Android Penetration Testing Part 4

A presentation at Android Penetration Testing Part 4 in March 2022 in India by Raja Nagori

Slide 1

Slide 1

Android Application Penetration Testing Raja Nagori

Slide 2

Slide 2

ANDROID ARCHITECTURE & WORKING OF APP

Slide 3

Slide 3

Android Fundamental • Based on LINUX Operating System • Commands like • ls • mv • cd • whoami • cp • etc

Slide 4

Slide 4

Android Runtime (ART) • ART is kind of a translation layer from application’s bytecode to device information. • For every application there is a own sandbox virtual machine. • Similarly, in the file system there is separate application system which is creating by new user for respective application.

Slide 5

Slide 5

Android Identity and Access Management • As each application has it’s own user. • Those user will assign an user ID which ranges from 10000 to 999999 ( like u0_a178 means UID is 10178) • Application 1 • /data/app/com.example.app – generic application data • /data/data/com.example.app – runtime storage data • /mnt/sdcard/Android/data/com.example.app – externally stored location for runtime • Application 2 • /data/app/com.example.app – generic application data • /data/data/com.example.app – runtime storage data • /mnt/sdcard/Android/data/com.example.app – externally stored location for runtime

Slide 6

Slide 6

Android Architecture • Layers of Android Architecture • Linux Kernel • Hardware Abstraction Layer • Libraries • Java API Framework • System Apps

Slide 7

Slide 7

Android Architecture Linux Kernel • Link • Support for different types of CPU in 32 bit and 64 bit architecture • Android Manifest file of each application mentioned the version of the Android using at that time. In short SDK version of the APK

Slide 8

Slide 8

Android Architecture Hardware Abstraction Layer • Layer allows to access the hardware component of the device • For example • QR code scan to initiate the payment process • To scan a document using the built in camera in mobile device. • If you using snapchat 😉then you allow the location to the application. • The NFC card again such a great service in TODAY’s devices • And many other things….

Slide 9

Slide 9

Android Architecture Native C/C++ Libraries • Webkit : A built in web browser for the application • For example any mutual fund application. • Media Framework • OpenGL and OpenMAX AL these are the UI framework for 2D and 3D model or design

Slide 10

Slide 10

Android Architecture Java API Framework • Basically it allow your application to interact with the other application or services running in your mobile devices • Content providers • Activity • Intent • Location • Package

Slide 11

Slide 11

Android Architecture System Apps • Well system application are those which is pre install in the mobile devices • Phone • Email or Gmail • Camera • Calendar • Etc

Slide 12

Slide 12

See you on next chapter of this series