This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Mobile Security Project - Android/References"
From OWASP
Dinis.cruz (talk | contribs) |
Dinis.cruz (talk | contribs) |
||
| Line 10: | Line 10: | ||
* [http://groups.google.com/group/android-security-discuss Android Secuity Mailing list] | * [http://groups.google.com/group/android-security-discuss Android Secuity Mailing list] | ||
| − | ===Published Research=== | + | ===Published Research and presentations === |
| − | * [http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf Coverity SCAN 2010 Open Source Integrity Report] which contains information about 88 Kernel bugs in Android: | + | * '''Presentations''' |
| − | + | ** [http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf Coverity SCAN 2010 Open Source Integrity Report] which contains information about 88 Kernel bugs in Android | |
| − | + | ** [https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf Exploratory Android Security (iSEC Partners, Blackhat_2009) | |
| − | * [http://www.amazon.com/gp/product/0071633561/ Mobile Application Security] | + | ** [https://www.isecpartners.com/files/iSEC_Securing_Android_Apps.pdf Developing Secure Mobile Applications for Android] |
| − | + | ** [http://www.blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html Building Android Sandcastles in Android's Sandbox] at BlackHat Abu Dhabi (Nov 10 - 11 2010) (NOT PUBLISHED YET) | |
| − | * [http://jack-mannino.blogspot.com/2010/09/reversing-android-apps-101.html Reversing Android Apps 101] and [http://jack-mannino.blogspot.com/2010/10/storing-data-on-mobile-devices-wrong.html Storing Data On Mobile Devices The Wrong Way] - Jack Mannino | + | * '''Books''' |
| − | * [http://carnal0wnage.blogspot.com/2010/04/android-emulators-with-android-market.html Android Emulators with Android Market] and [http://techdroid.kbeanie.com/2009/11/android-market-on-emulator.html Android Market on Emulator | + | ** [http://www.amazon.com/gp/product/0071633561/ Mobile Application Security] |
| − | + | *'''Blog posts''' | |
| − | + | ** [http://jack-mannino.blogspot.com/2010/09/reversing-android-apps-101.html Reversing Android Apps 101] and [http://jack-mannino.blogspot.com/2010/10/storing-data-on-mobile-devices-wrong.html Storing Data On Mobile Devices The Wrong Way] - Jack Mannino | |
| − | + | ** [http://carnal0wnage.blogspot.com/2010/04/android-emulators-with-android-market.html Android Emulators with Android Market] and [http://techdroid.kbeanie.com/2009/11/android-market-on-emulator.html Android Market on Emulator] | |
| − | |||
| − | |||
===Tools=== | ===Tools=== | ||
* '''Android Development''' | * '''Android Development''' | ||
| − | ** [http://developer.android.com/sdk/index.html Android SDK] | + | ** [http://developer.android.com/sdk/index.html Android SDK] |
| − | |||
* '''Android Security Review''' | * '''Android Security Review''' | ||
** [http://code.google.com/p/dex2jar/ Dex2Jar] :'' "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..." '' | ** [http://code.google.com/p/dex2jar/ Dex2Jar] :'' "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..." '' | ||
| − | ** [http://code.google.com/p/android-apktool/ ApkTool] :'' "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code | + | ** [http://code.google.com/p/android-apktool/ ApkTool] :'' "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..." '' |
** [http://java.decompiler.free.fr JD] : Java Decompiler | ** [http://java.decompiler.free.fr JD] : Java Decompiler | ||
** [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files) | ** [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files) | ||
** Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules") | ** Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules") | ||
** iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html | ** iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html | ||
Revision as of 15:40, 5 November 2010
Here are a number of references related to Android Security
Official documentation
- Android Developer's Guide
- Security and Permissions
- Testing and Instrumentation
- AndroidManifest.xml File and Permissions list
- Notepad Tutorial - Recomended starting point to understand Android
- Android Secuity Mailing list
Published Research and presentations
- Presentations
- Coverity SCAN 2010 Open Source Integrity Report which contains information about 88 Kernel bugs in Android
- [https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf Exploratory Android Security (iSEC Partners, Blackhat_2009)
- Developing Secure Mobile Applications for Android
- Building Android Sandcastles in Android's Sandbox at BlackHat Abu Dhabi (Nov 10 - 11 2010) (NOT PUBLISHED YET)
- Books
- Blog posts
Tools
- Android Development
- Android Security Review
- Dex2Jar : "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..."
- ApkTool : "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..."
- JD : Java Decompiler
- OWASP O2 Platform can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
- Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
- iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html
