Hackers of India

HITB Lab: Mobile Application Security for iOS and Android

By  Tushar Dalvi  , Tony Trummer  on 26 May 2016 @ Hitb Sec Conf

Abstract

In this lab, we’ll cover the fundamentals of mobile application security for Android and iOS. The target audience is either beginning application security professionals or those who have web or other security experience, but want to learn more about auditing mobile applications. This lab will move fast, so be prepared to go from 0 to 60 and leave with a good foundational knowledge you can use to build on.

We will cover:

Android

– Quick overview – Application structure and build process – Reversing APKs – IPC mechanisms – Providers and data storage – Permissions – WebViews – Transport layer security – Tools: QARK, ADB, APKTOOL

iOS

– Quick overview – Secure Boot Chain – iOS build process – Reversing apps – Application fundamentals – Filesystem layout and data storage – Transport layer security – Dynamic analysis – Tools: IDB, iFunBox, oTool, CyCript, class-dump-z

Students should come prepared to get the most of this lab. This includes bringing their own laptops with the following installed:

Java 1.7+ Python 2.7 The latest Android Studio and/or XCode and bringing rooted, physical Android and/or iOS devices and cables or having working emulators on their laptops.