Beginning Pentesting Android Applications

all right uh welcome back and good afternoon please join me in welcoming james mckee uh james is presently running besides boulder streaming so he will take questions on the track one discord channel uh when not running a security conference he is a global developer security program manager at trimble his talk beginning pen testing android applications will provide an introduction to penetration testing thanks

hello and welcome to beginning pen testing android applications i'm james mckee um so a little bit about me uh just for pure clarification i'm not actually a penetration tester i am the global developer security program manager for trimble that's a huge mouthful effectively what i do is i do devsec but it's important to know these topics and i usually teach them from the developer side because it's important for our developers to understand how applications can be broken apart so that they can better understand how to defend their applications so going into it you want to start testing android applications there's a lot of reasons that you can be doing this and there's a lot of cool stuff that

comes out of this um you know figuring out you know there are some of the reasons you could get into this or maybe you want to get into pen testing professionally if you do the android space is a fantastic place to get started it has a relatively low bar to entry and there aren't strangely a lot of people out there doing it in the way that we would need them to be doing it um with that said there is a massive number of applications out there that you can start testing on and really get a good place um additionally the android ecosystem does have some breaks as to it in the way that it's structured

that allow for malicious code and so there's definitely a need for people who are interested in hunting for malicious code and android applications the goal of this presentation is really to take you from being an absolute beginner and get you all the way up through the point where you can begin quickly testing and understanding the tool sets that you'll be working with additionally the secondary goal is to let you know what tools you can use and where to look for help as part of this so with that said let's go ahead and dive straight into it so the first thing that we're going to dive into is why would we talk about doing android versus

iphone and the answer is kind of easy to to walk through android is significantly easier to get started with and there are a couple things that lead to this with android you have the ability to go through and take apart the applications that are available on the platform in such a way that you get very close back to working code and this has a lot to do with the fact that android uses java and kotlin as languages that compile down to what's called an intermediate language this language is then able to be taken and portable to a whole host of android devices where it can be run on the platform because the platform knows how to speak

that intermediate language because there is a two-stage process in this it means that it can run on a whole host of hardware but it also means that the intermediate language that's available there has to be easily broken down so that anything can use it it's a double-edged sword in this way and so through doing this we can actually take android applications and break them apart and get them as close back to the original java or kotlin as we really could um on iphones this is significantly more difficult because there is no intermediate language it all compiles down to really the code that is responsible for running on that native hardware for the iphone which means you have to do a lot more

assembly work which i find has a tendency to be a little bit more um a little bit more difficult for beginning students so what is an apk an apk is an application that is designed to run on any android platform and really we'll get more into this as we go on but the apk really contains a couple files that are interesting the first are these dex files and the dex files that are inside these apks really represent the running compiled code additionally we have an android manifest file we'll see more about this in a little bit and it contains all of the privileges that your application has as well as all of the hooks now it's interesting to

note that the way the android functions is there is effectively a single message bus and it allows applications to pass messages back and forth between these these are called activities um and we'll dive into more how you can get to those and affect them towards the end of the presentation additionally they also contain resource files as most android applications are designed for more than one language we need simple translation abilities and that really comes out of these resource files it also includes images and other potentially interesting pieces so we need to go through and get an environment working so there are two different paths that you can go down this the one that i would suggest is go ahead

and get yourself a android device if you can um any android device should work for this um the it really does help to have a rooted device but we don't necessarily need one to do it for analyzing apks it will become helpful whenever we get to the dynamic analysis now for what i do i use a samsung galaxy tab a um it costs about a hundred bucks and the reason that i have a super cheap android device for this purpose is i'm gonna load it with some pretty sketchy apps i go and download applications from some unreputable sources to go through and see if there's other pieces that have been added onto them as part of this and so you really don't

want to be using an android device that you're using in everyday piece because really keeping that device unrooted helps to keep it secure there are options though if you don't want to go out and purchase your own device jenny motion i think is probably the easiest of the virtualized solutions it really out of the package goes through and gives you a full piece um that allows you to go through and debug these things in real life the personal version is free of charge um if you want to take the hard mode and get things working a little bit easier it's uh you can go through and load up android x86 on a virtual machine you can do this using virtualbox and the

