Android for Security Engineers Intermediate - 5 days
Description
Android is one of the most popular mobile operating systems on the market. While originally based on Linux, it stands out with specific components making it unique and significantly different from the traditional OS. During this training, the participants will discover the architecture of Android and the interactions between its different internal components. The system allows third-party applications to run while protecting end-user data.
Key components of the system will be analyzed, including the boot process and security mechanisms. The trainers will detail the evolutions of the versions starting from Android 10 and will discuss certain particularities of the manufacturers. The concepts presented will be put into practice through concrete exercises.
At the end of this training, participants will have an in-depth understanding of Android and will be able to be autonomous in any research work on this ecosystem.
-
5 days (35 hours)
-
15h theoretical courses / 20h practical labs
Public and prerequisites
This training is an advanced level course designed for security engineers wishing to conduct research on this system.
-
Pentesters
-
Android developers
-
Security engineers
Good knowledge of C development as well as basic knowledge of Linux systems is recommended.
Content
Day 1
Overall architecture of Android, boot chain, update system, security model and rooting a smartphone.
Day 2
Format of applications (APK) and presentation of compilation and debugging tools (exercises with Frida).
Day 3
Android Runtime, IPC mechanism (Binder) and presentation of the Bionic library (Android libc).
Day 4
Application life cycle: installation, startup, execution and shutdown. Exploration of traces/logs that may be present on a device. Encryption of user data.
Day 5
Final exercise: modification of an Android environment via Magisk modules and putting into practice the concepts learned during the week. Analysis of the specifics of the Linux kernel for Android.