Vulnerability tester: an Android app which finds and exploits application layer vulnerabilities of other apps
Μάντος, Πέτρος Λάζαρος Κάρολος
Mantos, Petros Lazaros Karolos
Android is the most popular mobile operating system. Nowadays, it is used not only in smartphones but can be found at the heart of each smart device. This makes it one of the most popular targets amongst malware developers and cyber criminals. The main purpose of this dissertation is to examine possible application layer vulnerabilities that lie both in Android application components and its architecture. This was not only accomplished theoretically but also by developing from scratch an Android application which can be used in order to detect, exploit and inform the end-user regarding such vulnerabilities. Firstly, the reader will be introduced to security-oriented structures of the Android’s ecosystem and application architecture. Then, the most significant Android application components will be discussed in order to illustrate with clarity their role in the application’s lifecycle while some prominent exploitation techniques applicable to them will also be explained. Finally, some of the core capabilities of the aforementioned application will be demonstrated by exploiting a proof of concept vulnerable application. The dissertation concludes with some secure coding practices that should be taken into account in order to eliminate these kind of vulnerabilities.