Nov 19, 2021

2 min read

Android Security Workshop

Module 1

Access Control In the Android OS

Topics: DAC, MAC, UID, GID, AID, Application Sandbox

SELinux

Topics: Architecture, Type Enforcement, Modes, Rules, Security labels

Application Signing

Topics: Signing Goals and Objectives, Google Play signing, Signature Schemes

Permission Based Access Control, Hardware Based Security Features

Topics: Protected APIs, Permission Assignment and Categories, Fingerprint, GateKeeper, Keystore, Encryption, Verified boot

SLIDES (external)

Module 2

Application Components

Topics: Activities, Services, Broadcast Receivers, Content Providers, Intents, adb

WebViews / Use and Abuse

Topics: JS Interface, JS injection, Web Scraping, Silent Loading

The Window Manager / Use and Abuse

Topics: Free Floating Windows, System Alert Window, Overlays, Tap jacking, Picture in Picture

Accessibility Service, Admin API, DCL, Reflection / Use and Abuse

Topics: A11y Implementation, Accessibility Events, Event Lifecycle, A11y Abuse, Device Admin Apps, Using Reflection, Abusing Reflection, DexClassLoader

Module 3

The Java Native Interface

Topics: Locating Native Libs, Tracking down Native Methods in Ghidra, Resolving Native Methods, Dynamic / Static Linking, Using JNITrace

Android Security

Reverse Engineering

More from +Ch0pin🕷️

https://www.linkedin.com/in/valsamaras/, developer of https://github.com/Ch0pin/medusa. Posts are solely my own and do not express the views of my employer.

About Help Terms Privacy

Get the Medium app

Get unlimited access
+Ch0pin🕷️
344 Followers
https://www.linkedin.com/in/valsamaras/, developer of https://github.com/Ch0pin/medusa. Posts are solely my own and do not express the views of my employer.

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech