Before learning about the android application hacking, it is necessary to understand the fundamental concepts of android application files, components and how the different components are helpful to function the application. Need to know about the jargon of the Android application core components.
Android applications are distributed as APK files. APK files are basically ZIP files similar to the JAR files used to package Java libraries. An APK file contains app code in the DEX file format, native libraries, resources, assets, etc. It must be digitally signed with a certificate to allow installation on an Android device.
The structure of an APK
APK Package Contents
An APK file is a compressed package that contains the following files and directories:
- assets: directory with application assets.
- res: directory with all resources that are not compiled into resources.arsc. These are all resources except the files in res/values. All XML resources are converted to binary XML, and all .png files are optimized (crunched) to save space and improve runtime performance when inflating these files.
- lib: directory with compiled native libraries used by your app. Contains multiple directories, one for each supported CPU architecture (ABI).
- META-INF: directory with APK metadata, such as its signature.
- AndroidManifest.xml : application manifest in the binary XML file format. This contains application metadata — for example, its name, version, permissions, etc.
- classes.dex: file with app code in the Dex file format. There can be additional .dex files (named classes2.dex, etc.) when the application uses multidex
- resources.arsc: file with pre-compiled resources, such as strings, colors, or styles.
What Is a Dex File? (java or kotlin) :
A Dex file contains code that is ultimately executed by the Android Runtime. Every APK has a single classes.dex file, which references any classes or methods used within an app.
Android app components:
Android applications are developed using JAVA, Kotlin, and C++. Application components are very essential for building Applications. They work as an entry point for users or systems to enter your application. There are four different types of components. Each component has its own purpose and distinct life cycle.Whenever you create or use any of them, you must include elements in the project manifest.
- Activities : They dictate the UI and handle the user interaction to the smartphone screen.
- Services : They handle background processing associated with an application.
- Broadcast Receivers : They handle communication between Android OS and applications.
- Content Providers : They handle data and database management issues.Content providers provide the following four basic operations. These are also known as CRUD operations, where
- Fragments : Represents a portion of the user interface in an Activity.
- Views : UI elements that are drawn on-screen including buttons, lists forms etc.
- Layouts : View hierarchies that control screen format and appearance of the views.
- Intents : Messages wiring components together.
- Resources : External elements, such as strings, constants and drawable pictures.
- Manifest : Configuration file for the application.
Thanks for reading. If you want to learn the android hacking please do follow me and stay tune for interesting hacking techniques and view my profile to read interesting BugBounty write-ups.