Introduction to the Android OS. the Android Developers Kit, Android Emulators, Rooting Android devices, de-compiling Android Apps. Dex2jar, Java JD_GUI and so on. During the presentation I will pull an App apart and show how to bypass a login screen.
What better way to express the Zombie Apocalypse then with mobile devices. They are ubiquitous. they are carried everywhere, they go everywhere. Having a decent understanding of the Operating System and it’s vulnerabilities can go a long way towards keeping your device protected.
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions
we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend.
Cheers !!!
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
Video at http://mrkn.co/andsec
With Android activations reaching a million devices per day, it is no surprise that security threats against our favorite mobile platform have been on the rise.
In this session, you will learn all about Android's security model, including application isolation (sandboxing) and provenance (signing), its permission system and enforcement, data protection features and encryption, as well as enterprise device administration.
Together, we will dig into Android's own internals to see how its security model is applied through the entire Android stack - from the Linux kernel, to the native layers, to the Application Framework services, and to the applications themselves.
Finally, you’ll learn about some of the weaknesses in the Android's model (including rooting, tap-jacking, malware, social-engineering) as well as what can be done to mitigate those threats, such as SE-Linux, memory protection, anti-malware, firewall, and developer best practices.
By the end of this session you will have a better understanding of what it takes to make Android a more trusted component of our personal and professional lives.
I attended the Android Penetration testing session organized by Null Bangalore. It was an AWESOME session by Ashish and everyone enjoyed it. This is the first time the Humla session was organized at Flipkart and it was beautiful venue. As I was sure that I may forget it later, I documented the entire session so that it will help me to revise it later as well. I have tried to make it as comprehensive as possible which gives you precise step by step instructions. It also covers most of the errors and solutions
we all faced during the session. This will help all of us to revise whatever we were taught in the Humla Session. It covers everything except the challenges. I am sure once you go through this document it will help you and others as well who were not able to attend.
Cheers !!!
The incorporation of Security-Enhanced Linux in Android (SEAndroid) is an important security enhancement to the platform.
Android is built on top of the Linux kernel, with a collection of traditional and customized Linux libraries and daemons.
....
Using freely available tools, I've analyzed my Facebook friends to explore the networks that exist among them. The same idea could be used for identifying potential sources online.
(Presentation at HITcon 2011) This talk introduces how to do Android application reverse engineering by real example. And, it covers the advanced topics like optimized DEX and JNI.
[1] A view that a UseCase (UC) is a "dialog" between the System under Consideration (SuC) and an Actor (for a specific UC) brings focus to what "messages need to be exchanged between the SuC and Actor to reach UC Goal".
[2] Agreeing on and specifying UC Goal is related to business or application. UC Goal would be the right first step of UC description.
[3] There are many "means" of generating "messages from SuC", through various internal activities within the SuC. They need not be (I would even say should not be) specified in UC Description.
[4] The concept of UseCase is profound and useful because it is a "dialog" but NOT a process. This distinction is not defined and clarified which is why, I think, the full benefits of UC modeling are not widely realized.
[5] This view of UC (as per 1, 2 & 3) clearly separates the "internal processes" of the SuC from UC. The "internal processes" can be hypothesized and evolved separately using UML Sequence Diagrams. All the business / user needs can be specified with sufficient precision and rigor through the “messages” of UC dialog. There are no external dependencies, though constraints may exist and have to be taken care of.
I have REVISED & uploaded the PPT with TWO Sections, Section 2 First.
[6] I would like to study applications and demonstrate how the "dialog" view of UseCase would simplify & clarify UseCase description for the business user as well as system developer without sacrificing precision and usefulness.
02 FEB 14
Slides for a college course at City College San Francisco. Based on "Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018.
Instructor: Sam Bowne
Class website: https://samsclass.info/128/128_S17.shtml
For a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
Speaking at Unmask Cybercrime, held by Surabaya Hacker Link. This session im talking about How to finding apps vulnerability and using MITM techniques for request monitoring between apps and REST Service.
Thick Client Penetration Testing
You will learn how to do pentesting of Thick client applications on a local and network level, You will also learn how to analyze the internal communication between web services & API.
Android application development fundamentalsindiangarg
Some concepts to understand the things that relate to basics of development on the Android Platform. The presentation explains the concept of formation of virtual machine for each android app. It also explains the main components like Activities, Services, Content Provider and Broadcast Receiver. The purpose of Intent is also explained. One can also find a brief on things that one can write in the Manifest file. The types of resources have also been explained. Finally one learns to know about the android metrics.
A lecture for a college class: Hacking Mobile Devices at CCSF
Based on "The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell
Instructor: Sam Bowne
More info: https://samsclass.info/128/128_S19.shtml
CyberOm - Hacking the Wellness Code in a Chaotic Cyber WorldEC-Council
Learn how to find peace and happiness within you and around you amidst chaos and understanding how the mind-body-energy connection plays a crucial role in the world of Cyber. Mental health and wellness can be the difference between a Cyber professional and a criminal.
