PROGRESS
0%
Beginner Android Penetration Testing
Mission Briefing - Android's Security Model 0/1 Setting Up Your Arsenal - Building a Pentesting Lab 0/1 First Recon - Understanding the Target 0/1 Traffic Analysis 0/1 Attacking the Database - SQLite Injection 0/1 Final Challenge: Hack a Real-World Vulnerable Android App 0/1
← Beginner Android Penetration Testing

Mission Briefing - Android's Security Model

Task 1 Introduction

Learning Objectives

  • Understand what makes Android unique and why it's a target.
  • Learn the core components of an Android application (APK).
  • Grasp the two pillars of Android security: Sandboxing and Permissions.

Introduction

Before we hack, we must understand the target. Android's security isn't an afterthought; it's built on top of a Linux kernel. This architecture is what protects your data from malicious apps.

Core Concepts

1. The Android Architecture (Simplified)

  • Linux Kernel: The foundation. It handles hardware interaction, process management, and, crucially, security.
  • Libraries: Includes SQLite (databases), WebKit (web rendering), and media frameworks.
  • Android Runtime (ART): Each app runs in its own instance of the Android Runtime (previously Dalvik Virtual Machine or DVM). This is key to isolation.
  • Application Framework: The tools and APIs (like Activity Manager, Notification Manager) developers use.
  • Applications Layer: Where your apps (both system and user-installed) reside.

2. The Application Sandbox

  • The "One App, One User" Rule: In Linux, every user has a unique User ID (UID). Android treats each installed app as a unique user.
  • Isolation: When you install an app, the system gives it a unique UID. The app's process runs in its own virtual machine. It cannot access another app's data unless explicitly permitted.
  • Practical Implication: An app you install from the Play Store cannot read your banking app's database. This is the sandbox.

3. The Permission Model

  • If the sandbox says "you can't touch another app's things," permissions say "you can't touch the device's things (camera, contacts, SMS)."
  • AndroidManifest.xml: Every app contains this file. It declares the permissions the app needs (e.g., <uses-permission android:name="android.permission.INTERNET" />).
  • User Consent: When you install an app, you are shown a list of required permissions. You are the final gatekeeper.

4. The Android Application Package (APK)

An APK is just a Zip file. Let's peek inside:

  • AndroidManifest.xml: The app's blueprint.
  • classes.dex: The compiled code (Dalvik Executable). This is what we'll reverse engineer.
  • res/: Resources (images, layouts).
  • lib/: Native code libraries (.so files) for specific processors (ARM, x86).
  • META-INF/: Contains the app's signature and certificate information.

Summary

  • Android uses Linux User Isolation to create a sandbox for each app.
  • Apps must declare required permissions in their AndroidManifest.xml.
  • The APK file is an archive containing the app's code, resources, and manifest.
Answer the questions below
What mechanism does Android use to isolate one app's data from another's?
Which file inside an APK contains the application's compiled code?