android x86 image i've had lots of success with it there are some tricks that you'll want to to definitely read up on setting the visual mode on virtual box will definitely help you to get a functioning uh android screen so the next piece that we're going to talk about here really is the android debugging bridge and all of the stuff that we're going to be talking with and working with through this really comes down to the ability for us to interact with the device and the adb really is that swiss army knife for handling all this now the nice part about it is they have a separate download for it so that means you don't have to download

the entire android sdk as part of this and you can get them on at the link mentioned above whenever you're ready if you're trying to connect locally you should be able to just plug in the device and do an adb device list and you'll get a full list of the devices that are attached if you are using a virtualized device you're going to have to connect to it by ip address which means you have to go into the device actually get the ip address of it and then once we have unlocked the device you will do adb connect ip address and then port 5555 and that will get it set if you're using genymotion you may run into some issues

actually doing direct connection to it unless you go out and purchase a license of jenny shell or jenny the gm so the first thing we're going to have to do in order to be able to interact with the devices we're going to have to enable developer mode now to do this on a mobile device you simply go to settings about phone options scroll down to the build number click it seven times and you'll see a toast message pop up that states that your device is now in developer mode once you've done that you should be able to connect to it using adb as part of this process all right to get our device into developer mode we're

going to go ahead and go to here and then we're going to search for our settings we'll scroll all the way down to the about tablet scroll all the way down to the build number and we'll click and you're now in developer mode you can check this by going back and you should now see the developer options in here and this will determine how you connect to the device and we're going to go ahead and turn on android debugging now that we have the android device set up and ready to go there are a couple ways that we can go through and do this if you've got a genuine device you can go to the play store

and easily download apks and we can pull them directly from the device this is probably the easiest and it also means that you're going to get the gold image you can also install the play store to a virtual image it's a little bit more complicated but definitely doable the next option is you can go and download third-party apks from a site like apk pure or some of those um it's entirely possible that these versions that are on these websites could have been modified and could include uh malware so if that's something that you're interested in searching for interested in going through um definitely a lot of these sites that traffic in third party applications outside of

the play store definitely have modifications to them and it makes it really interesting to work with the last option that you've got is you can download them from the play store using a chrome extension your mileage may vary here i haven't had great luck with this it seems like for some of the larger more well-known applications it seems to work really well for some of the more obscure ones and specifically the ones we might want to take a look at it's a little bit more challenging once we have this done we can use adb to connect to the device and once we connect it to the device we can actually go through and list the

packages and pull them you can do this individually using apk and effectively you can go through and you do a b adb shell list the packages select the package you want to do do an adb shell pull path and that will pull it down to your local device if you are on a windows or mac machine you can also use the shell script that i've included here and what it's going to do is it's going to go through and download all of the apks on the device so let's see how this works in practice okay so the first thing that we're going to do is we're going to list all of the devices that are connected to

the computer we're working with we see our samsung tablet there next thing we're going to do is we're actually going to go and get a shell on it to make sure that we're connected and it looks good so we see the internal operating system next we're going to go through and exit and then get back to our directory and we're going to run our script for downloading it what it's going to do is it's going to reach out to the device get a list of every apk that is installed on it and download it to your local machine this is extremely helpful because this can actually get you access to packages that are on the device that

are not necessarily uh visible and so you can find some very interesting pieces built into the operating system as part of this and they're easily caught because as you're looking through here you'll see some that are live listed under p r i v app and those are privileged applications meaning they're operating system based applications so in doing this you're not only getting anything that you've downloaded from the play store but you're also getting all of the apks that are associated with that device uh this will take a couple of minutes to run through uh depending on how many apks you have downloaded and the speed of your connection to the device but once this is done we should have a

