Before Starting Android Application Security Testing we should know about Mobile Application Platform and their packages.
A platform like Blackberry, windows are also moved to Android. So, here our main focus on Android Application security testing.
Basic Info. of Android Platform
- Co-founder and former of Android:- Andy Rubin
- First android release on 23 Sept 2008
- core utilities are written in c,++ and its GUI is written in JAVA, Kotlin
- code names:- jelly bean, sandwich, KitKat, Marshmallow etc
Setup Mobile Pentesting Platform
•Android Pentesting Portable Integrated Environment
•Run on the host machine, not a VM
•Ready to use
•A large number of tools like Drozer, adb, apktool, dex2jar Wireshark, etc.
- Android emulator
- Runs on Oracle Virtual Box
- Set adb path (C://Appie/bin/adb/sdk)
Here we need an Android device to assess apps. So for that, we need to create an Emulated Android Device and install Genymotion for that. We can download Genymotion from this link https://www.genymotion.com/fun-zone/
We have to create an account in Genymotion website to use genymotion or install genymotion on your system.
After downloading the setup and installing on your system. Open settings in the Genymotion and then after inserting your credentials which you have registered on Genymotion site.
We can add an Android device emulator after clicking on Add option.
Now you also need to set adb path in Genymotion in order to use the virtual device with Appie.
- Open Genymotion then click on settings.
- Click on the ADB tab, select “Use Custom Android SDK Tools”
- Then select the path of SDK folder which is located at C:/Appie2/Appie/bin/adt/sdk
- ProGuard integration and app-signing capabilities
- Template-based wizards to create common Android designs and components
- Android Virtual Device (Emulator) to run and debug apps in the Android studio.
Here below is the link to learn about Android studio: https://www.embarcadero.com/starthere/xe5/mobdevsetup/android/en/creating_an_android_emulator.html
Note: if you don’t like to use Appie or any other emulator explicitly, then we have a Santoku OS which is used for Android device & application security testing, malware analysis & Mobile Forensics. Santoku OS has built-in SDK emulator. OR We can also install tools like dex2jar, jdgui, adb, apktool, drozer in any other Linux utility like Kali, Parrot, Backbox etc