Android Applications Reverse Engineering

ATTEND IN-PERSON: Onsite in Bangkok, Thailand

This workshop offers an introductive analysis of the essential principles and practices crucial for testing and assessing Android mobile applications in today’s landscape. This course equips participants with the fundamental knowledge needed to understand and address security vulnerabilities prevalent in mobile applications. Through a tested curriculum, students will start with foundational concepts and methodologies used in application testing, then they will learn to employ a diverse array of tools and resources essential for identifying and mitigating security risks effectively.

Participants also gain hands-on experience in assessing device security, including techniques for bypassing security mechanisms, and key concepts and tricks in conducting efficiently and effectively Static Code Analysis (SCA) of Android apps and reverse engineered code. Moreover, the course provides insights into testing local authentication mechanisms, input validation, and the security implications of interacting with third-party applications. Finally, students are introduced to backend security considerations, focusing on securing APIs and web services.

By the end of the workshop, participants will have a good understanding of mobile application security principles and practical skills to identify, assess, and validate mobile app vulnerabilities effectively.

Key learning objectives

• Understanding fundamental concepts in mobile application security, including testing methodologies, and tools used in the reverse engineering ad analysis process.
• Gaining proficiency in assessing and bypassing device security mechanisms, such as rooting devices and conducting static code analysis.
• Developing skills in testing various aspects of mobile applications, including authentication mechanisms, input validation, interaction with third-party applications, and backend security.

What will the students get

• Practical knowledge on the latest techniques and methodology for testing the security of Android apps without any prior knowledge on the app’s innerworkings.
• An arsenal of tools to be leveraged for the reverse engineering and analysis of modern Android apps.

 Agenda /Topics Covered

Introduction to Mobile App Security

• Fundamental concepts in mobile app security.
• Overview of mobile app testing methodology.
• Tools and resources for the reverse engineering and analysis of Android apps.

Android App Reverse Engineering and Static Analysis

• Android apps package’s structure and key components.
• Device rooting techniques for bypassing device security mechanisms.
• Decompiling Android apps and execute static code analysis.
• Overview on code obfuscation & binary protection mechanisms.
• Intercepting network traffic and testing communication security.
• Analyzing data stored by the app on the device.

Android App Dynamic Analysis

• Assessing local authentication mechanisms.
• Testing local and remote input validation mechanism.
• Security of interaction with third-party applications.
• Introduction to (ab)use of platform features and their mitigations.
• Introduction to backend security (APIs and web services)