"It is a must-have for security architects and consultants as well as enterprise security managers who are working with mobile devices and applications."

Dr. Dena Haritos Tsamitis, Director, Information Networking Institute (INI) Director of Education, CyLab Carnegie Mellon University

"Good book for Android security enthusiasts and developers that also covers advance topic like reverse engineering of Android applications. A must have book for all security professionals."

Sanjay Katkar, Co-Founder Quick Heal Technologies

"It's an excellent book for professional businesses that are trying to move their corporate applications on mobile / Android platform. It helped me understand the threats foreseen in Android applications and how to protect against them. Thanks for putting together a structured text on Android security."

Jagmeet Malhotra, Vice President, Royal Bank of Scotland

"Smart mobile devices need smart security. If you are facing the complex challenge of securing data and applications for Android, this book provides valuable insight into the security architecture and practical guidance for safeguarding this modern platform."

Gerhard Eschelbeck, Chief Technology Officer, Sophos

"Abhishek and Anmol's book Android Security: Attacks & Defenses is a great introduction to Android security. Their chapter "Reverse Engineering Android Applications" provides the groundwork for anybody interested in mobile malware analysis and cracking the nitty-gritty of most Android apps."

Nicholas Falliere, Founder JEB Decompiler & Security Researcher

"In their book Android Security: Attacks and Defenses, Dubey and Misra have filled a critical gap in software security literature by providing a unique and holistic approach to addressing this critical and often misunderstood topic..."

James Ransome, Senior Director, Product Security McAfee . An Intel Company

The book gives security professionals and executives a practical guide to the security implications and best practices for deploying Android platforms and applications in the (corporate) environment.

Steve Martino, VP Information Security, Cisco

Chapter 6

  Reverse Engineering Android Applications

In this chapter, we will cover malware basics—how to identify malware, malware behavior, and malware features. We will then discuss a custom Android BOT application created by the authors and demonstrate to the reader how potential malware can bypass Android built-in checks.The Android BOT walkthrough will include stealing a user’s browser history and Short Message Service (SMS) as well as call logs, and it attempts to drain the phone’s battery. We will also present a sample application to show the readers how to reverse engineer or analyze malicious applications. After completing this chapter, the reader will be able to write Android BOT in Java. The reader will also become familiar with reverse engineering tools and will be able to decompile any Android application.



Chapter 7

        Modifying Android Applications

This chapter builds on Chapter 6. We begin by discussing potential use cases for recompiling/modifying the behavior of applications. We show how to analyze and debug Android application binaries. We cover the .dex file format and show how to decompile and recompile Android applications without having access to source code, thus changing the application’s behavior. We demonstrate how an attacker can change an application’s behavior by decompiling the application, changing the smali code, and recompiling it.



Chapter 8

     Hacking Android

In this chapter, we introduce forensics and techniques used to perform it. We walk the reader through the Android file system, directories, and mount points. We cover SD card analysis and Android-specific techniques to perform forensics. Finally, we walk the reader through an example that demonstrates topics covered in this chapter.



Chapter 9

Securing Android for the Enterprise Environment

In this chapter, we look at security concerns for deploying Android and Android applications in an enterprise environment. We first review security considerations for mobile devices, in general, as well as Android devices, in particular. We then move on to cover monitoring and compliance/audit considerations, as well as end-user training. We then look at hardening Android and developing secure applications for the Android platform.



Chapter 10

 Browser Security and Future Landscape

In this chapter, we review HTML and browser security on mobile devices. We cover different types of attacks possible, as well as browser vulnerabilities. We then discuss possible advanced attacks using mobile devices.