androidsecurity, mobileapppt,

Android Hacking Fundamentals -Part-1.

Manikanta S Manikanta S Follow Sep 27, 2020 · 2 mins read
Android Hacking Fundamentals -Part-1.
Share this

Before learning about the android application hacking, it is necessary to understand the fundamental concepts of android application files, components and how the different components are helpful to function the application. Need to know about the jargon of the Android application core components.

APK

Android applications are distributed as APK files. APK files are basically ZIP files similar to the JAR files used to package Java libraries. An APK file contains app code in the DEX file format, native libraries, resources, assets, etc. It must be digitally signed with a certificate to allow installation on an Android device.

The structure of an APK

APK Package Contents

An APK file is a compressed package that contains the following files and directories:

  • assets: directory with application assets.
  • res: directory with all resources that are not compiled into resources.arsc. These are all resources except the files in res/values. All XML resources are converted to binary XML, and all .png files are optimized (crunched) to save space and improve runtime performance when inflating these files.
  • lib: directory with compiled native libraries used by your app. Contains multiple directories, one for each supported CPU architecture (ABI).
  • META-INF: directory with APK metadata, such as its signature.
  • AndroidManifest.xml : application manifest in the binary XML file format. This contains application metadata — for example, its name, version, permissions, etc.
  • classes.dex: file with app code in the Dex file format. There can be additional .dex files (named classes2.dex, etc.) when the application uses multidex
  • resources.arsc: file with pre-compiled resources, such as strings, colors, or styles.

What Is a Dex File? (java or kotlin) :

A Dex file contains code that is ultimately executed by the Android Runtime. Every APK has a single classes.dex file, which references any classes or methods used within an app.

Android app components:

Android applications are developed using JAVA, Kotlin, and C++. Application components are very essential for building Applications. They work as an entry point for users or systems to enter your application. There are four different types of components. Each component has its own purpose and distinct life cycle.Whenever you create or use any of them, you must include elements in the project manifest.

  • Activities : They dictate the UI and handle the user interaction to the smartphone screen.
  • Services : They handle background processing associated with an application.
  • Broadcast Receivers : They handle communication between Android OS and applications.
  • Content Providers : They handle data and database management issues.Content providers provide the following four basic operations. These are also known as CRUD operations, where

Additional Components

  • Fragments : Represents a portion of the user interface in an Activity.
  • Views : UI elements that are drawn on-screen including buttons, lists forms etc.
  • Layouts : View hierarchies that control screen format and appearance of the views.
  • Intents : Messages wiring components together.
  • Resources : External elements, such as strings, constants and drawable pictures.
  • Manifest : Configuration file for the application.

Thanks for reading. If you want to learn the android hacking please do follow me and stay tune for interesting hacking techniques and view my profile to read interesting BugBounty write-ups.

bugbounty owasp itsecurity android
Join Newsletter
Get the latest news right in your inbox. We never spam!
Manikanta S
Written by Manikanta S Follow
Hi, I am a computer security enthusiast, Indian security researcher, and BugHunter.
Weird “Subdomain Take Over” pattern of Amazon S3.
Let’s pen-test make easier with raw0xy.