Dynamic Analysis of Android Apps: Attacking Apps From The Inside

No ratings

Presented at AppSecIsrael 2014 by

Erez Metula

Dynamic analysis of android apps is all about analyzing apps in real time, for the purpose of detecting application level vulnerabilities and for the sake of manipulating applications while they execute. It is often used as a last resort due to its complexity, when other pentesting techniques mainly focused on static analysis are not enough. Common usages of dynamic analysis are extraction of sensitive data from application memory variables, stealing encryption keys, manipulating signature mechanisms and so on. During this talk we will focus on memory dumps, remote debugging, smali debugging, native debugging, usage of ReFrameworker platform and other interesting things. This talk is based on a similar chapter as part of the Android application hacking course given by Erez at recent BlackHat USA 2014 (https://www.blackhat.com/us-14/training/android-application-hacking-pentesting-mobile-apps.html)