Android Software Internals Quick Reference

Use this handy field guide as a quick reference book and cheat sheet for all of the techniques you use or reference day to day. Covering up to Android 11, this Android Java programming reference guide focuses on non-UI elements with a security focus. You won’t see Android UI development, nor will you see low-level C or kernel techniques. Instead, this book focuses on easily digestible, useful, and interesting techniques in Java and the Android system.

This reference guide was created out of the need for myself to jot down all the useful techniques I commonly reached for, and so I’m now sharing these techniques with you, whether you are an Android internals software engineer or security researcher.

WHAT YOU WILL LEARN

* Discover the differences between and how to access application names, package names, IDs, and unique identifiers in Android
* Quickly reference common techniques such as storage, the activity lifecycle, and permissions
* Debug using the Android shell
* Work with Android's obfuscation and encryption capabilities
* Extract and decompile Android applications
* Carry out Android reflection and dex class loading

WHO THIS BOOK IS FOR

Programmers, developers, and admins with at least prior Android and Java experience.

JAMES STEVENSON has been working in the programming and computer security industry for over 4 years, and for most of that has been working as an Android software engineer. Prior to this, James graduated with a BSc in Computer Security in 2017.

James has featured articles on both personal websites as well as industry platforms such as InfoSecurity Magazine - covering topics from security principles, android programming and security, and cyber terrorism.

At the time of writing James is a full-time security researcher, part-time Ph.D. student, and occasional conference speaker. Outside of Android internals James’ research has also focused on offender profiling and cybercrime detection capabilities. For more information and contact details visit https://JamesStevenson.me.

Introduction 1

What is this book 1

What this book is not 2

About the author: 2

Special Thanks: 3

Contents 4

Android Versions 9Fundamentals 13

Android Sandbox 13

Activities 13

Services 14

Broadcast Receivers 14

Content providers 15

Manifest 15

Permissions 16Context 16

The Activity Lifecycle 18

4 of 153

Android Users 20

Application Names, Android Package Name, and ID

23

Summary 23

Java Package Name 24Package ID 25

Application ID 26

Application Name 30

Storage 32

Partitions 32

External and Internal Storage 36

General Files 43

Databases 46Shared Preferences 54

File Providers 57

Assets Folder 60

Resources 62

Android Unique Identifiers 63

Phone Number 63

SIM Serial Number 64

International Mobile Subscriber Identity (IMSI) 66

IMEI and MEID: 67

Device Serial Number 68

MAC Address 69

Android ID (Secure Settings Android ID - SSAID) 70

5 of 153

The Android Shell 71

Running commands programmatically 76

Obfuscation and Encryption 78

Logging 78

ProGuard 83

Public Key / Certificate Pinning 89

AES Encryption 93

Applications and Services 95

Creating an application without a UI and Launcher95

Long-Running Services 101

Creating an Android Launcher 129

Reflection and Dex Class Loading 136

Reflection 136

Dex Class Loading 146