The blog series aims to help you get started with performing Android pentesting. This blog helps you to understand the fundamentals that you should know before getting started with android Pentesting.
There are plenty of blogs and resources available on the Internet to help you start your Android Application security assessment journey. However, only a couple of resources guide you in-depth about getting started with an Android Application Security assessment. This blog aims to help you know the Fundamentals before starting Android Application Penetration testing.
First things first, time to explain the architecture of the android.
Architecture of Android
It is the heart of android architecture that exists at the root of android architecture. Linux kernel is responsible for device drivers, power management, memory management, device management, and resource accesses, the core of android architecture. It works as the abstraction between device hardware and upper components in the architecture. It manages all the device drivers, which helps in managing the basic functionalities like camera, WiFi, flash memory, display, keypad, Bluetooth, audio that are needed at runtime.
On the top of Linux kernel, their are libraries such as Webkit, OpenGL, FreeType, SQLite, Media, C runtime library (libc) etc.
They include various C/C++ core libraries and java based libraries as many core android system components require them as support for android development. This layer handles the data specific to hardware
It is known as Execution environment there are core libraries and DVM (Dalvik Virtual Machine)/ART which is responsible to run android application.It contains core libraries and Dalvik VM which are responsible for running android applications
Android framework includes Android API’s such as UI (User Interface), telephony, resources, locations, Content Providers (data) and package managers. It provides a lot of classes and interfaces for android application development.
The top layer of the android architecture is Applications.These are the applications that you interact with. applications such as home, contact, settings, games, browsers are using android framework that uses android runtime and libraries. Android runtime and native libraries are using linux kernel
Understanding flow of Apk build,execution process
- The javac is the program that convert your source code into bytecode (.class files),
- All the .class files are converted into .dex (Dalvik executable) file by dx compiler. The DEX bytecode format is independent of device architecture and needs to be translated to native machine code to run on the device
- AAPT compile resources into binary assets. and packages the compiled resources, non-compiles resources , .dex files in .apk file. This results Project-debug.apk
- You need to sign your application which then results in Project-release.apk
With the Dalvik JIT compiler, each time when the app is run, it dynamically translates a part of the Dalvik bytecode into machine code. As the execution progresses, more bytecode is compiled and cached. On the other hand, ART is equipped with an Ahead-of-Time compiler. During the app’s installation phase, it statically translates the DEX bytecode into machine code and stores in the device’s storage. This is a one-time event which happens when the app is installed on the device
Structure of APK file:
An APK file is like a ZIP file that contains everything an Android application needs to operate: the application code in DEX file format, the application manifest file, resources, assets etc. To install an APK, it must be digitally signed with a certificate.
- AndroidManifest.xml: Application’s package name, version, access rights, referenced libraries and other metadata in binary XML format.
- classes.dex: Classes compiled in .dex file format understandable by Dalvik VM.
- resources.arsc: Precompiled resources.
- res/ folder: Resources that are not compiled into resources.arsc.
- lib/ folder: Compiled code for native implementation.
- assets/ folder: Application’s assets.
- META-INF/ folder: MANIFEST.MF file, which stores metadata about the application. It also contains the certificate and signature of the APK.
App Main components
App components are the essential building blocks of an Android app. Each component is an entry point through which the system or a user can enter your app.
- Broadcast receivers
- Content providers
- Activities: An activity is the entry point for interacting with the user. It represents a single screen with a user interface. There can be multiple activities with multiple screens.For example:- you have an any application like WhatsApp, messenger or anyone, the screen visible to you is every activity.
- Services: They run in the background without any UI. Intents are the default way to start Services.For example: we can play music, downloading files without any UI.
- Broadcast Receivers: They respond to system wide broadcast announcements. They are like a “gateway” for other app components which perform minimal work like a battery low notifier by some app that can change device behaviour accordingly.For Example :- You are in a room , and room is closed. Your friend come and knock the door. Here knocking of door is broadcast message . You listen it, here you are receiver , after listen you perform an action (open the door).
- Content Providers: It stores and shares data from one application to others if required. The data is stored in database, web, file system or any other place. If the content provider allows, other apps can query or manipulate the data as well. Content Provider will act as a central repository to store the applications data in one place and make that data available for different applications to access whenever it’s required
Payatu is a Research Focused, CERT-In impaneled Cybersecurity Consulting company specializing in security assessments of IoT product ecosystem, Web application & Network with a proven track record of securing applications and infrastructure for customers across 20+ countries.
Get in touch with us. Click on the get started button below.