Android Security: Attacks and Defenses (Hardcover)

Introduction
Why Android
Evolution of Mobile Threats
Android Overview
Android Marketplaces
Summary

Android Architecture
Android Architecture Overview 
     Linux Kernel 
     Libraries 
     Android Runtime 
     Application Framework
     Applications
Android Start Up and Zygote
Android SDK and Tools 
     Downloading and Installing the Android SDK 
     Developing with Eclipse and ADT 
     Android Tools 
     DDMS 
     ADB 
     ProGuard
Anatomy of the "Hello World" Application 
     Understanding Hello World
Summary

Android Application Architecture
Application Components 
     Activities 
     Intents 
     Broadcast Receivers
     Services 
     Content Providers
Activity Lifecycles
Summary

Android (in)Security
Android Security Model
Permission Enforcement?Linux
Android’s Manifest Permissions 
     Requesting Permissions 
     Putting It All Together
Mobile Security Issues 
     Device 
     Patching 
     External Storage 
     Keyboards 
     Data Privacy 
     Application Security
     Legacy Code
Recent Android Attacks?A Walkthrough
     Analysis of DroidDream Variant 
     Analysis of Zsone 
     Analysis of Zitmo Trojan
Summary

Pen Testing Android
Penetration Testing Methodology 
     External Penetration Test 
     Internal Penetration Test 
     Penetration Test Methodologies 
     Static Analysis 
     Steps to Pen Test Android OS and Devices
Tools for Penetration Testing Android 
     Nmap 
     BusyBox 
     Wireshark 
     Vulnerabilities in the Android OS
Penetration Testing?Android Applications 
     Android Applications
     Application Security
Miscellaneous Issues
Summary

Reverse Engineering Android Applications
Introduction
What is Malware?
Identifying Android Malware
Reverse Engineering Methodology for Android Applications
Summary

Modifying the Behavior of Android Applications without Source Code
Introduction 
     To Add Malicious Behavior
     To Eliminate Malicious Behavior 
     To Bypass Intended Functionality
DEX File Format
Case Study: Modifying the Behavior of an Application
Real World Example 1?Google Wallet Vulnerability
Real World Example 2?Skype Vulnerability (CVE-2011-1717)
Defensive Strategies
     Perform Code Obfuscation 
     Perform Server Side Processing 
     Perform Iterative Hashing and Use Salt 
     Choose the Right Location for Sensitive Information 
     Cryptography 
     Conclusion
Summary

Hacking Android
Introduction
Android File System
     Mount Points 
     File Systems 
     Directory Structure
Android Application Data
     Storage Options
     /data/data
Rooting Android Devices
Imaging Android
Accessing Application Databases
Extracting Data from Android Devices
Summary

Securing Android for the Enterprise Environment
Android in Enterprise 
     Security Concerns for Android in Enterprise
     End-User Awareness 
     Compliance/Audit Considerations
     Recommended Security Practices for Mobile Devices
Hardening Android
     Deploying Android Securely
     Device Administration
Summary

Browser Security and Future Threat Landscape
Mobile HTML Security 
     Cross-Site Scripting
     SQL Injection
     Cross-Site Request Forgery 
     Phishing
Mobile Browser Security 
     Browser Vulnerabilities
The Future Landscape
     The Phone as a Spying/Tracking Device
     Controlling Corporate Networks and Other Devices through Mobile Devices
     Mobile Wallets and NFC
Summary

Appendix A
Appendix B
B.1 Views
B.2 Code Views
B.3 Keyboard Shortcuts
B.4 Options

Appendix C
Glossary