Android Mobile Security
Secure Android apps and devices: architecture, hardening, and common mobile threats.
1. Android Security Model
Sandboxing, permissions, SELinux on Android, and app signing.
2. Mobile Threat Landscape
Common Android attacks, malware types, and OWASP Mobile Top 10 overview.
3. Secure App Components
Activities, services, receivers, content providers, and IPC security.
4. Storage and Data Protection
Keystore, encrypted storage, shared prefs security, backups, and secrets.
5. Network Security for Mobile
TLS pinning, network security config, cert validation, and MITM defenses.
6. Lab: TLS Pinning Implementation
Implement and test certificate pinning in an Android app.
7. Static and Dynamic Analysis
apktool, jadx, Mobile Security Framework (MobSF), Frida basics.
8. Lab: Analyze an APK
Reverse engineer an APK, inspect permissions, and identify risks.
9. Assignment: Secure an App
Harden an existing Android app and produce a security checklist.
10. Quiz: Android Security
Evaluate understanding of Android security controls and threats.
11. Android App Lifecycle Security
Understand lifecycle events and secure handling of sensitive state across activity transitions.
12. Secure Coding for Android Inputs
Validate and sanitize input sources to prevent injection-style and logic abuse vulnerabilities.
13. Lab: Input Validation Hardening
Implement and test validation controls in a sample Android flow with security test cases.
14. Authentication in Mobile Apps
Build secure login flows with token handling, session lifetimes, and re-authentication controls.
15. Authorization and Privilege Boundaries
Apply role checks and privilege separation across app features and backend calls.
16. Lab: Token and Session Security
Audit token storage, expiration, refresh flows, and misuse scenarios in a demo app.
17. Secure API Communication Patterns
Protect mobile-to-backend communications with safe API design and abuse-resistant controls.
18. Root/Jailbreak Detection Concepts
Understand rooted-device risks and practical guardrails to reduce high-risk execution scenarios.
19. Lab: Runtime Integrity Checks
Implement and validate basic runtime integrity controls and tamper-awareness checks.
20. Code Obfuscation and Reverse Engineering Resistance
Learn realistic obfuscation approaches and understand limitations against determined attackers.
21. Secure Logging and Privacy Controls
Prevent sensitive data leakage through logs, analytics, and debugging channels.
22. Lab: Privacy Leak Assessment
Inspect logs and app behavior for potential privacy leaks and implement fixes.
23. Mobile Penetration Testing Workflow
Learn a structured testing sequence from reconnaissance to reporting for Android applications.
24. Lab: End-to-End APK Security Review
Perform static + dynamic review of a sample app and produce prioritized findings.
25. Capstone: Mobile App Hardening Project
Apply secure coding, storage protections, communication hardening, and validation checks to deliver a hardened Android app baseline.