Posts

What is a WebView? # We know that android applications can interact with websites by using an intent with ACTION.

We will look at how android applications store files and further have access to the file system of the device.

What is a Service? # A service is defined as an application component that can perform long-running operations in the background, not providing a user interface.

Overview # So far we have only examined whether or not apps are exported.

What is a Broadcast Receiver? # Android applications can send and receive broadcast messages from both the operating system and other android applications.

What is a Content Provider? # A Content Provider presents data to external applications as one or more tables - where a row represents an instance of some type of data that the provider collects and a column in the row represents an individual piece of data collected for a given instance.

Preface # Similar to the last few android pentesting blog posts - this is heavily based off of the Hextree.

What is Dynamic Instrumentation? # The more straight forward approach of understanding these android applications is by decompiling them and examining the code - after all the apk is just an archive.

The Flow Chart # We need a bit more than just a proxy and a neat interception tool like Burp Suite in order to inspect the traffic of some android applications.

I think that because mobile application testing is somewhat of a niche, the security considerations for mobile devices are also less understood.