..there is a shocking lack of published material on the topic of mobile security. The Mobile Application Hacker s Handbook seeks to change this and be a positive movement to educating others in the topic of mobile security awareness. (Vigilance–Security Magazine, March 2015)

Introduction xxxi

Chapter 1 Mobile Application (In)security 1

Chapter 2 Analyzing iOS Applications 17

Chapter 3 Attacking iOS Applications 69

Chapter 4 Identifying iOS Implementation Insecurities 133

Chapter 5 Writing Secure iOS Applications 149

Chapter 6 Analyzing Android Applications 173

Chapter 7 Attacking Android Applications 247

Chapter 8 Identifying and Exploiting Android Implementation Issues 353

Chapter 9 Writing Secure Android Applications 427

Chapter 10 Analyzing Windows Phone Applications 459

Chapter 11 Attacking Windows Phone Applications 511

Chapter 12 Identifying Windows Phone Implementation Issues 587

Chapter 13 Writing Secure Windows Phone Applications 629

Chapter 14 Analyzing BlackBerry Applications 647

Chapter 15 Attacking BlackBerry Applications 681

Chapter 16 Identifying BlackBerry Application Issues 693

Chapter 17 Writing Secure BlackBerry Applications 705

Chapter 18 Cross ]Platform Mobile Applications 729

Index 743

DOMINIC CHELL is a director of MDSec and a recognized expert in mobile security, providing training to leading global organizations.

TYRONE ERASMUS is an expert on Android security and heads Mobile Practice at MWR InfoSecurity SA.

SHAUN COLLEY is a security consultant and researcher at IOActive specializing in mobile security and reverse engineering.

OLLIE WHITEHOUSE is Technical Director with NCC Group who has previously worked for BlackBerry and Symantec specialising in mobile security.

View your app through a hacker′s eyes

IT security breaches make headlines almost daily. With both personal and corporate information being carried in so many pockets, mobile applications on the iOS, Android, Blackberry, and Windows Phones are a fertile field for hackers. To discover the true vulnerabilities in a mobile app, you must look at it as a hacker does.

This practical guide focuses relentlessly on the hacker′s approach, helping you secure mobile apps by demonstrating how hackers exploit weak points and flaws to gain access to data. Discover a proven methodology for approaching mobile application assessments and the techniques used to prevent, disrupt, and remediate the various types of attacks.

Learn to:

• Understand the ways data can be stored and how hackers can defeat cryptography
• Set up an environment in which insecurities and data leakages can be identified
• Develop extensions to bypass security controls and perform injection attacks for testing
• Identify the different types of attacks that apply specifically to cross–platform apps
• Recognize how hackers bypass security controls such as jailbreak/root detection, tamper detection, runtime protection, and anti–debugging
• Implement a generic methodology for mobile application testing