Module 5: Android Application Package

Table of Contents

Overview of Android Application Package

• APK files are used by Android OS for distribution and installation of mobile apps.

Understanding APK Reverse Engineering

• Analyzing compiled apps to extract source code information.
• Tampering involves changing an app or its environment to affect behavior.

Understanding APK Investigation and Analysis

• Static analysis entails source code review of the APK.

Mobile Forensics Laboratory Activity

• Conduct forensically sound investigations of APKs.
• Learning outcomes include identifying Android application penetration testing importance and APK structure.

Lesson 1: Android Application Building Process

Android Application Package Structure

• APK files are zip files renamed as APK for executability by Android OS.
• Built using Android Studio and Gradle system, using AGP for the build process.
• APK components include:
  • Android Manifest: Binary XML file containing app permissions, API levels, and launcher class.
  • Resource Files: Include assets and UI designs.
  • META-INF: Contains signed certificate; needs resigning after changes.
  • Classes Dex File: Contains bytecode, disassembled using tools like Baksmali into Smali language.

Lesson 2: Understanding Android Penetration Testing

Importance

• Detect vulnerabilities in mobile apps to prevent attacks.
• Vulnerabilities can lead to serious issues like code extraction and malware.

Testing Methods and Tools

• Penetration testing involves simulating attacks to find security flaws.
• Tools include ADB, Dex 2jar, JD-GUI, JADX, APKTOOL, Burp Suite, Frida, Objection, Ghidra, Drozer, MobSF.

Lesson 3: Understanding Android Application Reverse Engineering

Reverse Engineering Process

• Analyzing compiled apps to understand and possibly modify the code.
• Techniques include decompiling, binary patching, and code injection.

Threats

• Android malware, security issues, and decreased security from code decompiling.
• Tools like APK Studio and Apktool assist in reverse engineering.

Prevention Techniques

• Use server-stored code, Proguard, secure hash functions, debugger detection, and multi-factor security.

Lesson 3 (Part 2): Android Application Package Investigation and Analysis

Static Analysis

• Investigating APK without code obfuscation can yield source code similar to the original.
• Important to check for sensitive information and potential vulnerabilities.

Key Focus Areas

• Analyze entry points, services, and broadcast receivers.
• Check for application permissions and possible exploits.

Security Review Techniques

• Focus on SQL injection, SSL handling, command injection, and other potential vulnerabilities.

Case Study: Haridwar App Scam

• Example of financial fraud via manipulated app permissions to intercept OTPs.
• Highlighted the importance of securing app permissions and data.