Android Security: Attack Vectors, Defense Strategies & Best Practices for 2025
1. Android Development Tools
Configuration environment, development tools, test machine or virtual machine, adb
2. Practice app security
2.2 Check the app's certificate and signature
Unzip the apk file
Output certificate content keytool -printcert -file META-INF/CERT.RSA View the signature file content cat META-INF/CERT.SF View the certificate openssl pkcs7 -inform DER -in META-INF/CERT.RSA -noout -print_certs -text
2.3 Signing Android apps
Generate keystore keytool -genkey -alias demo.keystore -keyalg RSA -validity 40000 -keystore demo.keystore Re-sign the APK jarsigner -verbose -sigalg MD5withRSA -digestalg SHA1 -keystore demo.keystore -signedjar demo_signed.apk
2.4 Verify the app signature
Verify the APK signature jarsigner -verify -verbose demo_signed.apk
- Androidmanifest.xml file
- adb interacts with Activity (drozer can also be used)
- adb pull and push, file management
3. Android Security Assessment Tools
Integrated environment: Santoku (based on Ubuntu, integrating some mobile security tools)
drozer
Start drozer agent adb forward tcp:31415 tcp:31415 drozer console connect run app.package.list run app.package.list -f app namerun app.package.info -a package namerun app.activity.info -a package namerun app.provider.info -a package namerun app.service.info -a package namerun app.broadcast.info -a package namerun app.package.attacksurface package namerun app.activity.start --action *** --category *** --component ***
Writing the drozer module
4. Exploiting vulnerabilities in the app
- logcat
- Network traffic: tcpdump
- Use drozer to attack exported components
- Perform a man-in-the-middle attack on the app (Burpsuite or other MITM tools
5. Protect the app
- Components, no need to export
- Custom permissions
- content provider path
- Defending against SQL injection
- Verify the app's signature (anti-tampering)
- Anti-reverse engineering (detection of installers, simulators, debug flags)
- Proguard removes logs and/or does obfuscation
- DexGuard for advanced obfuscation
6. Reverse app
java To dex javac -source 1.6 -target 1.6 Example.java #dx path: D:\AndroidSDK\build-tools\22.0.1\lib\dx.jar dx --dex --output=Example.dex Example.class dex file format dex file parsing: #dexdump path: D:\AndroidSDK\build-tools\22.0.1\dexdump dexdump Example.dex dx --dex --verbose-dump --dump-to=outfile.txt Example.class dex To smali baksmali.jar Example.dex -o out smali To dex smali.jar out -o out.dex dex2java dex2jar Example.dex jd-gui NDK so library objdump -D ×××.so gdbserver+gdb
7. Cybersecurity
- Verify the SSL self-signed certificate (be careful not to use the wrong code on the web)
- Using the StrongTrustmanager from the onionkit library
- SSL pinning – limiting the scope of trusted SSL
8. Exploitation and analysis of vulnerabilities in native code
- Overflow and root vulnerabilities, omitted
- Automatic fuzzing testing of Android native code:
- Radamsafuzzer
- busybox
9. Encryption and using device management policies during development
- Using the Cryptography Library
- Generate symmetric encryption keys
- Protecting SharedPreferences data
- Password-based encryption
- Encrypting the database with SQLCipher
- Android Keystore provider
- Using device management strategies when developing
