Sujith's Library

Appearance

Mobile Hacking

Mobile hacking refers to exploiting vulnerabilities in smartphones and tablets to gain unauthorized access, steal data, spy on users, or control devices.

With mobile devices storing banking data, credentials, personal photos, OTPs, and corporate emails, they are prime targets for attackers.

Mobile Security

Unlike traditional computers, mobile devices:

  • Are always connected
  • Store highly sensitive personal data
  • Use wireless communication
  • Depend heavily on third-party apps

Mobile security is the practice of protecting mobile devices, operating systems, applications, and data from threats such as malware, unauthorized access, data leakage, and network-based attacks.

Objectives of Mobile Security

  • Protect user data (contacts, SMS, credentials)
  • Ensure application integrity
  • Prevent unauthorized access
  • Secure network communications
  • Maintain privacy and trust
GoalDescription
ConfidentialityProtect sensitive data (SMS, contacts, credentials)
IntegrityPrevent unauthorized data modification
AvailabilityEnsure device and app accessibility

Mobile Threat Landscape

Mobile threats have evolved from simple malware to advanced persistent mobile threats (APMTs) involving:

  • Zero-day exploits
  • Supply chain attacks
  • Nation-state spyware
  • Banking trojans

Key Threat Actors are Cybercriminals, Hacktivists, Insider threats, Nation-state attackers

Android OS Security

Android is open-source, making it flexible but more exposed to threats. Android uses a layered security architecture.

Linux Kernel Security

  • Process isolation
  • Memory protection
  • Device driver security
  • SELinux (Enforcing mode) Mandatory Access Control

Even if malware gains app-level access, SELinux restricts system-level damage.

Application Sandbox Model

Each Android app:

  • Runs as a separate Linux user with a unique UID
  • Has isolated storage
  • Cannot access other apps directly

Security Benefit: If one app is compromised, others remain protected.

Permission Model

  • Runtime permissions (Camera, Location, SMS)
  • User-controlled access

App Signing

  • Every APK must be digitally signed
  • Prevents unauthorized updates

Google Play Protect

  • Scans apps for malware

Example: If a flashlight app requests SMS and Contacts permission, it may indicate malicious intent.

Android Security Weaknesses

  • Sideloading of APKs
  • Fragmented OS updates
  • Excessive permissions
  • Rooted devices

iOS Security

iOS follows a closed and tightly controlled ecosystem.

Security Architecture

  • Secure Boot Chain: Hardware → iBoot → Kernel (Ensures trusted OS loading)
  • App Sandboxing: Strict isolation between apps
  • Code Signing Enforcement: Only Apple-signed apps can run
  • Data Protection: File-based encryption and Secure Enclave for biometrics
  • App Store Review: Manual and automated security checks

Example: An iOS app cannot run unless it is signed by Apple, preventing most malware installations.

iOS Security Weaknesses

  • Jailbroken devices
  • Zero-day vulnerabilities
  • Enterprise certificate abuse

Android vs iOS Comparison

FeatureAndroidiOS
SourceOpen-sourceClosed-source
App InstallationPlay Store + SideloadingApp Store only
CustomizationHighLimited
Malware RiskHigherLower
Update ControlOEM dependentApple controlled

Common Mobile Attack Vectors

Malware

Malicious apps disguised as legitimate ones.

  • Spyware
  • Banking Trojans
  • Adware
  • Ransomware

Example: Fake banking app steals login credentials.

Unsecured Wi-Fi (MITM Attacks)

Public Wi-Fi without encryption allows attackers to intercept traffic.

Example: Stealing login credentials over open café Wi-Fi.

Insecure APIs

  • Poor authentication
  • Hardcoded API keys

Example: Attacker accesses backend server using exposed API key.

Sideloading & Third-Party App Stores

Apps bypass official security checks.

Mobile Reconnaissance & Information Gathering

Mobile reconnaissance is the process of collecting information about a mobile application without active exploitation, used for security testing and vulnerability assessment.

Extracting Mobile App Metadata

Metadata is information about the app, such as:

  • App name & package name
  • Version number
  • Permissions
  • Certificates
  • Target SDK

Android Metadata Sources

  • AndroidManifest.xml
  • APK signing certificate

Example: Identifying that an app requests READ_SMS and WRITE_EXTERNAL_STORAGE indicates potential privacy risk.

Tools

  • APKTool
  • aapt
  • Androguard
  • MobSF

APK Decompilation (Android)

APK decompilation converts an Android app into readable source-like files for analysis.

Components Extracted

  • Manifest file
  • Smali code
  • Resources (XML, images)
  • Libraries

Purpose

  • Analyze permissions
  • Detect hardcoded secrets
  • Study insecure logic

Example Use Case: Checking if API keys are hardcoded inside the app.

Reverse Engineering Android Apps

Reverse engineering is the process of analyzing compiled apps to understand their internal logic and behavior.

Objectives

  • Identify insecure coding
  • Find vulnerable functions
  • Understand app workflow

Techniques

  • Static analysis (without running the app)
  • Dynamic analysis (runtime observation)

Example: Observing login validation logic to ensure credentials are not locally verified.

Tools

  • JADX
  • Androguard
  • Frida (dynamic instrumentation)
  • Drozer
  • Ghidra

Phishing & Smishing

  • Fake SMS, emails, or in-app messages
  • Redirect users to malicious websites

Example: SMS saying "Your account is blocked – click here"

Key Security Best Practices

  • Device Security: Screen lock, biometrics, encryption
  • OS Security: Sandboxing, permissions, secure boot
  • Application Security: Secure coding, app signing
  • Network Security: Secure Wi-Fi, VPN, TLS
  • User Awareness: Phishing prevention, safe app installs