Android Security Vulnerabilities, Testing, and Enterprise Considerations

This course is included in our On-demand training solution.


There are a variety of tools and methods available for testing Android applications so as to expose any potential vulnerabilities prior to deployment in either a public market or enterprise environment. In this course, you will learn about various vulnerabilities as they pertain specifically to Android applications, and you will also learn how to secure Android devices and applications for the enterprise environment. You will also learn how to plan and carry out penetration testing using a variety of tools and best practices, in addition to performing forensics and hacking techniques on Android applications so as to be able to better secure them prior to deployment on a public market.

Target Audience

Application developers on the beginner and intermediate level seeking to create and deploy secure Android applications



Expected Duration

120 min.

Course Objectives

Course Introduction

Identifying Common Mobile Security Issues

  • identify common mobile device security issues
  • Identifying Android Malware

  • describe the methodology used for identifying malware on Android
  • Using Reverse Engineering to Reveal Threats

  • describe the general methodology used to reverse engineer an Android application so as to reveal malicious threats
  • Exploring Mobile Browser Vulnerabilities

  • describe Android mobile browser vulnerabilities
  • Overview on Android Security Concerns in Enterprise

  • describe Android security concerns that ought to be addressed in the enterprise environment
  • Understanding Compliance and Audit Considerations

  • describe compliance and audit considerations that must be taken into account when developing Android apps for enterprise
  • Using Untrusted Devices, Applications, and Networks

  • describe considerations for using user-owned, untrusted devices as well as untrusted applications and networks
  • Working with Untrusted Systems and Content

  • describe considerations for dealing with untrusted systems and content on an enterprise network
  • Using Recommended Security Practices for Mobiles

  • describe recommended security practices for mobiles in the enterprise environment
  • Working with Device Administration Policies

  • identify device administration policies and describe how they are implemented on an Android device
  • Overview on Penetration Testing Methodology

  • describe Android device penetration testing methodology
  • General Steps for Carrying out a Penetration Test

  • describe main steps for carrying out a generic penetration test on Android OS and devices
  • Scanning a Network Using Nmap

  • carry out a network scan using Nmap
  • Examining Network Activity with BusyBox

  • install and use BusyBox on an Android device to examine its network port and socket activity
  • Analyzing Network Traffic Using Wireshark

  • analyze network traffic on an Android device using Wireshark
  • Intercepting Browser Application Traffic

  • use Burp suite to intercept traffic for a browser application on a virtual Android device
  • Penetration Testing Best Practices

  • describe the Android app development best practices against which penetration tests should be carried out
  • Analyzing Android Device Mount Points

  • analyze Android device mount points
  • Examining Android File Systems

  • examine some file systems that typically exist on an Android device
  • Examining Android Device Directory Structure

  • examine Android device directory structure
  • Overview of Storage Options for Application Data

  • describe storage options for Android application data
  • Exploring an Application’s Data Directory

  • explore the contents of the application data directory for default Android e-mail application
  • Working with Root Access

  • identify the advantages and pitfalls of enabling root access on an Android device
  • Creating an Android Device Image

  • create a system image for an Android device
  • Accessing Application Databases

  • retrieve and access an Android application database
  • Exercise: Analyzing Application Traffic and Data