Mobile penetration testing on Android using Drozer

Android red logoMobile phones have become an indispensable part of our daily life. We use mobile phones to communicate with our loved ones, for quick access to information through the Internet, to make transactions through mobile banking apps or to relax reading a good book.

In a way, a big part of our private life has moved into the digital environment. Mobile phones seem to be a pocket-sized treasure of secrets and information, hiding our most valuable photos, mails, contacts and even banking information. There’s no wonder why we need mobile phones to have bullet-proof security.

Android is the most common operating system for mobile devices and is particularly interesting from the security point of view.  It is very permissive, allowing its users to customize about anything, administrative privileges (a.k.a. rooting) can be unlocked on most phones, it has a very fuzzy system for the permissions required by applications and it features different ways for one application to interact with other applications.

In this blog post, we are going to focus on how Android apps can interact with each other and how the security of those interactions can be tested.

Continue reading

How to install Android 5.0.1 Lollipop on Samsung Galaxy S4

Instal Android 5 Lollipop on Galaxy S4 With the new release of Android 5.0.1 Lollipop, we wanted to explore its new features and security enhancements. However, since this version of Android is officially limited to Nexus phones, we had to install it on a device that we own – Samsung Galaxy S4.

This is a step by step tutorial on how to install Android 5.0.1 on Samsung Galaxy S4 (including rooting instructions).

You must have:

  • a Samsung Galaxy S4 (with enough battery)
  • a microSD card (at least 1 GB if you don’t backup data to microSD)
  • a microUSB cable

Disclaimer:

  1. We are not responsible for any bricked device which may come up after these instructions
  2. We are not responsible for any bugs in Android 5.0.1 (GPS, alarm clock…)
  3. We are not responsible for losing your data (backup your data first)

Continue reading