-based encryption.
Demonstrates insecure data storage with sqlite databases, where usernames and passwords are readable from the database file. Highlights encryption as the fix to protect sensitive app data.
Learn to use metasploit to exploit android devices, create a backdoor, and establish a reverse shell, using payloads and msf console to assess android app security.
Explore Android data extraction techniques, including accessing shared preferences, internal and external storage, and app databases, with a practical demo on extracting an email app database.
Review the core concepts of Android app security, including confidentiality, integrity and availability, cryptography and digital signatures, Android security model, testing tools, and dynamic and static analysis.
If you at any point of time in your career or academia surfaced information security, you know for a fact that security analysis is not only about thorough understanding of a system but also includes a good list of tools and techniques to analyze that particular system. Unlike network and web, mobile security is a recent phenomenon. In order to analyze mobile application, one should understand the underlying architecture, security model, development frameworks and the relevant tools.
This course deals with applications within the most widely used mobile OS, Android. The course introduces underlying Android architecture, its permission model and the default security measures in place. It deals with developer tools like Eclipse, Android Studio, Android Debug Bridge or ADB, UI Automator and Monkey Runner, along with tools and techniques for Network Analysis.
As a part of reversing and malware analysis, static and dynamic techniques have been discussed. Pentesting an Android App is has also been discussed. Issues like unintended data leakage, insecure data storage and tools like Burp Intruder & Metasploit have also been covered. The course concludes by discussing Android best practices for security.
To conclude, this course deals with Android security concepts and discusses the relevant tools in detail to exploit an Android application.