Cloud Security Architecture - a different approachEC-Council
Whether people admit or not, everyone is moving to the cloud and all future business will run somewhere on the internet. Moving to the cloud requires different set of architecture and mindset. Data is stored, accessed and processed on different platforms and devices. Employees are working anywhere from the world, corporate data is no more under company IT custody. CISOs and CIOs need to think differently and set new Cloud Security Architecture. This session will try to draw the main areas of concern from Security perspective while moving to the cloud.
This webinar is primarily intended for those that are in need of an informational overview on how to respond to information security incidents or have a responsibility for doing so. It will also assist with your preparation for a Computer Security Incident Handling certification.
Hacking Your Career – Hacker Halted 2019 – Keith TurpinEC-Council
HACKING YOUR CAREER
Learn how to take charge of your future and ring success out of every opportunity. I had some hard lessons on my way to becoming the CISO of a billion dollar company and now you can benefit from those experiences. In this candid conversation, you will learn the secrets to kicking your career’s ass.
HACKING DIVERSITY
We talk a lot about why diversity is important and we are all familiar with the woeful inclusion stats. In this talk we will discuss why diversity is important from both the perspective of an organization’s bottom line and the individual contributor.
Cloud Proxy Technology – Hacker Halted 2019 – Jeff SilverEC-Council
CLOUD PROXY TECHNOLOGY [THE CHANGING LANDSCAPE OF THE NETWORK PROXY]
This class will cover the distinctions between traditional proxy technology and the emergence in recent years of cloud proxy and why it matters to organizations today. We will review real use cases and their corresponding screen shots to provide a stimulating session.
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...EC-Council
DNS: STRATEGIES FOR REDUCING DATA LEAKAGE & PROTECTING ONLINE PRIVACY
DNS is the foundational protocol used to directly nearly all Internet traffic making the collection and analysis of DNS traffic highly valuable. This talk will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work.
Data in cars can be creepy – Hacker Halted 2019 – Andrea AmicoEC-Council
THE $750 BILLION VEHICLE DATA GOLD RUSH – PIRATES AHOY!
Vehicle data may be worth $750b by 2030. Problem: vehicle security, privacy, and user awareness of risks are inadequate. Andrea Amico will share some exploits including his “CarsBlues” which exposes people’s personal data, affects 22 makes, and is still a 0-Day for tens of millions of vehicles.
BREAKING SMART [BANK] STATEMENTS
Explanation of how I find and exploit a security flaw (bad implementation of cryptography) in a bank statement, sent via email, of one of the biggest banks in Mexico.
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanEC-Council
ARE YOUR CLOUD SERVERS UNDER ATTACK
For this presentation, I built out a test lab in AWS and allowed someone to hack the servers. I will talk about what we saw when we opened RDP to the internet, what the hackers did once they got in, and someone trying to kick me off my own servers.
How to become a Security Behavior Alchemist – Global CISO Forum 2019 – Perry ...EC-Council
Behold the powers of behavioral alchemy! Are you ready to unleash 4 "Trojan Horses for the Mind" that will change the way you communicate forever? How about a magic wand that will help manifest secure behaviors and shape culture? Attend this session and harness the power.
Introduction to FAIR Risk Methodology – Global CISO Forum 2019 – Donna Gall...EC-Council
Present your risk assessments to your board of directors in the language they understand - financial loss. "FAIR" or "Factor Analysis of Information Risk" is the quantitative risk analysis methodology that works with common frameworks while adding context for truly effective risk management.
Alexa is a snitch! Hacker Halted 2019 - Wes WidnerEC-Council
ALEXA IS A SNITCH!
You’re not paranoid, your voice assistant is listening. And what’s worse, Alexa is stitching on you! What is she hearing? Where is she sending it? And is there anything we can do to stop her?!
