Mobile Application Security Flashcards

1
Q

How does Android sandbox applications?

A

Using SELinux, the Linux user abstraction (one app publisher -> unique UID), the permission concept (maps to Linux group ids)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is different for “dangerous” permissions?

A

They have to be requested explicitly at runtime since Android 6 Marshmellow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does an Android APK contain?

A

AndroidManifest.xml, classes.dex, res, lib

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the four main components of Android apps?

A

Activities, Services, Broadcast Receivers, Content Providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Name 4 Android IPC Mechanisms

A

Intents, Binder, Messenger, Content Providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the difference between explicit and implicit Intents?

A

Explicit intents target specific app components, implicit intents are caught via intent-filters, which are declared in AndroidManifest.xml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Name 7 common vulnerabilities of Android apps

A

Leaking sensitive information via logging, Leaking components, Insecure communication, Weak input validation / sanitization, Tapjacking, Hardcoding sensitive information, Reverse Engineering & Code Tampering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly