Using Frida on Android without root

Frida is a great toolkit by @oleavr, used to build tools for dynamic instrumentation of apps in userspace. It is often used, like Substrate, Xposed and similar frameworks, during security reviews of mobile applications. Typically rooted Android devices are used during such reviews. There are several reasons for this, but the most important is that the frida-server binary, which executes on the device, requires root privileges to attach to (ptrace) the target application, in order to inject the Frida gadget library into the memory space of the process. »

Inside SafetyNet - part 3

This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source It’s been more than 8 months since my last blog post on Android’s SafetyNet. In that post I was describing an end-of-2015 version of the system (version code 2495818). »

Inside SafetyNet - part 2

This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source It’s been six months since my last blog post on Android’s SafetyNet. I was then examining a mid-July 2015 version of the system. »

Network Security Policy configuration for Android apps

android.security.net.config Capabilities Permit clear-text traffic HSTS enforcement Certificate Pinning Custom Trust Anchors Android engineers have recently been busy building out AndroidNSSP (Android Network Security Provider): a system that application developers will be able to use in order control aspects of the network security policy of their application. It’s been long overdue, and there are various bits and pieces still missing; however important parts were merged to AOSP master about a month ago. »

Using Android's tamper detection securely in your app

In a previous blogpost, I described how Google Play’s SafetyNet service is structured, from a technical perspective, diving deep into details and the checks it perfoms on the device. Recap: Google Play’s SafetyNet service allows your application to gain information about the ‘CTS compatibility’ status of the device you are running on. You can think of CTS compatibility as a mix of rooting detection, device tampering detection and active MitM detection. »