Android Security Workshop

Module 1

Access Control In the Android OS

Topics: DAC, MAC, UID, GID, AID, Application Sandbox

SLIDES

SELinux

Topics: Architecture, Type Enforcement, Modes, Rules, Security labels

SLIDES

Application Signing

Topics: Signing Goals and Objectives, Google Play signing, Signature Schemes

SLIDES

Permission Based Access Control, Hardware Based Security Features

Topics: Protected APIs, Permission Assignment and Categories, Fingerprint, GateKeeper, Keystore, Encryption, Verified boot

SLIDES (external)

Module 2

Application Components

Topics: Activities, Services, Broadcast Receivers, Content Providers, Intents, adb

SLIDES

WebViews / Use and Abuse

Topics: JS Interface, JS injection, Web Scraping, Silent Loading

SLIDES

The Window Manager / Use and Abuse

Topics: Free Floating Windows, System Alert Window, Overlays, Tap jacking, Picture in Picture

SLIDES

Accessibility Service, Admin API, DCL, Reflection / Use and Abuse

Topics: A11y Implementation, Accessibility Events, Event Lifecycle, A11y Abuse, Device Admin Apps, Using Reflection, Abusing Reflection, DexClassLoader

SLIDES

Module 3

The Java Native Interface

Topics: Locating Native Libs, Tracking down Native Methods in Ghidra, Resolving Native Methods, Dynamic / Static Linking, Using JNITrace

SLIDES

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store