Android-Security-Roadmap
Prerequisites
Programing languages
Networking
- OSI Model : [1] - [2]
- TCP / IP
- DNS
- HTTP
- SSL / TLS
- Proxy
Cryptography
- Encryption : [1]
- Hashing
- MAC
- RSA
- AES
Android Design & Architecture
- Linux Kernel : [1]
- HAL
- Native Library
- Android Runtime
- Java API
- System App
- IPC
- Binder
- Dalvik VM
- SandBoxing
- User & group
- Filesystem / Partition
- File
- Database
- Sqlite : [1] - [2]
- Room : [1] - [2]
- Realm : [1] - [2]
- Sharedprefrence : [1] - [2]
Permissions
- Application level : [1]
- Protection levels
- Custom Permission
Application Components
- Activity : [1]
- Service : [1]
- Broadcast Reciever : [1]
- Content Provider : [1]
- Manifest : [1]
- Intent : [1] - [2]
Core Api
- Cryptography : [1]
- Interacting with Other Apps : [1]
- User Interface : [1]
- Images and graphics : [1]
- Audio & Video : [1]
- background processing : [1]
- App data and files : [1]
- Touch and input : [1]
- Sensors : [1]
- Connectivity : [1]
Server Interaction
- Confidentiality & Authentication
- HTTP Library
- OkHttp
- Volley
- Retrofit
- Burp Suite
- SSL Pinning
- Certificate Validation
- Proxy & Sniffer for HTTP Traffic
- SSL / TLS Implementation
Static Analysis
- APK Development Process
- APK Structure : [1]
- Decompiling
- JADX
- APKtool
- Code Patching
- Native Code
- Decompiling
- Disassembling
- Ghidra
- IDA
Dynamic Analysis
- Stack trace
- Hooking
- Debuging
- ADB
- Emulator
- Genymotion
- AVD
- Bluestack
- Detection / Bypass
- Virtual-machine
- SSL-pin
- Rooting
- Tools
- Frida
- Drozer
- Objection
- Xposed
- RMS
- MOBSF
Common Attacks
- Insecure Data Transmission
- Insecure IPC
- Permission Issue
- Insecure Data Storage
- Webview Issue
- Insecure Logs