Training Catalog‎ > ‎

5-Day Advanced Android Security

Advanced Android Security

Length: 5 Days

Type: Hands-On

Target Audience: Mobile Developers, IT Managers, Security Personnel with Java experience.


In this comprehensive hands-on course, combining both Android Application Security and Android Enterprise Security modules, you will learn Android security at all possible levels, from the bootloader, through building Secure Applications, and via the end-user security and Enterprise Mobility Management. We will learn to harden both the Operating System (for device builders), and the application code itself, to protect both the organization’s Intellectual Property and the user’s personal data , and will also learn to take advantage of Android Provisioning services to support an IT manager perspective. The course is intended for developers, or former developers with practical Java experience. No previous Android experience is required, but it is highly recommended.


Note: The course is based on the Marshmallow version. Earlier versions can be targeted without additional cost, upon customer request.



Course Outline:

  • Android Overview - Design considerations

    • Android History

    • The android ecosystem: Partners, Entities, Design, Approach, Licensing.

  • Android Overview - Bottom up discussion

    • Hardware overview: What makes an Android device.

    • Linux Kernel boot process and provided functionalities

    • Native User Space: Init services, daemons, executables and libraries

    • Enabling Java (Dalvik + ART)

    • JNI bridge layer

    • Java OS Layer (Android Frameworks)

    • Application (APK) Structure

    • System Applications

    • User Applications

    • Google Play Services

    • Android IPC terminology by example: Browser, Maps.

    • Introduction to working with the AOSP: How and where to find what.

  • Android Platform Security

    • Linux driven security sandbox

    • OS and binary protection and exploitation: ASLR, PIE, DEP, RoP et. al.

    • Android hardware related permission enforcement

    • SELinux on Android

    • Data partition forensics protection via Internal and external storage encryption

    • Secure Boot

    • Android Signature model and verification:

      • Platform keys and platform app signing. Google, OEM’s and integrators.

      • Third party (and play store) application signing.

    • Android application sandbox: Single and multi physical user.

    • Android Permissions:

      • Pre-Marshmallow (API Level < 23)

      • Post-Marshmallow: User policies, user responsibilities, application developer responsibilities, dynamic permission checking and revocation.

      • Defining custom permissions, restricting Application components (Activity, Service, Content Provider, Broadcast Receiver)

    • Android Security Patches

  • Security terminology and real-life attacks, “breaking Android”:

    • Glossary attack vectors, attack surfaces, vulnerabilities and exploits.

    • Privilege escalation attacks - theory and practice

    • Dynamic code loading attacks and mitigation

      • Native code

      • Java code via DexLoader

      • Live (on device) code scanning techniques using the PackageManager

    • Binary exploitation and device rooting

    • Remote exploitation and DoS attacks

    • Signature based attacks

    • SE Linux discussion

    • On device Anti-Virus and Anti-Malware building techniques

  • Penetration Testing and Dynamic Analysis

    • Android “debugging”: Introducing am, pm, wm, service, procfs, sysfs and friends.

    • Android Penetration testing tools

    • Finding exposed application components

    • Android fuzzing tools by example: fuzzing the Stagefright framework

    • Penetration testing and exploitation with drozer/metasploit

  • Reverse-Engineering Applications and Static Analysis

    • Android application installation process, paths, optimized bytecodes, ELF types

    • Dalvik bytecode structure and ART binary format

    • Decompiling/disassembling ART and Dalvik based files.

    • Rejoining and decompiling /disassembling optimized byte code.

    • Unpacking APK resources, repacking, resigning.

    • Disassembling vs. Decompiling: Tools and strategies: where to spend your time?

    • Survey of opensource and commercial tools and analyzers.

    • Off device Anti-Virus and Anti-Malware building techniques

  • Android Application Secure Coding I: Code and app behavior

    • Code protection techniques: Obfuscation, stripping, encryption, anti-tampering techniques. Native code techniques with NDK, gcc, and clang.

    • SQL Injection and protection from it.

    • Manifest level component access control

    • SELinux and Middleware MAC

    • IPC level runtime component access control

    • Webview and Javascript protection/restriction best practices for hybrid apps

    • Protecting from other applications, protecting from user judgement

    • Dynamic loading attack prevention (DEX, .so and .js)

    • Dynamic permission control best practices

    • Introduction to Android cryptography: BouncyCastle, BoringSSL

    • Protecting WebView code

    • Security Provider live-patching using ProviderInstaller

    • Applying Android lint tool, and other commercial static analysis tools

  • Android Application Secure Coding II: Securing User and Application data.

    • Android Storage layout - what’s open and what’s not.

    • SQLite inspection and protection with CQLCipher

    • Introduction to applied cryptography

      • Cryptography goals: Authentication, Integrity, Encryption.

      • Symmetric and Asymmetric cipher suites

      • Key generation techniques and trade-offs

      • Software vs. Hardware based techniques.

    • Android Applied cryptography

      • Protection models (Encryption vs. Authentication)

      • Software based protection via software based cryptography

      • Hardware based protection via the keystore

      • Hardware based authentication via Fingerprint API

      • Timed authentication via gatekeeper

      • Data encryption - protection and optimization.   

  • Android Application Secure Coding III: Secure Network Communications

    • Network privacy dangers: Packet sniffers and interceptors. MITM attacks.

    • Certificate Authority (CA) Chain of trust: A solution and the introduced problems

    • Secure communication with TLS/SSL

    • Encrypted network privacy dangers: Sniffers and interceptors. MITM attacks.

    • CA management in Android: Platform and application management

    • Custom TrustManager’s and Certificate pinning

    • IP layer security teaser, VPN (more in the Android For Work section)

  • Enterprise Mobility Management: Android for Work

    • Enterprise Mobility Management (EMM) - definition and market survey

    • EMM: The IT manager vs. the private user

    • Device administration APIs - an IT manager biased arsenal

    • Work profiles - the compromise between the IT and the user.

    • Application restrictions

    • Dynamic Permission enforcement (API Level >= 23)

    • Device provisioning: Apps, networks, etc.

    • Per platform and Per app Virtual Private Networks (VPNs)


Comments