Android Application Security Testing Part -1
Android penetration testing is finding security flaws and vulnerabilities in an Android mobile application or device to ensure its protection. This testing aims to mimic assaults that a hacker may employ to take advantage of the programme or device and steal sensitive data, risk user privacy, or carry out illegal operations.
Before Starting Android Application Security Testing we should know about Mobile Application Platforms and their packages.
Platforms like Blackberry, windows are also moved to Android. So, here is our main focus on Android Application security testing.
Basic Info of Android
- Co-founder and former of Android:- Andy Rubin
- First Android release on 23 Sept 2008
- core utilities are written in c,++ and its GUI is written in JAVA, Kotlin
- code names:- jelly bean, sandwich, KitKat, Marshmallow etc
Setup Mobile Pentesting Platform
Appie Framework
- Android Pentesting Portable Integrated Environment
•Run on the host machine, not a VM
•1.5 GB
•Ready to use
•A large number of tools like Drozer, adb, apktool, dex2jar Wireshark, etc.
Genymotion:
- Android emulator
- Runs on Oracle Virtual Box
- Set adb path (C://Appie/bin/adb/sdk)
Here we need an Android device to assess apps. So for that, we need to create an Emulated Android Device and install Genymotion. We can download Genymotion from this link https://www.genymotion.com/fun-zone/
We have to create an account on the Genymotion website to use genymotion or install genymotion on your system.
After downloading the setup and installing it on your system. Open settings in Genymotion and then after inserting your credentials which you have registered on Genymotion site.
We can add an android device emulator after clicking on Add option.
Now you also need to set adb path in Genymotion in order to use the virtual device with Appie.
- Open Genymotion then click on settings.
- Click on the ADB tab, select “Use Custom Android SDK Tools”
- Then select the path of SDK folder which is located at C:/Appie2/Appie/bin/adt/sdk
Android Studio:
- ProGuard integration and app-signing capabilities
- Template-based wizards to create common Android designs and components
- Android Virtual Device (Emulator) to run and debug apps in the Android studio.
Here below is the link to learn about Android studio: https://www.embarcadero.com/starthere/xe5/mobdevsetup/android/en/creating_an_android_emulator.html
Note: if you don’t like to use Appie or any other emulator explicitly, then we have a Santoku OS which is used for Android device & application security testing, malware analysis & Mobile Forensics. Santoku OS has built-in SDK emulator. OR We can also install tools like dex2jar, jdgui, adb, apktool, drozer in any other Linux utility like Kali, Parrot, Backbox etc
References:
