https://developer.android.com/topic/architecture
-> Android applications are most often developed using Android Studio (IDE) in languages such as Java and Kotlin
-> The file format for Android apps is .apk (Android package)
-> While on iOS an app's unique identifier is known as Bundle Identifier, on Android the term Package Name is used
-> The application installation path is /data/data
Each Android application runs in its own "sandbox," an isolated environment where it can access only the resources and data that have been explicitly authorized. This is crucial to protect the integrity of the system and user data. Through sandboxing, an application cannot directly interfere with the processes of other applications or the operating system. Additionally, permissions to access sensitive resources such as camera, location, and contacts are explicitly granted by the user during installation or execution of the application, ensuring that only trusted applications have access to this data.
Activities - Are the building blocks of the user interface in Android apps, presenting screens to users for interaction.
Services - Services execute tasks in the background without a user interface, handling long-running operations independently of user interaction.
Broadcast Receivers - Broadcast Receivers listen for and respond to system-wide or app-specific broadcast messages, enabling apps to react to events like network changes or incoming messages.
Content Providers - facilitate data sharing between apps by offering a standardized interface for accessing and manipulating structured data, promoting data reuse and interoperability.
Webviews - Are additional components in Android that allow you to display web content within an Android application. Functioning as an in-app browser, they provide a convenient way to embed web pages or web content within an app, allowing developers to create hybrid experiences that combine native and web elements.
Function: The JVM is a virtual machine that executes Java bytecode. It is primarily used in desktop and server environments.
Process: The Java source code (.java) is compiled by javac to generate bytecode (.class), which is executed by the JVM.
.java -> javac (compiler) -> .class (bytecode)
Function: The DVM is a virtual machine specifically designed for Android, optimizing memory and resource usage on mobile devices.
Process: The Java source code (.java) is compiled by javac to generate bytecode (.class), which is converted by dx into Dalvik bytecode (.dex). This bytecode is executed by the DVM.
.java -> javac (compiler) -> .class (bytecode) -> dx (compiler) -> .dex (bytecode)
Function: ART replaces the DVM starting from Android 5.0 (Lollipop), offering better performance through Ahead-of-Time (AOT) compilation.
Process: The Java source code (.java) is compiled by javac to generate bytecode (.class), which is converted by dx into Dalvik bytecode (.dex). During installation or the first execution, dex2oat compiles the Dalvik bytecode (.dex) into native code, resulting in native binaries that are executed directly by the hardware.
.java -> javac (compiler) -> .class (bytecode) -> dx (compiler) -> .dex (bytecode) -> dex2oat > native binary
In Android app development, either the DVM (Dalvik Virtual Machine) or ART (Android Runtime) is used, depending on the Android version for which the app is being developed and the project's compilation settings.
DVM (Dalvik Virtual Machine): Before Android 5.0 (Lollipop), DVM was the default runtime environment. Developers targeting older Android versions (pre-Android 5.0) can still develop apps using DVM.
ART (Android Runtime): Starting from Android 5.0 (Lollipop), ART replaced DVM as the default runtime environment. ART offers better performance and efficiency compared to DVM, especially due to Ahead-of-Time (AOT) compilation, which converts bytecode into native code during app installation.
Therefore, if you're developing an app for an Android version older than Android 5.0, you'll use DVM. For apps targeting Android 5.0 and later versions, ART is the default runtime environment. The choice between DVM and ART is primarily determined by the minimum Android version your app needs to support and the desired performance optimizations.
The .apk file, which is the Android application package, is essentially a zipped file that contains all the resources, codes, and elements required to install and run an application on Android devices. By renaming the .apk file to .zip, it is possible to extract its content using decompression tools, such as the "unzip" command on systems compatible with the zip format. This allows you to explore the internal structure of the .apk file, view its directories, files and resources, facilitating the analysis and inspection of its content for various purposes, such as development, security analysis and debugging.
-> AndroidManifest.xml - This file is essential for every Android application. It contains crucial information about the application, such as required permissions, component definitions (such as activities, services, broadcast receivers), and other settings;
-> META-INF - This folder contains the application metadata;
-> classes.dex - Binary dalvik byte code, contains the current application code;
-> res - The res folder stores Android-specific resources such as XML layouts, images, audio files, strings, styles, and values. They are organized into specific subdirectories, such as res/layout for layouts, res/drawable for images, res/values for values and strings, among others;
-> resources.arsc - This binary file is a compilation of the application's resources, such as strings, layouts, and values, which makes accessing these resources while running the application more efficient.
-> assets - This folder contains other assets used by the application, such as media files (videos, audios), configuration files, HTML, JavaScript, among others. The files in this folder can be accessed directly by application code using the asset manager (AssetManager).
-> lib - Contains native libraries compiled for different architectures (such as ARM, x86), if the application uses native code. The presence of separate folders for different architectures within an APK's lib folder indicates that the application supports those specific architectures.
he Activity Manager is a fundamental component of the Android operating system responsible for managing the lifecycle of activities within an Android application. Activities represent individual screens with which users interact. The Activity Manager coordinates the transition between different states of activities, such as creation, pause, resume, and destruction, based on user interactions and system demands.