list of all of the apks that are available for the device we can then take these apks and we will break them down so that we can take a look at the internals of them and actually go through and run uh some tests to see what we can find so we'll just wait for this to finish up and there we go and if we take a look and look the apks we should see they're all there so now that we have a whole list of apks what exactly do we have well whenever we start to break it down apks are just zip files you can literally go in rename the extension from apk to dot zip

and unzip the contents of these apks and what you'll find inside is an interesting directory structure of things that are set up and this is a standard format for what it's in so that the android application knows how to run on the device but there are some interesting pieces that you'll find inside these apks assets could include image files and pieces that are associated with it if you see a lib directory that means there are libraries that are associated with it these are usually c or c plus libraries that have been compiled you can go through if you've got the skill set and reverse engineer these individual libraries we have a meta info which contains some

pieces that we'll take a look at here in a little while you'll also see the common org directories these are associated with the directory structures that are built into the class libraries and we'll see this reflected whenever we actually go through and take a look inside some of our analysis tools additionally we have the resource files and those resource files contain uh translation information for one language to another the interesting part about this is you can also find interesting bits of information inside these resource files sometimes you'll find email addresses sometimes you will find ip addresses sometimes you'll find urls that can be very helpful in accessing um underlying systems that you know sit on top or sit underneath

the android application the manifest file is also listed here it's an xml document that contains all of the privileges that an application needs to run as well as all of the activities that exposes and the last part we're going to take a look at here is we've got these dot dex files now these text files actually contain the source code for the running application this is that compiled intermediate language information that we need to run and we're going to take more of a deeper look at this here in a little bit so the first thing that we're going to do is we're going to start working through some static analysis and whenever we talk about static analysis

what we're doing is we're taking a look at the contents of the package as it was packaged up and sent out and the goal of this is really to find as much information in the reconnaissance phase portion of this there are some really interesting and fun things that we can find as part of this um specifically while we're going through this things that we want to to kind of take note of are things like urls permissions strings on more than a couple of occasions i've found aws keys hard-coded passwords that have been stuck into these apks as well as services receivers and providers and we're going to talk about how you work with those in a little bit

but it's important to know that those three last pieces really indicate functionality that exists outside of the application so it's how it exists inside the android ecosystem to do this we're going to go ahead and use a tool called mob sf now mo the mobile security framework is a fantastic all-in-one solution that really makes this process super easy um and especially for android applications because we can just sing simply take an apk drop it onto the application and it's going to use a lot of tools to give us a report of everything that's capable and running there it's important to note that whenever we install this installing it via a docker image like we'll do here in a

moment you won't be able to do any of the dynamic analysis if you want to do dynamic analysis as part of it you're going to need to go through the installation process fully but really since we're just starting to begin on our android pen testing experience we're going to go ahead and keep this as simple as possible once you have docker installed we're going to go ahead and install mob sf now the fastest way to do this again is docker because it takes the entire installation process and boils it down to really two steps and once you've done this you should be able to stand it up and use most of these static analysis functionality

very very simply so let's go ahead and step through that process and take a look at what it looks like

all right so to install this we're going to go ahead and make sure that we've got docker running and the next thing that we're going to do is we're going to go ahead and pull the docker image down now this is a simple enough process takes a little bit of time to to get going and as part of that we're going to go ahead and if you're not aware of what docker is and how it works it's a structure for running a sub vm so this is running just the absolute bare essentials that are necessary for an operating system and really functions as a super thin lightweight vm i say lightweight in the joke here because i'm pretty sure

that once we get done with the secure mob sf install the image actually takes up about 500 meg but with that said it's still significantly smaller than if we tried to install this into a virtual machine so we're going to go ahead and let this install for a bit and we will come back as once we are done

now that we have it finished downloading we're going to go ahead and actually run the docker image um this is simple enough to do i have something currently running on port 8000 so i go ahead and move it over to 8001 but running through this is actually quite simple once we're done we'll go ahead and start it and that should give us a running instance of mob sf running on port 8001 on our local machine

