Date post: | 08-May-2015 |
Category: |
Documents |
Upload: | godfreynolan |
View: | 538 times |
Download: | 0 times |
Godfrey Nolan
� Easy access to APKs
� APK design
� Same trailer, different park
� sdcard
� Rooting phone
� Download from forums
� Identify and protect sensitive data on the mobile device� Handle password credentials securely on the device� Ensure sensitive data is protected in transit� Implement user authentication, authorization and session
management correctly� Keep the backend APIs (services) and the platform (server) secure� Secure data integration with third party services and applications� Pay specific attention to the collection and storage of consent for
the collection and use of the user’s data� Implement controls to prevent unauthorized access to paid-for
resources (wallet, SMS, phone calls etc.)� Ensure secure distribution/provisioning of mobile applications� Carefully check any runtime interpretation of code for errors
� Download an APK� adb pull /data/app/Dashboard.apk
� Unzip APK� Disassemble an APK
� apktool d Dashboard.apk
� Decompile an APK� dex2jar.bat Dashboard.apk, open in JD-GUI
� SQLite investigation� adb backup –noapk Dashboard.apk
� java –jar abe.jar unpack backup.ab backup.tar
� https://code.google.com/p/dex2jar/
� http://java.decompiler.free.fr/?q=jdgui
� http://www.netmite.com/android/mydroid/dalvik/docs/dex-format.html
� http://www.netmite.com/android/mydroid/dalvik/docs/instruction-
formats.html
� https://code.google.com/p/android-apktool/
� http://sourceforge.net/projects/adbextractor/files/
� http://www.sweetscape.com/010editor/
� http://sqlitebrowser.sourceforge.net/
� Giveaway