SlideShare a Scribd company logo

Android System Architecture And  Pen-testing of Android applications

Download as PPTX, PDF
Y
yavuzwb

Its about the Android System architecture and pentesting of Android applications(for begining)

EducationTechnology
1 of 29
Android System Architecture And Pen-testing of Android applications Yavuz Han
What is Android ? • A software platform and operating system for mobile devices • Based on the Linux kernel(Kernel 2.6) • Developed by Google and later Open Handset Aliance(OHA) • Also writing managed code in the Java Language • C/C++ also but not supported
Android Architecture
Applications • First layer in system architecture • These include the applications shipped with android like the email client, SMS client, maps, browsers and also the applications developed and distributed through the Android market.
Application Framework • Second layer in system architecture • These include the programs that manage the basic functions of the phone like resource allocation, voice call management, etc
Libraries • The layer above to the Linux kernel is the Android’s native libraries. • These libraries are written in C/C++ languages. • These libraries also run as processes within the underlying Linux kernel. • The libraries are nothing but a set of instructions that tell the device how to handle different kinds of data (e.g. The media libraries support playing or recording various audio/video formats)
Some of the key libraries are listed below: • SQLite:This is a lightweight yet powerful relational database engine available for all applications to store data. • Webkit:This is a browser engine providing tools for browsing web pages. • Surface Manager: This is responsible for the graphics on the device screens • OpenGL: Used to render 2D or 3D graphics to the screen
Android Runtime • This is located on the same layer as the libraries layer. • It consists of the core JAVA libraries and the Dalvik virtual machine. • The core Java libraries are used for developing Android based applications. • Dalvik VMs help in achieving the following: - better memory management -an application cannot interfere with other applications without permissions - threading support
• The diagram below is a pictorial representation of the Android environment. • It can be observed that each Android application runs under a separate virtual instance and each application has a unique user-id assigned to it.
Linux Kernel • This is last layer in system architecture • Device drivers, power management, process management and networking services depend on the layer • Android using Linux kernel 2.6 and android developed over time have been harmonized. • Android is not exactly Linux.
Penetration testing of Android apps • The applications in Android can be mainly classified into two categories: -Android browser-based applications -Android-based applications (Android application package files – .apk extension files)
Android Filesystem Access We want to analyze files within the device,so how do we do this ? ADB (windows,linux,mac)
Android FileSystem Access • Android Debug Bridge (adb) command -Access a shell -Pull/push files -Many more
Example of ADB
Quick look at some apps • We’re going to use Android’s default mail client (Note – this is for a rooted device) •Navigate to the shared_prefs directory of the application
Quick look at some apps • •cat (read) the file
Data Storage SQLite -Single file relational database -Supportet by Android & iPhone APIs to store Application settings/data
• Using the ADB shell, we can browse to the database folder and access the data as shown below:
Logging • Applications may leak data through gratuitous logging • In older versions of Android, the browser would log URLs visited -This also logged session Ids for websites that put it in the GET request
Viewing Android Logs • We can use ‘adb logcat’ command
Android Client Analysis • Android Application Layout -Apps are packaged in an APK file (zip archive) -What is in it ? -Dalvik class files(.dex) -Assets and Resources -Android Manifest.xml -APKs stored at /data/app on a device Can extract this
Android Application Layout
Android Application Layout
Android Manifest.xml • Enumerates permissions • We are most interested in permissions and metadata
Analyzing an APK • The files inside an APK are not directly useful -Need to unpack the XML,disassemble the dex class files We are using some tool for reverse engineering Android apk files
Decompilation • This way eassier than other ways • You may be familiar with jad or jdgui -Use dex2jar to get a (JVM) jar from an apk *Perform “source review” on decompiled app Does not work for all apks
Decompilation
Protection • • • • We must treat the mobile device as hostile Don’t store sensitive data unencrypted! Doing encryption well is HARD Best practice: don’t store any sensitive data on device
QUESTİONS THANK YOU

Recommended

Android Workshop_1
Android Workshop_1Android Workshop_1
Android Workshop_1Purvik Rana
 
Tech presentation (part 1)
Tech presentation (part 1)Tech presentation (part 1)
Tech presentation (part 1)Abhijit Roy
 
Android the new Mobile Technoogy
Android the new Mobile TechnoogyAndroid the new Mobile Technoogy
Android the new Mobile Technoogypoojapainter
 
Android project architecture
Android project architectureAndroid project architecture
Android project architectureSourabh Sahu
 
OpenProdoc Overview
OpenProdoc OverviewOpenProdoc Overview
OpenProdoc Overviewjhierrot
 
