Android security : attacks and defenses

Select an Action

Title:

Author:

Misra, Anmol.

ISBN:

9781439896464

Personal Author:

Misra, Anmol.

Physical Description:

xx, 255 pages : illustrations ; 25 cm.

Contents:

Machine generated contents note: ch. 1 Introduction -- 1.1.Why Android -- 1.2.Evolution of Mobile Threats -- 1.3.Android Overview -- 1.4.Android Marketplaces -- 1.5.Summary -- ch. 2 Android Architecture -- 2.1.Android Architecture Overview -- 2.1.1.Linux Kernel -- 2.1.2.Libraries -- 2.1.3.Android Runtime -- 2.1.4.Application Framework -- 2.1.5.Applications -- 2.2.Android Start Up and Zygote -- 2.3.Android SDK and Tools -- 2.3.1.Downloading and Installing the Android SDK -- 2.3.2.Developing with Eclipse and ADT -- 2.3.3.Android Tools -- 2.3.4.DDMS -- 2.3.5.ADB -- 2.3.6.ProGuard -- 2.4.Anatomy of the "Hello World" Application -- 2.4.1.Understanding Hello World -- 2.5.Summary -- ch. 3 Android Application Architecture -- 3.1.Application Components -- 3.1.1.Activities -- 3.1.2.Intents -- 3.1.3.Broadcast Receivers -- 3.1.4.Services -- 3.1.5.Content Providers -- 3.2.Activity Lifecycles -- 3.3.Summary -- ch. 4 Android (in)Security -- 4.1.Android Security Model --

Contents note continued: 4.2.Permission Enforcement-Linux -- 4.3.Android's Manifest Permissions -- 4.3.1.Requesting Permissions -- 4.3.2.Putting It All Together -- 4.4.Mobile Security Issues -- 4.4.1.Device -- 4.4.2.Patching -- 4.4.3.External Storage -- 4.4.4.Keyboards -- 4.4.5.Data Privacy -- 4.4.6.Application Security -- 4.4.7.Legacy Code -- 4.5.Recent Android Attacks-A Walkthrough -- 4.5.1.Analysis of DroidDream Variant -- 4.5.2.Analysis of Zsone -- 4.5.3.Analysis of Zitmo Trojan -- 4.6.Summary -- ch. 5 Pen Testing Android -- 5.1.Penetration Testing Methodology -- 5.1.1.External Penetration Test -- 5.1.2.Internal Penetration Test -- 5.1.3.Penetration Test Methodologies -- 5.1.4.Static Analysis -- 5.1.5.Steps to Pen Test Android OS and Devices -- 5.2.Tools for Penetration Testing Android -- 5.2.1.Nmap -- 5.2.2.BusyBox -- 5.2.3.Wireshark -- 5.2.4.Vulnerabilities in the Android OS -- 5.3.Penetration Testing-Android Applications -- 5.3.1.Android Applications --

Contents note continued: 5.3.2.Application Security -- 5.4.Miscellaneous Issues -- 5.5.Summary -- ch. 6 Reverse Engineering Android Applications -- 6.1.Introduction -- 6.2.What is Malware? -- 6.3.Identifying Android Malware -- 6.4.Reverse Engineering Methodology for Android Applications -- 6.5.Summary -- ch. 7 Modifying the Behavior of Android Applications without Source Code -- 7.1.Introduction -- 7.1.1.To Add Malicious Behavior -- 7.1.2.To Eliminate Malicious Behavior -- 7.1.3.To Bypass Intended Functionality -- 7.2.DEX File Format -- 7.3.Case Study: Modifying the Behavior of an Application -- 7.4.Real World Example 1-Google Wallet Vulnerability -- 7.5.Real World Example 2-Skype Vulnerability (CVE-2011-1717) -- 7.6.Defensive Strategies -- 7.6.1.Perform Code Obfuscation -- 7.6.2.Perform Server Side Processing -- 7.6.3.Perform Iterative Hashing and Use Salt -- 7.6.4.Choose the Right Location for Sensitive Information -- 7.6.5.Cryptography -- 7.6.6.Conclusion -- 7.7.Summary --

