Introduction to Android Hacking - Hacking Applications, Hacking Tools and Resources, and How to Secure Your Android Device from Getting Hacked
Since its inception in September 2008, the Android Platform has been a favorite of hackers worldwide. The open source platform and the variety of hardware options makes Android a hacker’s dream.
Security is a major part of the Android ecosystem. Android was created with openness in mind, and is conducive to the use of third party applications and cloud-based services. Android seeks to be a secure and usable operating system for mobile platforms.
Android Hacking Applications
There are several popular applications that are used by developers to hack Android devices to make them faster, increase battery life, and customize screensavers, ringtones, alerts, and more. The list of hacks available to make improvements to an Android is large and growing every day. Tweaks or hacks can be either surface ones or the deep-system kind, depending on what the hack can do. Popular surface tweaks or hacks are:
- Tusker - for location based automation
- Ability to install custom keyboards like Swype and SwiftKey
- Deep system tweaks include downloading new kernels and radios to increase speed and battery life
Unfortunately, there are many hackers with malicious intent that can and do break into an Android device to steal valuable personal information or to profit from illegal financial transactions. While it may be hard (or even impossible) to make your Android un-hackable, there are things you can do to make your device more secure.
Three Biggest Hacking Threats to Your Android
- Data in transit: Android devices and mobile devices in general are especially susceptible because they use wireless communications exclusively and often public WiFi, which can be insecure. An attack that is used frequently by hackers is a man-in-the-middle attack where an attacker breaks into the device and redirects data to exploit the resources on it before forwarding it to the original destination. This method allows the hacker to spy on Internet browsing activity, steal keystrokes to identify passwords and isolate the individual's physical location, along with potentially listening to calls and intercepting texts.
- Third party apps: In a recent study, 57% of malicious apps in the Android marketplace were found in third party app stores.
- SMS Trojans: By including premium dialing functionality into a Trojan app an attacker can run up the victim’s phone bill and get the mobile carriers to collect and distribute the money to them. Another malicious usage of SMS involves using an infected device to send out SMS text messages to all contacts in the address book with a link to trick the recipients into downloading and installing the worm, thereby infecting many devices at one time.
Three Steps you can take to protect your Android device
- SSL encryption for the device: SSL is one of the best ways to secure sensitive data in transit.
- Test third party apps: Try to install Apps from first party vendors like Google. If you do buy apps from a third party store, vet the security/authenticity of any third party code/libraries used in your mobile application by using a mobile security vendor. Read the permissions that apps require before downloading them. Examples of permissions apps can request that may raise red flags are permission to reveal your identity or location or send messages to the Internet.
- Be wary of SMS Trojans: Implement controls to prevent unauthorized access to paid-for resources. If an application asks for a payment via SMS, exercise additional caution.
Android Hacking Resources
XDA Developers Forums is a great resource for learning about Android hacking applications, and Android hacking tools to customize Android devices. It is a mobile software development community of over 4 million users worldwide, started in 2003. The site's main purpose is discussion, troubleshooting and development of Android among other devices.
1. Juniper Networks, 2011 Mobile Threats Report
Written by: Neil DuPaul