Author: Sheran Gunasekera
Size: 7 Mb
Content: This book was a long time coming, and yet I can only feel that now was the perfect time to write it and publish it. Much like a young stand-up comedian who when just starting out has to collect all his life experience with which to deliver as humor, this second edition is a collection of personal experiences and research done along the way.
This book is intended as a reference tool rather than an in-depth, granular teaching tool. It is a better friend to those developers and security researchers who are in their early-mid career than those just starting out. It is a collection of how I have done things and the reasons why I chose to do them the way I did. In this book, I approach Android security from an offensive standpoint.
If the first edition were the Blue Team, then this one is definitely the Red Team book. The principle I try to stand by in this book is that the best way to test your app is by breaking it and breaking it into as many pieces as you can. A true test of your app will be if it can withstand some of the techniques that we use in this book because it is a collection of techniques that are being used out there today.
To this end, you will find a lot of information about how to intercept network traffic, how to break SSL and SSL Pinning, how to root your device, and then how to figure out that security is a lot more than looking for that silver-bullet piece of tech. It is never the case. You have to do the work.
You have to research; you have to test and you have to understand the behavior – of apps and people. There is no silver bullet to security; you have to spend countless hours and, yes, sleepless nights worrying about it.
This book is also a work in progress I feel. As I wrote the chapters, I felt myself taken in different areas that I could not afford to explore. I hope to revisit some of those topics in the future and who knows?
Maybe there will be another book. I do hope you find the book useful and that you learn to look at security from a different perspective. If there’s one thing I want you to take away from this book, it is that you can’t have security on autopilot.
It is a topic you have to think about and consciously make decisions about at every step of the way. The bad guys out there will not rest, so that means less time to celebrate your wins and more time to spend looking at worst-case scenarios in your very own bubble of paranoia.