Library injection for debuggable Android apps

TLDR: released a script which can be used to inject native libraries like Frida into debuggable Android apps on non-rooted devices. As discussed on a previous blogpost, security testers can use Frida to review the internals of Android apps on non-rooted Android devices, as long as they inject the library into the app via application repackaging. Some time ago, Tim asked the following on twitter: So Frida does require root? »

Using Frida on Android without root

Frida is a great toolkit by @oleavr, used to build tools for dynamic instrumentation of apps in userspace. It is often used, like Substrate, Xposed and similar frameworks, during security reviews of mobile applications. Typically rooted Android devices are used during such reviews. There are several reasons for this, but the most important is that the frida-server binary, which executes on the device, requires root privileges to attach to (ptrace) the target application, in order to inject the Frida gadget library into the memory space of the process. »

Inside SafetyNet - part 3

This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source It’s been more than 8 months since my last blog post on Android’s SafetyNet. In that post I was describing an end-of-2015 version of the system (version code 2495818). »

Inside SafetyNet - part 2

This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source It’s been six months since my last blog post on Android’s SafetyNet. I was then examining a mid-July 2015 version of the system. »

Network Security Policy configuration for Android apps

android.security.net.config Capabilities Permit clear-text traffic HSTS enforcement Certificate Pinning Custom Trust Anchors Android engineers have recently been busy building out AndroidNSSP (Android Network Security Provider): a system that application developers will be able to use in order control aspects of the network security policy of their application. It’s been long overdue, and there are various bits and pieces still missing; however important parts were merged to AOSP master about a month ago. »