Android Application Security Series

Welcome to Android Application Security Series. This series contains some blog post about different types of vulnerabilities which are possible in Android Application’s and there exploitation methods.

Q. Who can follow this series ?

  • As in the whole series i have demonstrated common vulnerabilities possible in android applications, Penetration Testers, Security Researchers, Security Analyst are the main audience.
  • In nearly every post i have also described the ways you can fix the given vulnerability, so android application developers can get to know common vulnerabilities and ways to fix them.

Q. What are the prequisties of this series ?

  • Well i have tried my best to make these series simple and elaborative. So anyone with basic knowledge about Internet can just start right away.
  • It would be good if you are already aware of android apps development and some common web application vulnerabilities like SQL Injection, Cross Site Scripting(XSS), but not to worry if you are not already aware of those, there is always a way out. If you have been in web application security then you will love this series. :)

Q. From where does the inspiration of writing these blogs came ?

Actually i got interested Web Application Security in 2013 and gained lot of interest in it and then also participated in so many Bug Bounty Programs. But for me learning web application security was an easy task because of so many resources available on the internet(like OWASP.org) but that is not the case when it comes to Mobile Application Security(espically Android) despite of the fact that Android has around 82.8% share in the mobile market.
Alt text
Source : IDC
The main reason for this because of the fact that Android started in 2008 and web around 1995. And another reason most of the people have started commercializing the courses they made instead of making that free.
So, you can consider this series as a little payback to the community from which i have learned too many things.

In this series, i will be using Appie to demonstrate vulnerabilities and highly recommend you to use that but you could use your own installation of those tools or have a virtual machine. If you are on Linux or Mac then i would suggest you to use AndroidTamer.

I have tried to put blog post in this series according to OWASP Mobile Top 10 and arranged in a manner so that you can gain better understanding of the vulnerabilities.

Note: If you are new to this series then you can start reading Second Part, Third Part till Appie gets Downloaded and then proceed on the First Part and if you visited this series before then you can start from Part 8.

If you have any suggestion for making this series more interesting or wanted to see any new post, then please let me know . Leave your comments if you face any problem or just shoot me a email at aditya@manifestsecurity.com

If you find this series helpful, then please consider it sharing on Facebook or Twitter.