so at this point now that we have mobile sf installed we can go through and get the main core of what we're going to use for static analysis this is source code and source code again from the very top level is the main piece that we will use for static analysis it offers a wealth of information about the app how the application works how it runs the things that it connects to um and gives us an ability to go through and start looking for things that we can break as part of our pen testing exercise now as we're going through this and looking through mob sf there are a couple things that we're going to want

to look through as part of this and the big ones that we're looking for in this space are a lot of the items we listed before so things like uh hard-coded secrets those type of things but additionally now that we've got the source code to look through we can also look for things that will be more helpful in allowing us to go through and break the application specifically if we've got unvalidated inputs these are solid gold for doing android penetration testing if you can supply some sort of input into the application that it wasn't expecting you should be able to break it in a fun and interesting way um additionally we want to look for api

endpoint behaviors this can tell us how the application runs if it's got server-side components code behavior uh as we go through and take a look at it you know we as developers people go through and expect code to work in certain ways and we'll especially see this whenever we start talking about some of the activities that are based on the device and really there are assumptions that have to be in place whenever we build these applications but whenever we start talking about things that we expect where points where we expect code to talk to code generally the definitions are very rigid and not well covered as part of that and so we've got some interesting opportunities

to break into that so let's go ahead and flip over and take a look at mob sf and take a look through all of the different pieces of information that it gives us okay so we've got malbus f loaded up into our web browser we're going to go ahead and copy across an apk this is diva we'll talk a little bit more about what diva is here in a little bit but it's simple drag drop once you drop that apk and you can use any of the apks that we pulled off the device it'll give you a nice report about this now it includes everything from security scores to the hashes of the files it'll show us the activities that are

used by the application we can talk about exploiting those in a little bit additionally it also gives us a full list of all of those resource files going back through it we can also take a look at providers providers are another piece that we can go through and exploit as part of this process it gives us all sorts of information it will also go through and do rudimentary malware analysis to see if there's malware involved in it as well as giving us a list of all the domains and some information about where those domains go whenever we go in it can also give us information about shared libraries that are involved and what pieces can be exploited as part

of that additionally we have our android manifest file this is that xml file that tells us everything about how the application works and the last piece that we're going to go through and take a look at is we actually get direct access to source code and so this is the genuine java files used to build the application we can look through the code and we can see pieces that go into this

finally it has the ability to do reporting in some pieces along that lines additionally if you want to do dynamic analysis you have to install a full version but we can do other things without that so once we've gone through and spent some time digging around in the underside of the application and being able to actually take a look at the source code and everything that's running kind of underneath that ui layer the next piece that we're going to want to do is we're going to do some what's called static or sorry dynamic analysis dynamic analysis really is the process of taking a look and attempting to tamper with the application in real time when it's running the goal

of this is to find those security issues that exist in the application as part of that process so the first part we're going to take a look at really is capturing the logs now if you've got a working android device and we've got it hooked up we can easily go through and get a list of the logs that are being logged out to the debug process on the device um and it's amazing how much information you can actually go through and retrieve by running just a simple log off the device um so there are two pieces that we're gonna took here once you've got adb installed and you've got it working properly we can do logcat

logcat is going to give you debug messages for everything that is currently going on on the device and this is very very noisy so what you will want to do is instead of getting a log cat of everything on the device we're going to want to grab that and limit it down to the package name and you notice here i've called out com.android.com so this will only give us information on the device as chrome is running and give us just that piece of information it really helps it to make it easier to digest and catch things as they're going through this will help us with information as we're going through and breaking the applications because we'll see

exceptions pop up whenever we do things like introduce unvalidated inputs okay and so since we're talking about input validation as part of this some of the stuff that we uh need to go through you know the oauth top 10 is still very valid on mobile devices in fact they have their own version of the oauth top 10 for mobile but a lot of the same tactics that we would see and we would use penetrate and doing penetration testing on web applications we'll see works here things like sql injection cross-site scripting and since you have the source code that's actually working underneath these applications you can go through and find those places in the application where validation isn't being done

