The Mobile Application Hacker's Handbook

See your app through a hacker's eyes to find the real sources of vulnerability

The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.

Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.

• Understand the ways data can be stored, and how cryptography is defeated
• Set up an environment for identifying insecurities and the data leakages that arise
• Develop extensions to bypass security controls and perform injection attacks
• Learn the different attacks that apply specifically to cross-platform apps

IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.

Introduction xxxi

Chapter 1 Mobile Application (In)security 1

The Evolution of Mobile Applications 2

Mobile Application Security 4

Summary 15

Chapter 2 Analyzing iOS Applications 17

Understanding the Security Model 17

Understanding iOS Applications 22

Jailbreaking Explained 29

Understanding the Data Protection API 43

Understanding the iOS Keychain 46

Understanding Touch ID 51

Reverse Engineering iOS Binaries 53

Summary 67

Chapter 3 Attacking iOS Applications 69

Introduction to Transport Security 69

Identifying Insecure Storage 81

Patching iOS Applications with Hopper 85

Attacking the iOS Runtime 92

Understanding Interprocess Communication 118

Attacking Using Injection 123

Summary 131

Chapter 4 Identifying iOS Implementation Insecurities 133

Disclosing Personally Identifi able Information 133

Identifying Data Leaks 136

Memory Corruption in iOS Applications 142

Summary 146

Chapter 5 Writing Secure iOS Applications 149

Protecting Data in Your Application 149

Avoiding Injection Vulnerabilities 156

Securing Your Application with Binary Protections 158

Summary 170

Chapter 6 Analyzing Android Applications 173

Creating Your First Android Environment 174

Understanding Android Applications 179

Understanding the Security Model 206

Reverse‐Engineering Applications 233

Summary 246

Chapter 7 Attacking Android Applications 247

Exposing Security Model Quirks 248

Attacking Application Components 255

Accessing Storage and Logging 304

Misusing Insecure Communications 312

Exploiting Other Vectors 326

Additional Testing Techniques 341

Summary 351

Chapter 8 Identifying and Exploiting Android Implementation Issues 353

Reviewing Pre‐Installed Applications 353

Exploiting Devices 365

Infiltrating User Data 416

Summary 426

Chapter 9 Writing Secure Android Applications 427

Principle of Least Exposure 427

Essential Security Mechanisms 429

Advanced Security Mechanisms 450

Slowing Down a Reverse Engineer 451

Summary 455

Chapter 10 Analyzing Windows Phone Applications 459

Understanding the Security Model 460

Understanding Windows Phone 8.x Applications 473

Developer Sideloading 483

Building a Test Environment 484

Analyzing Application Binaries 506

Summary 509

Chapter 11 Attacking Windows Phone Applications 511

Analyzing for Data Entry Points 511

Attacking Transport Security 525

Attacking WebBrowser and WebView Controls 534

Identifying Interprocess Communication Vulnerabilities 542

Attacking XML Parsing 560

Attacking Databases 568

Attacking File Handling 573

Patching .NET Assemblies 578

Summary 585

Chapter 12 Identifying Windows Phone Implementation Issues 587

Identifying Insecure Application Settings Storage 588

Identifying Data Leaks 591

Identifying Insecure Data Storage 593

Insecure Random Number Generation 601

Insecure Cryptography and Password Use 605

Identifying Native Code Vulnerabilities 616

Summary 626

Chapter 13 Writing Secure Windows Phone Applications 629

General Security Design Considerations 629

Storing and Encrypting Data Securely 630

Secure Random Number Generation 634

Securing Data in Memory and Wiping Memory 635

Avoiding SQLite Injection 636

Implementing Secure Communications 638

Avoiding Cross‐Site Scripting in WebViews and WebBrowser Components 640

Secure XML Parsing 642

Clearing Web Cache and Web Cookies 642

Avoiding Native Code Bugs 644

Using Exploit Mitigation Features 644

Summary 645

Chapter 14 Analyzing BlackBerry Applications 647

Understanding BlackBerry Legacy 647

Understanding BlackBerry 10 652

Understanding the BlackBerry 10 Security Model 660

BlackBerry 10 Jailbreaking 665

Using Developer Mode 666

The BlackBerry 10 Device Simulator 667

Accessing App Data from a Device 668

Accessing BAR Files 669

Looking at Applications 670

Summary 678

Chapter 15 Attacking BlackBerry Applications 681

Traversing Trust Boundaries 682

Summary 691

Chapter 16 Identifying BlackBerry Application Issues 693

Limiting Excessive Permissions 694

Resolving Data Storage Issues 695

Checking Data Transmission 696

Handling Personally Identifiable Information and Privacy 698

Ensuring Secure Development 700

Summary 704

Chapter 17 Writing Secure BlackBerry Applications 705

Securing BlackBerry OS 7.x and Earlier Legacy Java Applications 706

General Java Secure Development Principals 706

Making Apps Work with the Application Control Policies 706

Memory Cleaning 707

Controlling File Access and Encryption 709

SQLite Database Encryption 710

Persistent Store Access Control and Encryption 711

Securing BlackBerry 10 Native Applications 716

Securing BlackBerry 10 Cascades Applications 723

Securing BlackBerry 10 HTML5 and JavaScript (WebWorks) Applications 724

Securing Android Applications on BlackBerry 10 726

Summary 726

Chapter 18 Cross‐Platform Mobile Applications 729

Introduction to Cross‐Platform Mobile Applications 729

Bridging Native Functionality 731

Exploring PhoneGap and Apache Cordova 736

Summary 741

Index 743

“..there is a shocking lack of published material on the topic of mobile security. The Mobile Application Hacker’s Handbook seeks to change this and be a positive movement to educating others in the topic of mobile security awareness.” (Vigilance-Security Magazine, March 2015)

DOMINIC CHELL is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations.

TYRONE ERASMUS is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA.

SHAUN COLLEY is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering.

OLLIE WHITEHOUSE is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.

View your app through a hacker's eyes

IT security breaches make headlines almost daily. With both personal and corporate information being carried in so many pockets, mobile applications on the iOS, Android, Blackberry, and Windows Phones are a fertile field for hackers. To discover the true vulnerabilities in a mobile app, you must look at it as a hacker does.

This practical guide focuses relentlessly on the hacker's approach, helping you secure mobile apps by demonstrating how hackers exploit weak points and flaws to gain access to data. Discover a proven methodology for approaching mobile application assessments and the techniques used to prevent, disrupt, and remediate the various types of attacks.

Learn to:

• Understand the ways data can be stored and how hackers can defeat cryptography
• Set up an environment in which insecurities and data leakages can be identified
• Develop extensions to bypass security controls and perform injection attacks for testing
• Identify the different types of attacks that apply specifically to cross-platform apps
• Recognize how hackers bypass security controls such as jailbreak/root detection, tamper detection, runtime protection, and anti-debugging
• Implement a generic methodology for mobile application testing