18 Jan Part 1: Android Mobile Penetration Testing
Android is an Open source Mobile operating system, Linux based with modification to use devices such as mobile phones, computer tablets, and smart watches. Today’s market is being dominated by Android followed by iOS.
The above figure shows the Android market taken from http://www.statista.com. Let us understand basic Android Architecture and walk through different types of vulnerabilities in a Mobile application.
Android contains the following components:
- System apps (Applications)
- Java API Framework
- Android Runtime
- Native C/C++ Libraries
- Hardware Abstraction Layer (HAL)
- Linux Kernel
Android OS has a set of core apps for Messages, Email, Calendars, Contacts etc. These apps provide access to the applications that users download so that Developers can enhance more capabilities. For instance, a user’s third-party app can be a custom-built Calendar or Messaging app – If a developer builds a delivering Messaging app, they can use the existing functionality exposed by core apps.
Android Platform Architecture
Java API Framework
Similar to Systems apps, Java API framework exposes its core functionality as API written in Java Language. The following are the building blocks as components and services:
- View System – Provides rich UI controls like lists, grid, text boxes, buttons and embedded web browser.
- Content Providers – Enables User’s App to share data with other Apps such as Contacts, Camera
- Notification Manager – Provides functionality for custom notification alerts in status bar.
- Resource Manager – Access to graphics, layout file and other non-code resources.
- Activity Manager – Manages Navigation back stack, App life cycle and share own data.
Android Runtime (ART) helps in converting Dalvik byte (Android JVM) into Native instructions. ART can run on multiple Virtual machines on Low-memory devices by DEX code execution. Major features of ART include:
- Optimised Garbage Collection
- For Android 9 and above Conversion of App packages Dalvik Executable format (DEX) to more compact machine code.
- Ahead of Time (AOT) and Just in Time (JIT) Compilation
Native C/C++ Libraries
If any App requires C or C++ libraries, one can use Android NDK to access Native Libraries from native code.
Hardware Abstraction Layer
HAL contains Standard Interfaces which provides access to different hardware items like Camera, Bluetooth, Wi-Fi modules. Android system loads the respective module based on Framework API calls.
This is the foundation of Android Platform. Linux kernel is the backbone of Android Runtime (ART) for memory management and threading functionalities.
Throughout the series we’ll be exploring various Android Mobile vulnerabilities using various tools like:
|Android SDK||To build Application, Create Virtual device, Android device Emulator|
|Drozer||Simulate malicious application in Android|
|JADX||Reverse Engineering APK files|
|Burpsuite||Proxy intercepting tool|
|Dex2Jar||Converts .dex of an APK to .jar or vice versa|
|As new tools emerge, we will also take a look at selected tools.|
Also, we will be looking different types of vulnerabilities through custom built mobile vulnerable applications like Android InsecureBank V2 and purposely Insecure Vulnerable Android Application (PIVAA) and how to mitigate those vulnerabilities in Mobile security standards.
Next time we look at some important tools needed.