Contents note continued: ch. 8 Hacking Android -- 8.1.Introduction -- 8.2.Android File System -- 8.2.1.Mount Points -- 8.2.2.File Systems -- 8.2.3.Directory Structure -- 8.3.Android Application Data -- 8.3.1.Storage Options -- 8.3.2./data/data -- 8.4.Rooting Android Devices -- 8.5.Imaging Android -- 8.6.Accessing Application Databases -- 8.7.Extracting Data from Android Devices -- 8.8.Summary -- ch. 9 Securing Android for the Enterprise Environment -- 9.1.Android in Enterprise -- 9.1.1.Security Concerns for Android in Enterprise -- 9.1.2.End-User Awareness -- 9.1.3.Compliance/Audit Considerations -- 9.1.4.Recommended Security Practices for Mobile Devices -- 9.2.Hardening Android -- 9.2.1.Deploying Android Securely -- 9.2.2.Device Administration -- 9.3.Summary -- ch. 10 Browser Security and Future Threat Landscape -- 10.1.Mobile HTML Security -- 10.1.1.Cross-Site Scripting -- 10.1.2.SQL Injection -- 10.1.3.Cross-Site Request Forgery -- 10.1.4.Phishing --

Contents note continued: 10.2.Mobile Browser Security -- 10.2.1.Browser Vulnerabilities -- 10.3.The Future Landscape -- 10.3.1.The Phone as a Spying/Tracking Device -- 10.3.2.Controlling Corporate Networks and Other Devices through Mobile Devices -- 10.3.3.Mobile Wallets and NFC -- 10.4.Summary -- Appendix A -- Appendix B -- B.1.Views -- B.2.Code Views -- B.3.Keyboard Shortcuts -- B.4.Options -- Appendix C.

Abstract:

"Preface xvi Android Security: Attacks and Defenses Audience Our book is targeted at security architects, system administrators, enterprise SDLC managers, developers, white-hat hackers, penetration testers, IT architects, CIOs, students, and regular users. If you want to learn about Android security features, possible attacks and means to prevent them, you will find various chapters in this book as a useful starting point. Our goal is to provide readers with enough information so that they can quickly get up and running on Android, with all of the basics of the Android platform and related security issues under their belts. If you are an Android hacker, or if you are very well versed in security concerns of the platform, this book is not for you. Support Errata and support for this book are available on the CRC Press website and on our site: www.androidinsecurity.com. Our site will also have downloads for applications and tools created by the user. Sample applications created by the authors are available on our website under the Resource section. Readers should download apk files from our website and use them in conjunction with the text, wherever needed. Username: android Password: ISBN-10 number of the book--1439896461 Structure Our book is divided into 10 chapters. Chapter 1 provides an introduction to the mobile landscape. Chapters 2 and 3 introduce the reader to the Android OS and application architecture, respectively. Chapter 4 delves into Android security features. Chapters 5 through 9 cover various aspects of security for the Android platform and applications. The last chapter looks at the future landscape of threats. Appendixes A and B (found towards the end of the book) talk about the severity ratings of"--

Title Subject:

Android (Electronic resource)

Subject Term:

Operating systems (Computers) -- Security measures.

Smartphones -- Security measures.

Mobile computing -- Security measures.

COMPUTERS / Networking / General.

COMPUTERS / Software Development & Engineering / General.

COMPUTERS / Security / General.

Copies:

Available:*

Library	Material Type	Item Barcode	Shelf Number	Copy	Status
Searching... 1:IIEMSA	1:GEN-BOOK	33168025598166	005.8 M678A 2013	1	Searching... Unknown

Bound With These Titles

On Order

Summary

Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics of the Android platform and its security issues.

Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission requirements. It also rates the Android permissions based on security implications and covers JEB Decompiler.

The authors describe how to write Android bots in JAVA and how to use reversing tools to decompile any Android application. They also cover the Android file system, including import directories and files, so readers can perform basic forensic analysis on file system and SD cards. The book includes access to a wealth of resources on its website: www.androidinsecurity.com. It explains how to crack SecureApp.apk discussed in the text and also makes the application available on its site.

The book includes coverage of advanced topics such as reverse engineering and forensics, mobile device pen-testing methodology, malware analysis, secure coding, and hardening guidelines for Android. It also explains how to analyze security implications for Android mobile devices/applications and incorporate them into enterprise SDLC processes.

The book's site includes a resource section where readers can access downloads for applications, tools created by users, and sample applications created by the authors under the Resource section. Readers can easily download the files and use them in conjunction with the text, wherever needed. Visit www.androidinsecurity.com for more information.