Android Security: Attacks and Defenses

Book Description

Android Security: Attacks and Defenses is for anyone interested in learning about the strengths and weaknesses of the Android platform from a security perspective. Starting with an introduction to Android OS architecture and application programming, it will help readers get up to speed on the basics of the Android platform and its security issues.
Explaining the Android security model and architecture, the book describes Android permissions, including Manifest permissions, to help readers analyze applications and understand permission requirements. It also rates the Android permissions based on security implications and covers JEB Decompiler.

The authors describe how to write Android bots in JAVA and how to use reversing tools to decompile any Android application. They also cover the Android file system, including import directories and files, so readers can perform basic forensic analysis on file system and SD cards. The book includes access to a wealth of resources on its website: www.androidinsecurity.com. It explains how to crack SecureApp.apk discussed in the text and also makes the application available on its site.

The book includes coverage of advanced topics such as reverse engineering and forensics, mobile device pen-testing methodology, malware analysis, secure coding, and hardening guidelines for Android. It also explains how to analyze security implications for Android mobile devices/applications and incorporate them into enterprise SDLC processes.

The book’s site includes a resource section where readers can access downloads for applications, tools created by users, and sample applications created by the authors under the Resource section. Readers can easily download the files and use them in conjunction with the text, wherever needed. Visit www.androidinsecurity.com for more information.

Table of Contents

Chapter 1 Introduction
Chapter 2 Android Architecture
Chapter 3 Android Application Architecture
Chapter 4 Android (in)Security
Chapter 5 Pen Testing Android
Chapter 6 Reverse Engineering Android Applications
Chapter 7 Modifying the Behavior of Android Applications without Source Code
Chapter 8 Hacking Android
Chapter 9 Securing Android for the Enterprise Environment
Chapter 10 Browser Security and Future Threat Landscape

中文：

书名：Android安全：攻击与防御

Android安全：攻击与防御 是为任何有兴趣从安全角度了解Android平台的优点和缺点的人编写的。从介绍Android操作系统架构和应用程序编程开始，它将帮助读者快速了解Android平台的基础知识及其安全问题。
该书解释了Android安全模型和架构，描述了Android权限，包括Manifest权限，以帮助读者分析应用程序并了解权限要求。它还根据安全影响对Android权限进行评级，并涵盖Jeb Decompiler。

作者描述了如何用Java编写Android机器人，以及如何使用反向工具来反编译任何Android应用程序。它们还涵盖Android文件系统，包括导入目录和文件，因此读者可以对文件系统和SD卡进行基本的取证分析。这本书在其网站上提供了丰富的资源：www.androidInsturity.com。它解释了如何破解文本中讨论的SecureApp.apk，并使该应用程序在其网站上可用。

这本书涵盖了高级主题，如逆向工程和取证，移动设备笔测试方法，恶意软件分析，安全编码，以及Android的强化指南。它还解释了如何分析Android移动设备/应用程序的安全影响，并将其纳入企业SDLC流程。

这本书的网站包括一个资源部分，读者可以在资源部分下访问应用程序、用户创建的工具和作者创建的示例应用程序的下载。读者可以方便地下载这些文件，并在需要的任何地方将它们与文本结合使用。欲了解更多信息，请访问www.androidinsecurity.com。

目录表

Chapter 1 Introduction
第2章Android架构
Chapter 3 Android Application Architecture
第4章Android(In)安全
第五章笔测试Android
第6章Android应用程序逆向工程
第7章修改无源代码Android应用程序的行为
第八章黑客攻击安卓
第9章为企业环境保护Android
第十章浏览器安全和未来威胁形势