Android architecture
Android architectureAndroid architecture
Android architecturefahim shahzad
 
How to design a distributed system
How to design a distributed systemHow to design a distributed system
How to design a distributed systemJinglun Li
 
Assembly
AssemblyAssembly
AssemblyRicha Handa
 

Recommended

Android Workshop_1
Android Workshop_1Android Workshop_1
Android Workshop_1Purvik Rana
 
Tech presentation (part 1)
Tech presentation (part 1)Tech presentation (part 1)
Tech presentation (part 1)Abhijit Roy
 
Android the new Mobile Technoogy
Android the new Mobile TechnoogyAndroid the new Mobile Technoogy
Android the new Mobile Technoogypoojapainter
 
Android project architecture
Android project architectureAndroid project architecture
Android project architectureSourabh Sahu
 
OpenProdoc Overview
OpenProdoc OverviewOpenProdoc Overview
OpenProdoc Overviewjhierrot
 
Android architecture
Android architectureAndroid architecture
Android architecturefahim shahzad
 
How to design a distributed system
How to design a distributed systemHow to design a distributed system
How to design a distributed systemJinglun Li
 
Assembly
AssemblyAssembly
AssemblyRicha Handa
 
Dot net assembly
Dot net assemblyDot net assembly
Dot net assemblyDr.Neeraj Kumar Pandey
 
Asp folders and web configurations
Asp folders and web configurationsAsp folders and web configurations
Asp folders and web configurationsbaabtra.com - No. 1 supplier of quality freshers
 
Android Architecture
Android ArchitectureAndroid Architecture
Android ArchitecturePietro Alberto Rossi
 
Linq
LinqLinq
LinqAriful Haque tutul
 
Apex ace update
Apex ace updateApex ace update
Apex ace updateAyesha Fayyaz
 
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&RunningSQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&RunningPolish SQL Server User Group
 
Android Handheld Systems
Android Handheld SystemsAndroid Handheld Systems
Android Handheld SystemsVyakhya Shrivastava
 
Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android AapplicationsRoshan Thomas
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...Lviv Startup Club
 
CocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best PracticesCocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best PracticesMutual Mobile
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS AppsHerman Duarte
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysisn|u - The Open Security Community
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESPositive Hack Days
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applicationsJose Manuel Ortega Candel
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 

More Related Content

What's hot

SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&RunningSQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&RunningPolish SQL Server User Group
 

What's hot (7)

Dot net assembly
Dot net assemblyDot net assembly
Dot net assembly
 
Asp folders and web configurations
Asp folders and web configurationsAsp folders and web configurations
Asp folders and web configurations
 
Android Architecture
Android ArchitectureAndroid Architecture
Android Architecture
 
Linq
LinqLinq
Linq
 
Apex ace update
Apex ace updateApex ace update
Apex ace update
 
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&RunningSQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
SQLDay2013_DennyCherry_GettingSQLServiceBrokerUp&Running
 
Android Handheld Systems
Android Handheld SystemsAndroid Handheld Systems
Android Handheld Systems
 

Viewers also liked

Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android AapplicationsRoshan Thomas
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Ajin Abraham
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSAnant Shrivastava
 
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...Lviv Startup Club
 
CocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best PracticesCocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best PracticesMutual Mobile
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESPositive Hack Days
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on AndroidDEVCORE
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
Mobile app testing services
Mobile app testing servicesMobile app testing services
Mobile app testing servicesRichard_S
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile ApplicationsDenim Group
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security WorkshopOWASP
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comIdexcel Technologies
 

Viewers also liked (20)

Penetrating Android Aapplications
Penetrating Android AapplicationsPenetrating Android Aapplications
Penetrating Android Aapplications
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
Nullcon Goa 2016 - Automated Mobile Application Security Testing with Mobile ...
 
SSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOSSSL Pinning and Bypasses: Android and iOS
SSL Pinning and Bypasses: Android and iOS
 
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
Lviv MDDay 2014. Ігор Коробка “забезпечення базової безпеки в андроїд аплікац...
 
CocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best PracticesCocoaConf Austin 2014 | Demystifying Security Best Practices
CocoaConf Austin 2014 | Demystifying Security Best Practices
 
Pentesting iOS Apps
Pentesting iOS AppsPentesting iOS Apps
Pentesting iOS Apps
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
HIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICESHIJACKING ATTACKS ON ANDROID DEVICES
HIJACKING ATTACKS ON ANDROID DEVICES
 
Certificate Pinning in Mobile Applications
Certificate Pinning in Mobile ApplicationsCertificate Pinning in Mobile Applications
Certificate Pinning in Mobile Applications
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
Security testing in mobile applications
Security testing in mobile applicationsSecurity testing in mobile applications
Security testing in mobile applications
 
[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android[2014/10/06] HITCON Freetalk - App Security on Android
[2014/10/06] HITCON Freetalk - App Security on Android
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
Mobile app testing services
Mobile app testing servicesMobile app testing services
Mobile app testing services
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
 
Security Testing Mobile Applications
Security Testing Mobile ApplicationsSecurity Testing Mobile Applications
Security Testing Mobile Applications
 
[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop[Wroclaw #1] Android Security Workshop
[Wroclaw #1] Android Security Workshop
 
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.comMobile Application Security Testing, Testing for Mobility App | www.idexcel.com
Mobile Application Security Testing, Testing for Mobility App | www.idexcel.com
 

Similar to Android System Architecture And  Pen-testing of Android applications

Android General information
Android General informationAndroid General information
Android General informationPrashant Gosai
 
Presentation for Android OS
Presentation for Android OSPresentation for Android OS
Presentation for Android OSMukul Cool
 
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Santosh Sh
 
Android Architecture design programming with java
Android Architecture design programming with javaAndroid Architecture design programming with java
Android Architecture design programming with javassuser471dfb
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions newJoe Jacob
 
Android fundamentals and tutorial for beginners
Android fundamentals and tutorial for beginnersAndroid fundamentals and tutorial for beginners
Android fundamentals and tutorial for beginnersBoom Shukla
 
Android architecture
Android architectureAndroid architecture
Android architecturepoojapainter
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osArnav Gupta
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App DevelopementAayush Gupta
 
Android Architecture.pptx
Android Architecture.pptxAndroid Architecture.pptx
Android Architecture.pptxpriya Nithya
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and SecurityKelwin Yang
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidSam Bowne
 
Android app development
Android app developmentAndroid app development
Android app developmentTechizzaa
 

Similar to Android System Architecture And  Pen-testing of Android applications (20)

My androidpresentation
My androidpresentationMy androidpresentation
My androidpresentation
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Android General information
Android General informationAndroid General information
Android General information
 
Presentation for Android OS
Presentation for Android OSPresentation for Android OS
Presentation for Android OS
 
Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01Androidoverview 100405150711-phpapp01
Androidoverview 100405150711-phpapp01
 
01 02 - introduction - adroid stack
01 02 - introduction - adroid stack01 02 - introduction - adroid stack
01 02 - introduction - adroid stack
 
Introduction to android
Introduction to androidIntroduction to android
Introduction to android
 
Android OS
Android OSAndroid OS
Android OS
 
Bluestacks ANDROID
Bluestacks ANDROIDBluestacks ANDROID
Bluestacks ANDROID
 
Android Architecture design programming with java
Android Architecture design programming with javaAndroid Architecture design programming with java
Android Architecture design programming with java
 
Introduction to android sessions new
Introduction to android sessions newIntroduction to android sessions new
Introduction to android sessions new
 
Android fundamentals and tutorial for beginners
Android fundamentals and tutorial for beginnersAndroid fundamentals and tutorial for beginners
Android fundamentals and tutorial for beginners
 
Android architecture
Android architectureAndroid architecture
Android architecture
 
Enhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_osEnhancing and modifying_the_core_android_os
Enhancing and modifying_the_core_android_os
 
Android programming
Android programmingAndroid programming
Android programming
 
Android App Developement
Android App DevelopementAndroid App Developement
Android App Developement
 
Android Architecture.pptx
Android Architecture.pptxAndroid Architecture.pptx
Android Architecture.pptx
 
Introduction to Android Development and Security
Introduction to Android Development and SecurityIntroduction to Android Development and Security
Introduction to Android Development and Security
 
CNIT 128 Ch 4: Android
CNIT 128 Ch 4: AndroidCNIT 128 Ch 4: Android
CNIT 128 Ch 4: Android
 
Android app development
Android app developmentAndroid app development
Android app development
 

Recently uploaded

Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEaurabinda banchhor
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...JojoEDelaCruz
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxruthvilladarez
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmStan Meyer
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxJanEmmanBrigoli
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationdeepaannamalai16
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 

Recently uploaded (20)

LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Dust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSEDust Of Snow By Robert Frost Class-X English CBSE
Dust Of Snow By Robert Frost Class-X English CBSE
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
ENG 5 Q4 WEEk 1 DAY 1 Restate sentences heard in one’s own words. Use appropr...
 
TEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docxTEACHER REFLECTION FORM (NEW SET........).docx
TEACHER REFLECTION FORM (NEW SET........).docx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Oppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and FilmOppenheimer Film Discussion for Philosophy and Film
Oppenheimer Film Discussion for Philosophy and Film
 
Millenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptxMillenials and Fillennials (Ethical Challenge and Responses).pptx
Millenials and Fillennials (Ethical Challenge and Responses).pptx
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Congestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentationCongestive Cardiac Failure..presentation
Congestive Cardiac Failure..presentation
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 

Android System Architecture And  Pen-testing of Android applications

  • 1. Android System Architecture And Pen-testing of Android applications Yavuz Han
  • 2. What is Android ? • A software platform and operating system for mobile devices • Based on the Linux kernel(Kernel 2.6) • Developed by Google and later Open Handset Aliance(OHA) • Also writing managed code in the Java Language • C/C++ also but not supported
  • 4. Applications • First layer in system architecture • These include the applications shipped with android like the email client, SMS client, maps, browsers and also the applications developed and distributed through the Android market.
  • 5. Application Framework • Second layer in system architecture • These include the programs that manage the basic functions of the phone like resource allocation, voice call management, etc
  • 6. Libraries • The layer above to the Linux kernel is the Android’s native libraries. • These libraries are written in C/C++ languages. • These libraries also run as processes within the underlying Linux kernel. • The libraries are nothing but a set of instructions that tell the device how to handle different kinds of data (e.g. The media libraries support playing or recording various audio/video formats)
  • 7. Some of the key libraries are listed below: • SQLite:This is a lightweight yet powerful relational database engine available for all applications to store data. • Webkit:This is a browser engine providing tools for browsing web pages. • Surface Manager: This is responsible for the graphics on the device screens • OpenGL: Used to render 2D or 3D graphics to the screen
  • 8. Android Runtime • This is located on the same layer as the libraries layer. • It consists of the core JAVA libraries and the Dalvik virtual machine. • The core Java libraries are used for developing Android based applications. • Dalvik VMs help in achieving the following: - better memory management -an application cannot interfere with other applications without permissions - threading support
  • 9. • The diagram below is a pictorial representation of the Android environment. • It can be observed that each Android application runs under a separate virtual instance and each application has a unique user-id assigned to it.
  • 10. Linux Kernel • This is last layer in system architecture • Device drivers, power management, process management and networking services depend on the layer • Android using Linux kernel 2.6 and android developed over time have been harmonized. • Android is not exactly Linux.
  • 11. Penetration testing of Android apps • The applications in Android can be mainly classified into two categories: -Android browser-based applications -Android-based applications (Android application package files – .apk extension files)
  • 12. Android Filesystem Access We want to analyze files within the device,so how do we do this ? ADB (windows,linux,mac)
  • 13. Android FileSystem Access • Android Debug Bridge (adb) command -Access a shell -Pull/push files -Many more
  • 15. Quick look at some apps • We’re going to use Android’s default mail client (Note – this is for a rooted device) •Navigate to the shared_prefs directory of the application
  • 16. Quick look at some apps • •cat (read) the file
  • 17. Data Storage SQLite -Single file relational database -Supportet by Android & iPhone APIs to store Application settings/data
  • 18. • Using the ADB shell, we can browse to the database folder and access the data as shown below:
  • 19. Logging • Applications may leak data through gratuitous logging • In older versions of Android, the browser would log URLs visited -This also logged session Ids for websites that put it in the GET request
  • 20. Viewing Android Logs • We can use ‘adb logcat’ command
  • 21. Android Client Analysis • Android Application Layout -Apps are packaged in an APK file (zip archive) -What is in it ? -Dalvik class files(.dex) -Assets and Resources -Android Manifest.xml -APKs stored at /data/app on a device Can extract this
  • 24. Android Manifest.xml • Enumerates permissions • We are most interested in permissions and metadata
  • 25. Analyzing an APK • The files inside an APK are not directly useful -Need to unpack the XML,disassemble the dex class files We are using some tool for reverse engineering Android apk files
  • 26. Decompilation • This way eassier than other ways • You may be familiar with jad or jdgui -Use dex2jar to get a (JVM) jar from an apk *Perform “source review” on decompiled app Does not work for all apks
  • 28. Protection • • • • We must treat the mobile device as hostile Don’t store sensitive data unencrypted! Doing encryption well is HARD Best practice: don’t store any sensitive data on device