This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mobile Security Project - Android/References"

From OWASP
Jump to: navigation, search
Line 6: Line 6:
 
* [http://developer.android.com/guide/topics/security/security.html Security and Permissions]
 
* [http://developer.android.com/guide/topics/security/security.html Security and Permissions]
 
* [http://developer.android.com/guide/topics/testing/testing_android.html Testing and Instrumentation]
 
* [http://developer.android.com/guide/topics/testing/testing_android.html Testing and Instrumentation]
 +
 
===Published Research===
 
===Published Research===
 
* [http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf Coverity SCAN 2010 Open Source Integrity Report] which contains information about 88 Kernel bugs in Android:  
 
* [http://www.coverity.com/library/pdf/coverity-scan-2010-open-source-integrity-report.pdf Coverity SCAN 2010 Open Source Integrity Report] which contains information about 88 Kernel bugs in Android:  
Line 11: Line 12:
 
===Blog posts===
 
===Blog posts===
 
* [http://jack-mannino.blogspot.com/2010/09/reversing-android-apps-101.html Reversing Android Apps 101]  - Jack Mannino
 
* [http://jack-mannino.blogspot.com/2010/09/reversing-android-apps-101.html Reversing Android Apps 101]  - Jack Mannino
 +
* [http://carnal0wnage.blogspot.com/2010/04/android-emulators-with-android-market.html Android Emulators with Android Market] and [http://techdroid.kbeanie.com/2009/11/android-market-on-emulator.html Android Market on Emulator]
  
 
===Presentation===
 
===Presentation===
 
* [http://www.blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html Building Android Sandcastles in Android's Sandbox] at BlackHat Abu Dhabi (Nov 10 - 11 2010)
 
* [http://www.blackhat.com/html/bh-ad-10/bh-ad-10-briefings.html Building Android Sandcastles in Android's Sandbox] at BlackHat Abu Dhabi (Nov 10 - 11 2010)
 +
* [https://www.isecpartners.com/files/iSEC_Android_Exploratory_Blackhat_2009.pdf Exploratory Android Security (iSEC Partners,  Blackhat_2009)
  
 
===Tools===
 
===Tools===
Line 25: Line 28:
 
** [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
 
** [[OWASP O2 Platform]] can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
 
** Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
 
** Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
 +
** iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html

Revision as of 15:06, 5 November 2010

Here are a number of references related to Android Security

Official documentation

Published Research

Blog posts

Presentation

Tools

step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..."

  • Android Security Review
    • Dex2Jar : "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..."
    • ApkTool : "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code
    • JD : Java Decompiler
    • OWASP O2 Platform can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
    • Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
    • iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html