Android Security Testing

Before Starting Android Application Security Testing we should know about Mobile Application Platform and their packages.

Mobile Platform
Mobile Application packages

A platform like Blackberry, windows are also moved to Android. So, here our main focus on Android Application security testing.

Basic Info. of Android Platform

  • Co-founder and former of Android:- Andy Rubin
  • First android release on 23 Sept 2008
  • core utilities are written in c,++ and its GUI is written in JAVA, Kotlin
  • code names:- jelly bean, sandwich, KitKat, Marshmallow etc

Setup Mobile Pentesting Platform

Appie Framework

•Android Pentesting Portable Integrated Environment
•Run on the host machine, not a VM
•1.5 GB
•Ready to use
•A large number of tools like Drozer, adb, apktool, dex2jar Wireshark, etc.

Run Appie.exe
Appie Console

Genymotion:

  • Android emulator
  • Runs on Oracle Virtual Box
  • Set adb path (C://Appie/bin/adb/sdk)

Here we need an Android device to assess apps. So for that, we need to create an Emulated Android Device and install Genymotion for that. We can download Genymotion from this link https://www.genymotion.com/fun-zone/  

We have to create an account in Genymotion website to use genymotion or install genymotion on your system.

After downloading the setup and installing on your system. Open settings in the Genymotion and then after inserting your credentials which you have registered on Genymotion site.

Genymotion Console

We can add an Android device emulator after clicking on Add option.

Add any Android Device

Now you also need to set adb path in Genymotion in order to use the virtual device with Appie.

  • Open Genymotion then click on settings.
  • Click on the ADB tab, select “Use Custom Android SDK Tools”
  • Then select the path of SDK folder which is located at C:/Appie2/Appie/bin/adt/sdk
SDK Path

Android Studio

  • ProGuard integration and app-signing capabilities
  • Template-based wizards to create common Android designs and components
  • Android Virtual Device (Emulator) to run and debug apps in the Android studio.

Here below is the link to learn about Android studio: https://www.embarcadero.com/starthere/xe5/mobdevsetup/android/en/creating_an_android_emulator.html

Note: if you don’t like to use Appie or any other emulator explicitly, then we have a Santoku OS which is used for Android device & application security testing, malware analysis & Mobile Forensics. Santoku OS has built-in SDK emulator.    OR We can also install tools like dex2jar, jdgui, adb, apktool, drozer in any other Linux utility like Kali, Parrot, Backbox etc