In this lab, we’ll cover the fundamentals of mobile application security for Android and iOS. The target audience is either beginning application security professionals or those who have web or other security experience, but want to learn more about auditing mobile applications. This lab will move fast, so be prepared to go from 0 to 60 and leave with a good foundational knowledge you can use to build on.
We will cover:
Android
– Quick overview
– Application structure and build process
– Reversing APKs
– IPC mechanisms
– Providers and data storage
– Permissions
– WebViews
– Transport layer security
– Tools: QARK, ADB, APKTOOL
iOS
– Quick overview
– Secure Boot Chain
– iOS build process
– Reversing apps
– Application fundamentals
– Filesystem layout and data storage
– Transport layer security
– Dynamic analysis
– Tools: IDB, iFunBox, oTool, CyCript, class-dump-z
Students should come prepared to get the most of this lab. This includes bringing their own laptops with the following installed:
and bringing rooted, physical Android and/or iOS devices and cables or having working emulators on their laptops.