What are Broadcast Receivers? A broadcast receiver is a component in Android applications that allows the system to send events to applications that are not part of the standard user stream. Broadcast receivers are set up to receive specific events. When the event occurs, the receiver is called, and tasks such as displaying a message...
In the previous blog, we described the Drozer tool; in this blog, we are going to discuss Content Providers. What are Content Providers? Content Providers are a crucial component of a relational database because they enable the storage of application data. In the Android system, the role of a content provider is similar to that...
In this blog, we are going to discuss the Drozer tool for pen-testing Android applications. What is Drozer? The Android evaluation tool, Drozer, was introduced in March 2012 at Blackhat EU under the name Mercury. Its primary goal was to dissuade the prerequisite of building specialized apps merely for the purpose of testing a specific...
In this blog, we are going to talk about Tapjacking and how it operates. In addition to that, we are going to learn about free-floating windows. The Android operating system is based on the Linux operating system and was designed with great aspirations. Android is typically seen to be at least as secure as a...
In this blog we are going to discuss Broken Cryptography in Android Applications. When application developers wish to use encryption in their apps, they have to be aware of broken cryptography attacks. This blog discusses how vulnerabilities caused by faulty encryption might be introduced into Android apps. We’ll also look at some of the ways...
Part 1 of “Android Pentesting Methodology” covered Android architecture. Part 2 covered APKs, basic app reversing, and popular debugging tools. In this blog post (part 3 of the same series), we will examine static analysis and dive into the inner workings of the AndroidManifest.xml file. Static Analysis Static program analysis is the analysis of computer...
In part 1 of the “Android Pentesting Methodology” series, we briefly discussed the Android architecture. In part 2 of the same series, we’re going to explore what APKs are, start reversing Android applications and discuss popular debugging tools. Android is a very developer-friendly platform (OS). Unlike other mobile operating systems, Android is an open-source platform that allows...
In this blog, we’ll discuss Android architecture and the different layers of Android architecture. This blog is part 1 of the “Android Pentesting Methodology” series and forms a basis for our upcoming blog. Before we get into the nitty-gritty of the Android Pentesting Methodology, it’s crucial to understand the inner workings of the Android platform. ...
This is a continuation of the previous blog post – see SSL Pinning Bypass for Android Apps. If you haven’t already, please go check it out. Assuming you’ve set up Frida, we can proceed further to bypass Android root detection using Frida. What is a rooted Android device? Android rooting is a technique that allows...
What is SSL pinning? Mobile apps commonly use SSL to safeguard transmitted data from eavesdropping and tampering while communicating with a server. SSL implementations in apps trust a server that has a certificate-which in turn is trusted by the operating system’s trust store (by default). The operating system includes a list of certificate authorities in...
