Android Security

  1. Android Open Source Project (AOSP), https://source.android.com/source/

  2. Android Code Search, https://cs.android.com

  3. Android 开源项目简介

  4. Android主要版本與使用分佈 (now only be available in Android Studio)

  5. Android market share by version

  6. Codenames, Tags, and Build Numbers (代號、標籤和版本號)

  7. Android API Level, https://developer.android.com/guide/topics/manifest/uses-sdk-element

  8. Factory Images (出廠映像) for Nexus and Pixel Devices, https://developers.google.com/android/images

  9. Full OTA Images for Nexus and Pixel Devices (完整的OTA映像)

  10. Driver Binaries for Nexus and Pixel Devices (驅動程序)

  11. Android File Transfer, https://www.android.com/filetransfer/

  12. Android Studio, https://developer.android.com/studio/ , https://developer.android.com/studio/intro/?hl=zh-cn

  13. Android App Bundles (AAB), https://developer.android.com/guide/app-bundle , https://developer.android.com/platform/technology/app-bundle

  14. Android Studio download archives, https://developer.android.com/studio/archive

  15. Android Studio的應用程式除錯 (Debug your app)

  16. Android Compatibility 相容性, https://source.android.com/compatibility/

  17. AOSP Distribution 原始碼, https://android.googlesource.com

  18. Android Brand Guidelines, https://source.android.com/setup/start/brands

  19. Android 安全技術, https://source.android.com/security/

  20. Android 安全性公告, https://source.android.com/security/bulletin/

  21. Open Mobile Alliance (OMA) 開放移動聯盟, https://www.openmobilealliance.org/

  22. Pixel手機取得Android更新

  23. Android Flash Tool, https://flash.android.com/

  24. Android 12, https://developer.android.com/about/versions/12/

  25. Android 11 開發者手冊

  26. Get started with Android 11, Android 11 測試版

  27. Android 11 Meetups 你問我答聚焦 Android 11: Android 開發者工具聚焦 Android 11: 大功告成

  28. Android 11 的消息通知

  29. Android 10, http://android.com/10/

  30. Android 10 新特性

  31. Android Pony EXpress (APEX), https://source.android.com/devices/tech/ota/apex

  32. Android 9 Pie, http://android.com/pie/, https://developer.android.google.cn/about/versions/pie/, https://www.phonearena.com/news/Android-P-review-new-features_id103054

  33. Android 9 Pie 開發者手冊, https://dl.google.com/dl/developers/android/pie/Android-9-Pie-Handbook.pdf?hl=zh-cn

  34. Android 9 Preview, https://developer.android.com/preview/

  35. Introducing Android Q Beta (2019年3月13日), https://android-developers.googleblog.com/2019/03/introducing-android-q-beta.html

  36. What's new in Android security (Google I/O '18), https://www.youtube.com/watch?v=r54roADX2MI

  37. Android生態系統安全性, https://transparencyreport.google.com/android-security/overview

  38. Sign your app, https://developer.android.com/studio/publish/app-signing

  39. Android Pie 引入 Keystore 新特性

  40. Android密鑰庫系統 (Android keystore system)

  41. How to Update your Android Kernel to Latest Linux Stable? Which Android runs which Linux kernel?

  42. Linux Kernel, https://www.kernel.org

  43. Building Kernels (編譯內核), https://source.android.com/setup/build/building-kernels

  44. 美國FBI花費1.3百萬美金破解iPhone 5C (FBI paid more than $1.3 million to break into San Bernardino iPhone), 2016.

  45. 2017年3月維基解密(WikiLeaks):美國中央情報局(CIA)的駭客部門,https://wikileaks.org/ciav7p1/

  46. 個人電腦2020年銷售量(Gartner) 個人電腦2019年銷售量(Gartner) 個人電腦2018年銷售量(Gartner)

  47. 智慧型手機2020年銷售量(Gartner) 智慧型手機2019年銷售量(Gartner) 智慧型手機2019年銷售量(IDC) 智慧型手機2018年銷售量(Gartner) 智慧型手機2018年銷售量(IDC)

  48. Mobile Fact Sheet, June 2019, https://www.pewresearch.org/internet/fact-sheet/mobile/

  49. Made by Google 2018, https://www.youtube.com/watch?v=9wURy8AdsS4

  50. Security-Enhanced Linux in Android (SEAndroid), https://source.android.com/security/selinux, https://selinuxproject.org/ , https://github.com/SELinuxProject

  51. Vendor Native Development Kit (VNDK), https://source.android.com/devices/architecture/vndk

  52. Trusty TEE (Trusted Execution Environment), https://www.op-tee.org, https://open-tee.github.io

  53. Android Verified Boot, https://source.android.com/security/verifiedboot/

  54. Android Verified Boot (AVB) 2.0

  55. Android Partitions and Images (分區和映像), https://source.android.com/devices/bootloader/partitions-images

  56. Android Scoped Storage (分區存儲), https://www.youtube.com/watch?v=UnJ3amzJM94

  57. Android command line tools, https://developer.android.com/studio/command-line

  58. adb, http://developer.android.com/tools/help/adb.html。 adb devices; adb shell service list; adb shell cat /proc/cpuinfo; adb shell pm list packages; adb shell dumpsys; adb logcat; adb pull [-p] [-a] <remote> [<local>]; adb backup [-f <file>] [-apk|-noapk] [-obb|-noobb] [-shared|-noshared] [-all] [-system|-nosystem] [<packages...>]

