Mobile Application Security Flashcards
How does Android sandbox applications?
Using SELinux, the Linux user abstraction (one app publisher -> unique UID), the permission concept (maps to Linux group ids)
What is different for “dangerous” permissions?
They have to be requested explicitly at runtime since Android 6 Marshmellow
What does an Android APK contain?
AndroidManifest.xml, classes.dex, res, lib
What are the four main components of Android apps?
Activities, Services, Broadcast Receivers, Content Providers
Name 4 Android IPC Mechanisms
Intents, Binder, Messenger, Content Providers
What is the difference between explicit and implicit Intents?
Explicit intents target specific app components, implicit intents are caught via intent-filters, which are declared in AndroidManifest.xml
Name 7 common vulnerabilities of Android apps
Leaking sensitive information via logging, Leaking components, Insecure communication, Weak input validation / sanitization, Tapjacking, Hardcoding sensitive information, Reverse Engineering & Code Tampering