properly and supply source code that will specifically break that one of my favorite processes is if you go through the code you find a case statement where it's saying if this value is equal to 1 then do this if it's equal to 2 do this look for a situation where you can introduce a value that's outside of that range and then see how the application behaves so if it's expecting a value of 1 through 10 try supplying 11 or maybe negative 1 and see what you get out of that okay so for the next thing we're gonna do we're gonna actually get a copy of the logs as they're running on the device to do this we do adb log cat and as you

can see even on a just simple device there's a lot of information so we're gonna hit ctrl c to exit out of that and we're gonna narrow it down using grep to just get the information from the packages that we're looking for this will help us to have a much more sustainable view of what's going on inside the application so that we can go through and debug it during the process the next activity that we're going to talk about is attacking it is attacking the activities like i said all of the messages and interactions between android devices and the android system happen on the android message bus and really to make this happen we can do

this from our local machine by sending through adb shell commands and specifying we want to start an activity or we want to query some content on the device and this in a lot of ways bypasses a lot of the security for android because developers aren't really expecting us to interact with the applications this way and by doing these things we may be able to start things out of process or get them out of sequence or extract information from a secured portion of the application that is secured through the ui but not necessarily secured against direct query by doing this it allows us to really get into the base of the application and dive into some of those really nasty

vulnerabilities that we can find here all right the last thing that we're going to talk about as part of this process is actually getting shell on the device once you get in there again android is just a linux system and once you get shell on there it's easy enough to navigate around and you can actually go through and do this now if you're working with a rooted device or you've got custom firmware you can do this and get shell directly as root um and to do this you do adb root instead of adb shell you do adb root and then you do adb shell and that will give you a root shell and really at that point everything is

wide open you have full access to the operating system and everything that's there so once we do adb shell we can go through and we can do listing the directories and we actually want to find those packages on the device now the interesting fun part about this is there are applications that store things directly to the device and they store information directly in there and what may end up happening is you may find things like access tokens being stored there or data that's being stored into these databases for these android applications and so to really access this information once we have the rooted device we can navigate to slash data slash data slash the package name and that will

give us the root of that package going through the root of that package we can find all sorts of interesting information additionally the slash databases directory has all of the databases for that particular instance of the android application all of these databases are going to be simple sql lite databases and you should be able to go through them if you find that the database is encrypted go back to the application and look for that encryption key the the magic can't come out of nowhere it has to be somewhere on the device and this really helps us to get to that we move it to a root but since this is a production device this my samsung tablet

you're not actually going to be able to get root on the device um again this is something that's easy enough to do if you've got a virtual machine running or if you've got a rooted android device so the last part that we're going to talk about as part of the dynamic analysis i would be doing a great disservice to you if i did not talk about free to js free2js is a tool that if you have a rooted device you can install directly to the device if you do not have a rooted device or the application that you're using checks for devices being rooted you can actually embed freeda in a recompiled version of the

apk freejs allows you to go through and actually hook the processes of a running application to inject information into the application as it's running this can be intensely powerful for going through and doing dynamic analysis this is a great way for you to get hooks in to see the communications path for those activities so that you can get the direct format that they're looking for whenever you do that so that you can use it for fuzzing um this is an incredibly powerful tool i recommend you go out and take a look at the information that's out there on the internet about it um it is such a powerful tool i really can't do it justice covering it in this

presentation because it easily has an hour-long presentation in and of itself so definitely you should take a look at freda and see what you can get out of it all right for this one we're going to bring it all together by showing the diva application for android it's an insecure application that helps us to learn how to do penetration testing and for this we're going to be using the emulator android emulator that ships with the toolkit be sure to get the version that uses the api and not the play store otherwise you won't be able to root the device so here we see that we're connected to the device and then we're going to go ahead and get

shell and we see that we have a standard user shell so now we're going to go ahead and root this device and whenever we log in to our shell this time we should get a root shell we see it right there so we are set and ready to go so let's go ahead and exit that and the first thing that we're going to have to do is install the diva application and this can be done from the adb by using adb install i have it previously downloaded so i'm going to go ahead and point it to my downloads directory and the apk that i want to have installed and it is now installed so let's go

ahead and start up the diva application and in here we've got a series of challenges that go through and explains to us each of the things that we're going to do the first one we're going to take a look at here is the insecure logging and we talked earlier about how you can use adb to blog to cap all the logs so we're going to use that here and we're going to go ahead and start adb log cat and again we are forced to look through mounds of information um and we can see that we're going through tracking back and forth to try and see if we can find something that looks like diva and unfortunately looking through these

logs we aren't going to find anything because it hasn't actually logged anything out yet but what we can do is we'll go ahead and try an action on it and see until we can get something that we know looks good so let's go ahead and restart our log cat and this time we'll type in information into the credit card field we'll hit enter and it says there's an error usually if there's an error there's a good chance that there's a log that's associated with that error so we should be able to find it and there we go font diva log and we can see that it's actually logging out the credit card information directly to the terminal

so let's go ahead and slim this down so that we can actually find it a little bit easier and we will search for diva and we see the previous error messages that came up and as we type in information we can see clearly that it's logging directly out to that this is a good way to get information while you're going through a debugging processes so let's go ahead and kill that and we'll take a look at the next challenge that's involved here

hard coded issues and say find out where it's hard-coded and taking a look so the first thing that we're going to do is we're going to take a look at where we ran diva through mob sf earlier and we should be able to go in here and look for the source code and luckily because this is a fairly straightforward we should be quickly able to find the hard quoted activity and we can find where it's got the actual secret key listed directly in the source code and that unlocks our second challenge

now we're going to go ahead and take a look at this and it says find out how in credentials are being stored and what we're going to do is before we actually do this activity we're going to go ahead and take a look at the source code that produces it conveniently named insecure data storage activity one and we can see in the code where it's actually storing that value out to the shared preferences now from this point it would be easy for us to go out and look up how shared preferences work and how they're stored we can also go through and look at different activities in the source code to see how they interact with those individual

pieces as part of this in order for us to get the most out of this we don't see anything else that looks like it's something that we would want to take a look at so let's go ahead and dive into the shell and make sure we get a baseline for what's available so we'll go ahead and navigate to our data directories and then look for the diva application as we can see most everything that's on this device is coming straight from android so it should make it fairly easy and quick to find so if we let's see here scroll down there we go and there's the diva application so let's go ahead and navigate into that directory

and really at this point we're just looking around to see what's available in each one of the directories so that whenever we can come back we can actually see what is changed when this information is saved sometimes whenever we do these saves it will create an extra file which will make it a little easier for us to find but you may have to do some more information more digging to figure out what's there at the base of the install before we run the application so from this point we're going to go ahead and navigate around just to find stuff and went a little too far so let's go back all right so let's navigate back over to

the application and we'll go ahead and pull that up again just to make sure that we're seeing it and once we go through we can then start entering information directly into the application

and then we'll save it now we're going to navigate back to our file system and all of a sudden we notice that there's now a shared preferences directory present and if we look at that we see that there's a file there so let's go ahead and cat out that file and there we go we have our stored secrets that are available in plain text on that drive so how you store information in android is as much important as how you access it so let's go ahead and take a look at insecure data storage number two and we're going to go ahead and fill in the values here since we've got a good idea of what we should be looking for

and we will go back to our navigation and take a look around to see what's changed in the databases there's a new directory or a new file there that's called ids2 so just taking a guess i say think that says insecure data storage number two we find out that it's a data file so if we cut it out we see a lot of sql in there so knowing that it's sql we can go ahead and use sqlite to access the contents of the file but we can already see that the credentials are in clear text right there so let's go ahead and do this right and we will log into sqlite into the ids and then let's do

a table listing and we see there's my user so let's go ahead and select star for my user

