Securing Android: An In-Depth Exploration
Join me in "Securing Android: An In-Depth Exploration," where we tackle Android security through practical, hands-on challenges using "Damn Vulnerable Bank". Each chapter is designed to enhance your understanding and skills in identifying, exploiting, and mitigating vulnerabilities, offering insights into both common and obscure mobile security issues. This series is ideal for anyone eager to delve deep into the nuances of securing Android applications effectively. 📱🔐🔍
All Articles
Explore all 10 articles in this series, ordered from oldest to newest
Mastering Mobile Security: A Guide with Damn Vulnerable Bank
The article discusses using "Damn Vulnerable Bank" to teach mobile app security, focusing on setup, OWASP guidelines, and tools like APKTool and Frida for practical insights.
Comprehensive Android Security Testing: Patching, Objection, and API Backend
This article explores advanced Android pentesting: patching apps to bypass security, using Objection for real-time inspection, and configuring backends with Docker Compose. These techniques enable deeper analysis and better vulnerability detection.
Exploring Android File System and Log Vulnerabilities
In this chapter, we explored Android file system security using the com.app.damnvulnerablebank app. We identified JWT vulnerabilities and analyzed key directories. Next, we'll examine the app's encryption algorithm to see if we can access other users' data using JWTs.
Cracking the Code: Exploring Reverse Engineering and MobSF for Mobile App Security
In this chapter, we decoded server responses through APK reverse engineering, uncovering obfuscation techniques. We also introduced MobSF for automated security analysis, identifying vulnerabilities and enhancing the security posture of mobile applications.
Mastering Android Activity Hacking: Techniques and Tools
This article explores using Objection to investigate and manipulate Android activities. It highlights uncovering hidden features, exploiting vulnerabilities like insecure JWTs, and the importance of securing applications to protect against significant security risks.
Linking with Confidence: Securing Deep Links in Android Applications
Explore the power and security of deep links in Android. Understand traditional and app links, identify vulnerabilities, and learn to exploit them using the "InsecureShop" app. Secure your deep links with URL validation, strict intent filters, and HTTPS to protect against potential threats.
Cracking Android Biometric Authentication with Frida
In this chapter of the Android pentesting series, we implemented local authentication using the BiometricPrompt API and demonstrated how it can be bypassed using Frida on a rooted emulator. We highlighted the importance of securing authentication to prevent bypass attacks.
Securing Biometric Authentication: Defending Against Frida Bypass Attacks
This article explains how attackers use Frida to bypass biometric authentication and how to defend against it. By understanding the Android Keystore, CryptoObject, and encryption, we implement security measures to protect sensitive data and strengthen biometric authentication in Android apps.
Enhancing Android Security with Native Libraries: Implementation and Evasion Techniques
Native libraries in Android boost security by adding low-level defenses, making bypass attempts harder. Still, tools like Frida can evade these measures. The next chapter will cover advanced techniques, including reverse engineering, to overcome tougher security setups
Patching Native Libraries for Frida Detection Bypass
In this chapter, we learned to patch a native library to bypass Frida detection. We explored decompiling the APK, modifying the detection function’s flow, recompiling the APK, and testing the bypass, highlighting the limits of basic obfuscation.