Part 1: Android Mobile Penetration Testing

Android Mobile Penetration Testing blog graphic

Part 1: Android Mobile Penetration Testing

Android is an Open source Mobile operating system, Linux based with modification to use devices such as mobile phones, computer tablets, and smart watches. Today’s market is being dominated by Android followed by iOS.

The above figure shows the Android market taken from http://www.statista.com. Let us understand basic Android Architecture and walk through different types of vulnerabilities in a Mobile application.

Android contains the following components:

  • System apps (Applications)
  • Java API Framework
  • Android Runtime
  • Native C/C++ Libraries
  • Hardware Abstraction Layer (HAL)
  • Linux Kernel

 

System Apps

Android OS has a set of core apps for Messages, Email, Calendars, Contacts etc. These apps provide access to the applications that users download so that Developers can enhance more capabilities. For instance, a user’s third-party app can be a custom-built Calendar or Messaging app – If a developer builds a delivering Messaging app, they can use the existing functionality exposed by core apps.

 

Android Platform Architecture

Source: https://developer.android.com/guide/platform

 

Java API Framework

Similar to Systems apps, Java API framework exposes its core functionality as API written in Java Language. The following are the building blocks as components and services:

  • View System – Provides rich UI controls like lists, grid, text boxes, buttons and embedded web browser.
  • Content Providers – Enables User’s App to share data with other Apps such as Contacts, Camera
  • Notification Manager – Provides functionality for custom notification alerts in status bar.
  • Resource Manager – Access to graphics, layout file and other non-code resources.
  • Activity Manager – Manages Navigation back stack, App life cycle and share own data.

 

Android Runtime

Android Runtime (ART) helps in converting Dalvik byte (Android JVM) into Native instructions. ART can run on multiple Virtual machines on Low-memory devices by DEX code execution. Major features of ART include:

  • Optimised Garbage Collection
  • For Android 9 and above Conversion of App packages Dalvik Executable format (DEX) to more compact machine code.
  • Ahead of Time (AOT) and Just in Time (JIT) Compilation

 

Native C/C++ Libraries

If any App requires C or C++ libraries, one can use Android NDK to access Native Libraries from native code.

 

Hardware Abstraction Layer

HAL contains Standard Interfaces which provides access to different hardware items like Camera, Bluetooth, Wi-Fi modules. Android system loads the respective module based on Framework API calls.

 

Linux Kernel

This is the foundation of Android Platform. Linux kernel is the backbone of Android Runtime (ART) for memory management and threading functionalities.

Throughout the series we’ll be exploring various Android Mobile vulnerabilities using various tools like:

 

Tool name Purpose
Android SDK To build Application, Create Virtual device, Android device Emulator
Drozer Simulate malicious application in Android
JADX Reverse Engineering APK files
Burpsuite Proxy intercepting tool
Dex2Jar Converts .dex of an APK to .jar or vice versa
Genymotion Another Emulator
As new tools emerge, we will also take a look at selected tools.

 

Also, we will be looking different types of vulnerabilities through custom built mobile vulnerable applications like Android InsecureBank V2 and purposely Insecure Vulnerable Android Application (PIVAA)  and how to mitigate those vulnerabilities in Mobile security standards.

Next time we look at some important tools needed.