Android Security Workshop

+Ch0pin🕷️
2 min readNov 19, 2021

--

Module 1

Access Control In the Android OS

Topics: DAC, MAC, UID, GID, AID, Application Sandbox

SLIDES

SELinux

Topics: Architecture, Type Enforcement, Modes, Rules, Security labels

SLIDES

Application Signing

Topics: Signing Goals and Objectives, Google Play signing, Signature Schemes

SLIDES

Permission Based Access Control, Hardware Based Security Features

Topics: Protected APIs, Permission Assignment and Categories, Fingerprint, GateKeeper, Keystore, Encryption, Verified boot

SLIDES (external)

Module 2

Application Components

Topics: Activities, Services, Broadcast Receivers, Content Providers, Intents, adb

SLIDES

WebViews

Topics: JS Interface, JS injection, Web Scraping, Silent Loading

SLIDES

The Window Manager

Topics: Free Floating Windows, System Alert Window, Overlays, Tap jacking, Picture in Picture

SLIDES

Accessibility Service, Admin API, DCL, Reflection

Topics: A11y Implementation, Accessibility Events, Event Lifecycle, A11y Abuse, Device Admin Apps, Using Reflection, Abusing Reflection, DexClassLoader

SLIDES

Module 3

The Java Native Interface

Topics: Locating Native Libs, Tracking down Native Methods in Ghidra, Resolving Native Methods, Dynamic / Static Linking, Using JNITrace

SLIDES

--

--