Additionally, the Activity Manager manages the activity stack, ensuring that the most recent activity is always on top of the stack and actively interacting with the user. This facilitates seamless navigation between screens within the application.
The Activity Manager also plays a crucial role in managing system resources by prioritizing activities based on the device's memory and processing requirements. It may terminate background activities to free up resources when necessary, ensuring efficient system operation.
The Package Manager is another essential component of the Android operating system responsible for managing installed application packages on the device. An application package in Android is a file in APK (Android Package) format, containing all the necessary resources and files to run the application. The Package Manager is responsible for installing, updating, and uninstalling applications, as well as managing their dependencies and configurations.
Through the Package Manager, users can install new applications from the Google Play Store or other sources, such as downloaded APK files. It also provides detailed information about installed applications, such as name, version, size, and permissions.
Developers can use the Package Manager to access information about other installed applications on the device, check for updates, manage application permissions, and even initiate components of other applications, such as activities and services.
https/developer.android.com/studio
-> To use the adb command, it is necessary to add an environment variable to C:\Users\<your_user>\AppData\Local\Android\Sdk\platform-tools
The Android Debug Bridge (ADB) is a versatile command-line tool that allows communication between a computer and an Android device. It is part of the Android SDK and is essential for developers, testers, and security professionals working with Android devices. In the context of a mobile penetration test, ADB offers a range of features that allow exploration, analysis and manipulation on Android devices.
-> Check connected devices
adb devices
-> Access the device shell
adb shell
-> Access the device shell as root
adb root
adb shell
-> Reboot the device:
adb reboot
-> Install an APK
adb install <apk_path>
-> Connect ADB Server
adb connect ip:5037
adb shell
-> Push a file from PC to device:
adb push <local_path> <remote_path>
-> Pull a file from device to PC
adb pull <remote_path> <local_path>
-> See android device architecture
adb shell getprop ro.product.cpu.abi
-> Monitor system logs:
adb logcat
-> List all running activities
adb shell dumpsys activity activities
-> Force termination of a specific activity
adb shell am force-stop <package_name>
-> Start an application-specific activity
adb shell am start -n <package_name>/<package_name>.<activity_name>
-> Create malicious app and call activity:
Intent intent = new Intent();
intent.setClassName("<package_name>", "<package_name>.<activity_name>");
startActivity(intent);
-> Start a specific service in an Android application
adb shell am startservice -n <package_name>/<package_name>.<service_name>
-> Send a broadcast message to the Android system indicating that the device has been completely initialized.
adb shell am broadcast -a android.intent.action.BOOT_COMPLETED
-> Consult the content provider to retrieve the sent SMS stored on the Android device
adb shell content query --uri content://sms/sent
Create malicious app and call content provider:
Uri uri = Uri.parse("content://com.example.myapplication/ok.txt");
ContentResolver cr = getContentResolver();
Cursor c = cr.query(uri, cols, null, null, null);
-> List all installed application packages
adb shell pm list packages
-> Get detailed information about a specific application package
adb shell pm dump <package_name>
-> Clear cache for a specific app
adb shell pm clear <package_name>
-> List third party package
adb shell pm list packages -3
-> Print the path to the .apk
adb shell pm path <package_name>
-> Get base.apk from device
adb pull <package_path> .
-> Install apk on device
adb install example.apk
-> Access https://play.google.com/store/search?q=<name_app>&c=apps and get package name or url
-> Sites to download apk
https://apkgk.com/APK-Downloader
https://apk.support/apk-downloader
https://apps.evozi.com/apk-downloader/
https://m.apkpure.com/br/
https://auroraoss.com/
Remembering that you can download directly from the Google Play Store, only download the apk from these sites if you are aware of the risks, as there is no way to guarantee that they are free of malware.
An Android App Bundle (AAB) is a publishing format that contains all of an app's code and resources, but is not packaged like an APK. Instead, the Google Play Store processes AAB to generate and distribute APKs optimized for each device's specific configurations. This allows you to create smaller, more efficient APKs by supporting conditional delivery of modules. Developers submit AAB to the Play Store, which creates the necessary APKs.
-> convert .aab to .apks (https://github.com/google/bundletool)
java -jar bundletool-all-1.17.1.jar build-apks --bundle=app-release.aab --output=app.apks
-> Convert .aab to Universal .apks, to create an APK that can be installed on any device
java -jar bundletool-all-1.17.1.jar build-apks --bundle=app-release.aab --output=app.apks --mode=universal
-> bundletool identifies device settings (such as CPU architecture, screen density, language, etc.) and automatically installs the specific APKs needed for that device
java -jar bundletool-all-1.17.1.jar install-apks --apks=app.apks
-> You can also unzip the apks and then install the base apk based on the architecture you want.
An .apks file is a set of APKs generated from an Android App Bundle (AAB). It's basically a ZIP file that contains multiple APKs optimized for different device configurations (like CPU architecture, screen density, language, etc.).
-> Unzip the generated .apks file
-> Install the main APK on the device
adb install base.apk