Advanced Android Security

2 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 52 votes, average: 5.00 out of 5
Please Log in or register to rate

Advanced Android Security


In this comprehensive hands-on course, combining both Android Application Security and Android Enterprise Security modules, you will learn Android security at all possible levels, from the bootloader, through building Secure Applications, and via the end-user security and Enterprise Mobility Management.

We will learn to harden both the Operating System (for device builders), and the application code itself, to protect both the organization’s Intellectual Property and the user’s personal data , and will also learn to take advantage of Android Provisioning services to support an IT manager perspective. The course is intended for developers, or former developers with practical Java experience. No previous Android experience is required, but it is highly recommended.

Note: The course is based on the Marshmallow version. Earlier versions can be targeted without additional cost, upon customer request.


Target Audience:
∗ Mobile Developers, IT Managers, Security Personnel with Java experience.
∗ No previous Android experience is required, but it is highly recommended.

Course Topics

Android Overview – Design considerations

Android History
The android ecosystem: Partners, Entities, Design, Approach, Licensing

Android Overview – Bottom up discussion

Hardware overview: What makes an Android device
Linux Kernel boot process and provided functionalities
Native User Space: Init services, daemons, executables and libraries
Enabling Java (Dalvik + ART)
JNI bridge layer
Java OS Layer (Android Frameworks)
Application (APK) Structure
System Applications
User Applications
Google Play Services
Android IPC terminology by example: Browser, Maps
Introduction to working with the AOSP: How and where to find what

Android Platform Security

Linux driven security sandbox
OS and binary protection and exploitation: ASLR, PIE, DEP, RoP et. al.
Android hardware related permission enforcement
SELinux on Android
Data partition forensics protection via Internal and external storage encryption
Secure Boot
Android Signature model and verification:
Android application sandbox: Single and multi physical user.
Android Permissions
Android Security Patches

Security terminology and real-life attacks, “breaking Android”:

Glossary attack vectors, attack surfaces, vulnerabilities and exploits
Privilege escalation attacks – theory and practice
Dynamic code loading attacks and mitigation
Binary exploitation and device rooting
Remote exploitation and DoS attacks
Signature based attacks
SE Linux discussion
On device Anti-Virus and Anti-Malware building techniques

Penetration Testing and Dynamic Analysis

Android “debugging”: Introducing am, pm, wm, service, procfs, sysfs and friends
Android Penetration testing tools
Finding exposed application components
Android fuzzing tools by example: fuzzing the Stagefright framework
Penetration testing and exploitation with drozer/metasploit

Reverse-Engineering Applications and Static Analysis

Android application installation process, paths, optimized bytecodes, ELF types
Dalvik bytecode structure and ART binary format
Decompiling/disassembling ART and Dalvik based files
Rejoining and decompiling /disassembling optimized byte code
Unpacking APK resources, repacking, resigning
Applying Android lint tool, and other commercial static analysis tools
Disassembling vs. Decompiling: Tools and strategies: where to spend your time?
Survey of opensource and commercial tools and analyzers
Off device Anti-Virus and Anti-Malware building techniques

Android Application Secure Coding I: Code and app behavior

Code protection techniques
SQL Injection and protection from it
Manifest level component access control
SELinux and Middleware MAC
IPC level runtime component access control
Webview and Javascript protection/restriction best practices for hybrid apps
Protecting from other applications, protecting from user judgement
Dynamic loading attack prevention (DEX, .so and .js)
Dynamic permission control best practices
Introduction to Android cryptography: BouncyCastle, BoringSSL
Protecting WebView code
Security Provider live-patching using ProviderInstaller
Applying Android lint tool, and other commercial static analysis tools

Android Application Secure Coding II: Securing User and Application data

Android Storage layout – what’s open and what’s not
SQLite inspection and protection with CQLCipher
Introduction to applied cryptography
Android Applied cryptography

Android Application Secure Coding III: Secure Network Communications

Network privacy dangers: Packet sniffers and interceptors. MITM attacks
Certificate Authority (CA) Chain of trust: A solution and the introduced problems
Secure communication with TLS/SSL
Encrypted network privacy dangers: Sniffers and interceptors. MITM attacks
CA management in Android: Platform and application management
Custom TrustManager’s and Certificate pinning
IP layer security, introducing VPN API

Enterprise Mobility Management: Android for Work

Enterprise Mobility Management (EMM) – definition and market survey
EMM: The IT manager vs. the private user
Device administration APIs – an IT manager biased arsenal
Work profiles – the compromise between the IT and the user
Application restrictions
Dynamic Permission enforcement (API Level >= 23)
Device provisioning: Apps, networks, etc.
Per platform and Per app Virtual Private Networks (VPNs)

Detailed Course Outline

Advanced Android Security detailed syllabus

© Copyright - Skilit - Site by Dweb