Android Security Workshop

Module 1

Access Control In the Android OS

Topics: DAC, MAC, UID, GID, AID, Application Sandbox



Topics: Architecture, Type Enforcement, Modes, Rules, Security labels


Application Signing

Topics: Signing Goals and Objectives, Google Play signing, Signature Schemes


Permission Based Access Control, Hardware Based Security Features

Topics: Protected APIs, Permission Assignment and Categories, Fingerprint, GateKeeper, Keystore, Encryption, Verified boot

SLIDES (external)

Module 2

Application Components

Topics: Activities, Services, Broadcast Receivers, Content Providers, Intents, adb


WebViews / Use and Abuse

Topics: JS Interface, JS injection, Web Scraping, Silent Loading


The Window Manager / Use and Abuse

Topics: Free Floating Windows, System Alert Window, Overlays, Tap jacking, Picture in Picture


Accessibility Service, Admin API, DCL, Reflection / Use and Abuse

Topics: A11y Implementation, Accessibility Events, Event Lifecycle, A11y Abuse, Device Admin Apps, Using Reflection, Abusing Reflection, DexClassLoader


Module 3

The Java Native Interface

Topics: Locating Native Libs, Tracking down Native Methods in Ghidra, Resolving Native Methods, Dynamic / Static Linking, Using JNITrace



--, developer of Posts are solely my own and do not express the views of my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store