and there's our key pair that was stored into the application so from here let's go ahead and wrap this up okay so this brings us into the kind of home stretches here and kind of what direction do you want to go with what you just learned um so what can you do with the new skills that you've got well if you're a developer and you have this understanding you can turn it around and help to build more secure applications and ultimately that's what we would be looking for from the development side these applications are out there these skills as you can see are not terribly difficult to gain so it's really easy for attackers to go

after applications um additionally you could turn these skills into helping teams who are developing open source projects and teams that are developing commercial products make their mobile applications more secure by going through and finding these bugs in the software before people who would look to weaponize it additionally you can hunt malware android malware is something that is fairly prolific there are some fantastic sites which we'll talk about in a quick moment but really this is a space that is kind of wild west this stuff is out there um everything from down in the actual root operating systems for devices that are coming from malicious areas or if you've got you know software that's just looking to be broken additionally if you

want to take this the next step further and take it from a red team's perspective what you've learned very quickly can give you access to some of the underlying elements of an android system additionally we didn't go into it very much in depth but inside that lib folder of course is c and c plus plus code if you have an android application that's calling directly out to those libraries you can actually escape the sandbox of the android system the way you would any other sandbox and so finding the right application using a weak library this way you could easily use an android application to exploit the base of the operating system and go after the device itself

so if you want to continue going down this path um some great sites for you to kind of head and take a look at um xda developers is everything android from custom roms to hardware hacking they this is a fantastically welcoming community that has a lot of information out there if you're interested in going and taking a look at the stuff from the malware hunting side there's kudos which is a community of people who are striving to develop yara rules for building or for detecting mobile malware cuckoo sandbox is another one if you're looking to get into kind of the mass testing of this it was originally designed for testing for mobile malware but this

really is a much larger piece and you can really automate a lot of the searching process and functionality for testing using these tools for hands-on training you saw a little bit of us working with diva diva is a fantastic tool i use it for teaching developers about these types of security issues in that same vein there is also the dv hma which is a hybrid mobile application which is using both a web service component as well as some html uh android components to do communication directly across it so you can see the connection between just exploiting what's on the device and then taking it to the next level and using that information to actually go after

underlying services if you're looking at reading i the android security internals book is fantastic it is definitely worth the read um the android hackers handbook that's out there is good the one thing that i will say is we're all kind of sitting around waiting for the next edition of this book um it's a fantastic resource it's just kind of the information and it's kind of old and doesn't necessarily apply to the newer versions of android where a lot of things have changed so in summary what can we do with all this hopefully i've given you a good overview of the beginning to kind of the up and running stages of what it takes to get into android

application application testing this is a fantastic area if you are looking to start in the application penetration space there aren't enough mobile testers out there and this is an area that is quickly becoming a very necessary skill set to have inside the industry because a lot of these applications of course are moving to mobile applications and it goes beyond just the you know twitters and facebooks and instagrams of the world um companies are desperately looking for testers to help give them more secure solutions as they are delivering more enterprise products designed for the mobile space in this space we learned a little bit about static analysis there's definitely an entire roadmap that you can head down in that direction

they can help you to understand the functionality of the application by understanding how to read the source code and understanding the permissions and every piece that is associated with that additionally dynamic analysis can give us an understanding of what's going on in the application as it's running if you're looking to get into mobile malware testing and trying to do malware hunting this is a fantastic place to look even if you're looking for credential leak or possible issues associated with the application and a running state dynamic analysis is definitely a great place to spend your time and with that said it brings me to the end of my talk it has been fantastic to sit down and talk with you all today

and present please remember to rate your speakers i do my absolute best to make sure that i am never wasting anybody's time whenever i speak and because that i need feedback on what you thought was good what you thought was bad even if it's just to stop in and say hey i just thought it was just okay that tells me that i need to go out and do some research to improve things so definitely please rate your speakers myself included and lastly i'd like to thank our sponsors for having us here today because otherwise without them this wouldn't have happened with that said i'm going to go ahead and sign off i will be in the channels to just take questions

and i will do my best thank you

thanks james uh questions will continue to be answered in the track one channel on discord and we'll be back in 2 30 in about 10 minutes for the next session thanks