Learning Pentesting for Android Devices

by Aditya Gupta

This is an easy-to-follow guide, full of hands-on and real-world examples of applications. Each of the vulnerabilities discussed in the book is accompanied with the practical approach to the vulnerability, and the underlying security issue.This book is intended for all those who are looking to get started in Android security or Android application penetration testing. You dont need to be an Android developer to learn from this book, but it is highly recommended that developers have some experience in order to learn how to create secure applications for Android.

154 pages, ebook

First published January 1, 2014

Reviews

[Alin · Rating 4 out of 5]

It doesn't go into great detail or explores in-depth pentesting techniques, but it's good as a prerequisite to other more advanced readings.
It covers the basic needs and it's enjoyable.

[Fabio Radin · Rating 5 out of 5]

I really love this book! "Learning Pentesting for Android Devices" is a book for all curious guys that want to understand how things are working inside their Android device. The goal of the book is to explore which vulnerability and issues could be present in an Android application and how to prevent and to reveal them. This is just an interesting argument, but what is really more interesting is the way to reach this goal: becoming for a couple of hours an "hacker" and jump on the dark side of the development! Yes, because decompiling, reverse engineering, exploiting and attacking will be really more clear to you after reading this book!

The book starts with a couple of chapters about Android howtos: what is an Android app, how it is generated and which tools should be used to achieve the goal. After that, Aditya brings you on the reverse path: in chapter 3, starting from an app, he brings you to the source code! There is a very clear description about which tools could be used, how to use them and which limits you could experiencing during this adventure. In chapter 4, the classical network attacks are explored: network traffic analysis, proxy interception, man in the middle and so on.

More or less after an half of the book, Aditya starts with a very not so common description of Android vulnerability and attacks (from the device point of view!). This is really uncommon and very very interesting for understanding how the Android phone you have in pocket is made. A specific chapter is dedicated to SQLite, one of the most common SQL database deployed in several millions of devices and to the WebView, one of the most common Android widget.

In the end, even if this book is for every developer with a basic knowledge about Android programming, I must suggest it to everyone has intention to start and develop an Android app. Your app will be surely more secure in the end and there will be no risk about finding the source code of your app in internet!

[Murat Aydin · Rating 5 out of 5]

The book is a very nice introduction to pentesting for Android Devices. It is very easy to follow the book and you dont need to open your notebook to follow the book. It covers many aspects of security of apps and devices. Some topics covered are reverse engineering, network traffic analysis, auditing android apps, etc..Both novice and experienced Android developers can read the book. In every chapter, one aspect of android app or device security is discussed. Tools used for security and pentesting are introduced and usage of the tools are shown step by step. I learnt many new information and tools from this book. In the last chapter it has even a template for pentesting report. I recommend this book to people who wants to get introduced to android security and pentesting.

[Rama Krishna · Rating 4 out of 5]

This is a great book for those who would like to explore and experiment about android application and platform security. Authors have designed the book very well beginning with basics of android security architecture and going deeper into the nuances of the platform security. The tools that are explained here really helps the testers for auditing and perform reverse engineering the android applications and also helps in understanding different kinds of android vulnerabilities and attacks.

[Abigail Armijo · Rating 4 out of 5]

I like this book because the author introduces briefly with samples and tools the things that you need to know about the security. Contains the most common attacks reverse engineering, network traffic, include malicius javascript, sql injection, file permisson, and includes an example of a vulnerability test of an app.

[Wojtek Ogrodowczyk · Rating 3 out of 5]

Basic scope, lacks depth. A third of the book is just screenshots of installation process for various tools and the rest could be summarised in a few blog posts.