Looking at mobile app API examples and the shortcomings of their security posture.

Leaking all app data

Using Client-side Filtering


APIs need securing properly, not just via obscurity.

Image for post
Image for post
Photo by Markus Spiske on Unsplash

Some APIs are so large that they are more like complete products of their own, not just an intermediary. …


Locating and exploiting custom application protection methods.

Image for post
Image for post
Photo by Morning Brew on Unsplash

We rely on the app developers to adequately protect the data we put into their apps.


Circumventing certificate pinning on Android with smali patches.

If you don’t verify the server is the legitimate one, how do you know user communication is secure? …


Binary patching Android applications to bypass security mechanisms.

Rooting


Assembly language for the dex format, used by Android’s Dalvik virtual machine.

  1. Bypassing these checks at runtime when executing the app using tools such as Frida; attach the tool to the app process to inject code to manipulate the behaviour. …


Modifying the input arguments and return values of native functions.

The Target


Using Frida to explore libraries during runtime

Exploring Runtime Lifecycle Libraries


Dynamic exploration using frida-trace and CLI

Dynamic Inspection

  1. Understand which native functions are being used and ideally at which stage of the app execution (where and when).
  2. Perform enumeration of native functions for a given library.
  3. Hook into a native function when it is called to change its behaviour, for example by changing the arguments or the return value.

Frida-trace


Native library static inspection and the JNI

Introduction

Sometimes decompilation of the code back to Java class files is not enough.

About

The Mobile Security Guys

Random posts about mobile security and testing techniques from a bunch of mobile professionals.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store