Join me as we discuss the current state of security around voice assistants. And how to silence them.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
3. About Me
Ex Military “31 Mic” Microwave Communications - 34th Signal Battalion
Lab Developer for Jones and Bartlett Publishing
CEI – CEH V8
Martial Art Nutcase
Co-creator of Cyber Kung Fu
4. Reverse Engineering
• Understand how applications work
• Analyze them
• Find vulnerabilities
• Uncover hard coded information
6. • Natural Curiosity
• MacGyver Fan
• CEH V8 mobile sucked
• Humongous Installed Base
• Self Defense
7. Lots of important information
• Contacts
• Messages
• Photos
• Email
• GPS co-ordinates
• Personal notes
• Stored accounts
• Web traffic
• Application configs and credentials
8. Double Edged Sword
• User moves between work and personal environments
• Carries Corporate Data
• Device can be compromised in less secure areas
• Compromised device is then connected to work
environment
9. Theft and Loss
• Weak protective mechanisms
• Compounded by users turning off security features
• Rooted devices
10. More Problems
• Increasing everyday use
• Users not educated
• Mix of personal and business use
• Always connected to internet
19. C/C++ Libraries
• Exposed to developer via Java API
• Kind of a transaction layer between kernel and
application framework
• Provides common services for apps
21. Runtime
• DVM – Dalvik Virtual Machine
• Efficient and Secure mobile environment
22. Secure
• Each app runs in its own instance
• Unique ID and VM
• Separate memory and files
23. Application Framework
• Compiled java code running in DVM
• Provides services to multiple apps
• Layer that 3rd party developers interact with
• Abstract access to key resources
25. Privilege Separation & Sandboxing
• Based on Linux security model
• Each user is assigned a unique ID (UID)
• Each user can be assigned to Groups
• Each Group has an unique ID (GID)
27. Sandboxing
• Two or more applications can communicate
• Provided they grant permissions
• Implemented in the kernel
• Extended to all software above 1st layer
28. App Separation
• Kernel assigns unique UID
• Runs as that user in separate process
• Different than multiuser OS
29. File Separation
• New apps get new UIDs
• Extended across memory cards
• All associated DB and files use the new UID
31. Separate File Permission Groups
• Note – only the associated UID and root UID have full privileges on
these resources unless the developer exposes files to other apps.
32. SD Cards
• Everyone (Whole World) has access Storage
• Currently vfat fs
• Doesn’t support granular permissions
• Note – good place for privilege escalation
34. SharedPreferences
• Allows app to store and retrieve persistent key values
• Persist across device sessions
• Accesss using the SharedPreferences Object
• Stored as XML
• /data/data/”app”/shared_prefs
• Example
35. SQLite3
• Full Support
• Accessed via the UID of the related app
• /data/data/”app”/databases
36. Application Signing
• Ensures Integrity and Authenticity
• APK must be signed
• Inhibits tampering
• Aids confidentiality by insuring where it came from
• Apps signed with same key can share UID, Process, Memory,
Data Storage and Sandbox
37. Signing Quirks
• Apps can be disassembled and changed
• Can be resigned with same certificate if you have key
• Multiple apps can use same certificate
• App can be manipulated to accept same certificate
• Debugging certificate
38. App access to resources
• Developer limits access to required resources
• Helps to inhibit rogue apps from taking over
• Text, GPS, MMS, camera, microphone, contacts
39. API Permissions
• AndroidManifest.xml
• Used by trusted applications
• Tracks what the user is allowed to do
• Each app must have an AndroidManifest.xml
40. Permission Model
• System displays permissions
• Helps user to decide to trust app or not.
Normal – Dangerous – Signature – Signature or System
42. Activity
• Provides a screen and allows a user to interact with it.
• A window where the user interface is defined
43. Content Providers
• Allow efficient data sharing between processes & applications
• Allow applications to access the stored data of other
applications
• Use relational databases similar to tables
• Each row is an Instance each column is a Type
• Pic
48. Intents
• Mechanisms for asynchronous IPC (Inter Process Communication)
• Allow app to send or broadcast messages to specific components
• Control task and transport data
• Components like Activities, Broadcast Receivers & Services are
activated via Intents
• Contain a large amount of information
• Parsed by OS & used by the receiver to take action
• Contain category and instruction for activity launch
Action – Data – Type – Category (note)
49. Google Bouncer
• Automatically scans Android Market looking for malicious Apps
• Checks new applications
• Apps already in Store
• Developer accounts
• No restrictions on upload process
• Can be bypassed
50. Rooting
• Gain Root permissions
• Allow access and editing of Carrier and Manufacturer apps
• Install Custom Software (ROMs)
• Install different Android Version
• Wi Fi tethering
• Overclocking
• Removing Fluff-ware
51. Some Rooting Techniques
• Depends on the device
• OneClickRoot
• SuperOneClick
• z4Root
• GingerBreak
• UnlockRoot
52. The SDK
• Windows and Linux
• SDk & Eclipse
• Virtual Devices (emulators)
• Allows interaction with virtual and real devices
– Browse files
– Create, install, extract apps
– Get shells
– SSH & VNC
53. SDK continued
• Eclipse
• ADT – Android Developer Tools
– Signing
– Debugging
– Important for developer & tester
– Use Android SDK Tools
• IDE – integrated Development Environment
61. What we can do with a Virtual Device
• Send and receive text between devices
• make calls
• interact with the touch screen if you have one on your host
• browse file
• threads
62. Commands Available
• the VM can be run from the command line
• Command - adb devices
• adb connect <device name>
• note the number reference the port used
100. Folders & Uses
bin – same as Linux
libs - same as Linux
res - resources
• drawables – images for layouts
• layout –user interface *
• values – string.xml – styles.xml – dimens.xml - colors