This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mobile Security Project - Android/References"

From OWASP
Jump to: navigation, search
Line 10: Line 10:
 
* [http://developer.android.com/guide/topics/manifest/manifest-intro.html AndroidManifest.xml File] and [http://developer.android.com/reference/android/Manifest.permission.html Permissions list]
 
* [http://developer.android.com/guide/topics/manifest/manifest-intro.html AndroidManifest.xml File] and [http://developer.android.com/reference/android/Manifest.permission.html Permissions list]
 
* [http://developer.android.com/guide/tutorials/notepad/index.html Notepad Tutorial] - Recomended starting point to understand Android
 
* [http://developer.android.com/guide/tutorials/notepad/index.html Notepad Tutorial] - Recomended starting point to understand Android
* [http://groups.google.com/group/android-security-discuss Android Secuity Mailing list]
 
  
 
===Android Security Team===
 
===Android Security Team===
* Report security vulnerabilities in Android: [email protected]
+
* Report security vulnerabilities in Android: [email protected] (their [http://developer.android.com/security_at_android_dot_com.txt PGP Public] key)
 +
* [http://groups.google.com/group/android-security-discuss Android Security Mailing list]
 
* [http://groups.google.com/group/android-security-discuss/browse_thread/thread/a2ab575dd0e5c27d Introduction from Android Security Team]
 
* [http://groups.google.com/group/android-security-discuss/browse_thread/thread/a2ab575dd0e5c27d Introduction from Android Security Team]
  

Revision as of 16:03, 5 November 2010

Here are a number of references related to Android Security

Official documentation

Android Security Team

Published Research and presentations

Tools

  • Android Development
  • Android Security Review
    • Dex2Jar : "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..."
    • ApkTool : "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..."
    • JD : Java Decompiler
    • OWASP O2 Platform can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
    • Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
    • iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html