  59. adb install -t test.apk, https://adbshell.com/commands/adb-install

  60. Android Backup Extractor, http://sourceforge.net/projects/adbextractor/.

  61. Flashing Devices, https://source.android.com/setup/build/running

  62. Moving Fastboot to User Space, https://source.android.com/devices/bootloader/fastbootd

  63. Flashing, Booting, and Updating, https://source.android.com/devices/bootloader/flashing-updating

  64. Android Device Mirroring: Vysor, Mobizen

  65. A/B (Seamless) System Updates, https://source.android.com/devices/tech/ota/ab

  66. Android Device Tree (DT), https://source.android.com/devices/architecture/dto

  67. Treble, https://source.android.com/devices/architecture/treble

  68. Android Direct Boot mode, https://developer.android.com/training/articles/direct-boot

  69. Project Strobe, https://www.blog.google/technology/safety-security/project-strobe/

  70. Project Mainline, https://android-developers.googleblog.com/2019/05/fresher-os-with-projects-treble-and-mainline.html

  71. Android Pony EXpress (APEX), https://source.android.com/devices/tech/ota/apex

  72. 常規系統映像 (Generic System Image, GSI)

  73. Android's shell and utilities, https://android.googlesource.com/platform/system/core/+/master/shell_and_utilities/README.md

  74. Google 行動服務 (Google Mobile Services, GMS), https://en.wikipedia.org/wiki/Google_mobile_services

  75. Android Profiler, Measure app performance with Android Profiler

  76. Android system tracing, https://developer.android.com/topic/performance/tracing/

  77. 基於安卓設備的Hacking

  78. PureOS, https://puri.sm/products/librem-5/pureos-mobile/

  79. Fuchsia OS 開發者網站, https://fuchsia.dev

  80. AndroidX, https://developer.android.google.cn/jetpack/androidx/

  81. Compatibility Test Suite (CTS), https://source.android.com/compatibility/cts/

  82. Vendor Native Development Kit (VNDK), https://source.android.com/devices/architecture/vndk/

  83. SafetyNet, https://developer.android.com/training/safetynet/

  84. XDA, https://www.xda-developers.com/

  85. Team Win Recovery Project (TWRP), https://twrp.me/ , https://github.com/omnirom/android_bootable_recovery/

  86. ClockworkMod (CWM), https://www.clockworkmod.com

  87. SuperSU, https://supersuroot.org

  88. Magisk, https://github.com/topjohnwu/Magisk , https://www.didgeridoohan.com/magisk/ , https://magiskmanager.com

  89. BusyBox, https://git.busybox.net/ , https://github.com/topjohnwu/ndk-busybox

  90. netcat, https://github.com/MobileForensicsResearch/netcat

  91. Alpine Term (Alpine Linux Terminal), https://github.com/xeffyr/alpine-term/

  92. Termux, https://github.com/termux/termux-app

  93. Helium, https://github.com/koush/support-wiki/wiki/Helium-Desktop-Installer-and-Android-App

  94. Bypassing the lock screen, /data/system/password.key, /data/data/com.android.providers.settings/databases/settings.db, /data/system/locksettings.db, /data/system.lockscreen.db

  95. Gatekeeper password, gatekeeper.pattern.key, gatekeeper.password.key

  96. Mobiledit, https://www.mobiledit.com/downloads

  97. nanddump, https://github.com/jakev/android-binaries/blob/master/nanddump

  98. Magnet ACQUIRE, https://www.magnetforensics.com/resources/magnet-acquire/

  99. Magnet AXIOM, https://www.magnetforensics.com/products/magnet-axiom/

  100. LiME (Linux Memory Extractor), https://github.com/504ensicsLabs/LiME

  101. Autopsy, https://www.autopsy.com/download/

  102. The Sleuth Kit, https://www.sleuthkit.org

  103. FTK Imager, https://accessdata.com/product-download

  104. SQLite Deleted Records Parser, https://github.com/mdegrazia/SQLite-Deleted-Records-Parser

  105. extundelete (recover deleted files from an ext4 partition), http://extundelete.sourceforge.net

  106. SIFT Workstation, https://digital-forensics.sans.org/community/downloads

  107. Epoch & Unix Timestamp Conversion Tools, https://www.epochconverter.com

  108. DCode, https://www.digital-detective.net/dcode/

  109. TestDisk & PhotoRec, https://www.cgsecurity.org/wiki/TestDisk_Download

  110. Installed apps: /data/system/packages.list, adb shell pm list packages -f

  111. Wi-Fi connection data: /data/misc/wifi/wpa_supplicant.conf, /data/misc/wifi/WifiConfigStore.xml

  112. Contacts/Calls: /data/data/com.android.providers.contacts

  113. SMS/MMS: /data/user_de/0/com.android.providers.telephony

  114. User dictionary: /data/data/com.android.providers.userdictionary

  115. Gmail: /data/data/com.google.android.gm

  116. Google Maps: /data/data/com.google.android.apps.maps

  117. file signatures, https://www.garykessler.net/library/file_sigs.html

  118. Julian Date, https://www.aavso.org/jd-calculator

  119. Linux File Systems for Windows, https://www.paragon-drivers.com/en/lfswin/

  120. Android malware identification, https://www.virustotal.com/

  121. VirusTotal Desktop Apps, https://support.virustotal.com/hc/en-us/articles/115002179065-Desktop-Apps

  122. YARA, https://yara.readthedocs.io/en/v3.8.1/ , https://github.com/virustotal/yara/releases/

  123. Forensic tools by Eric Zimmerman, https://ericzimmerman.github.io/#!index.md

  124. Joe Sandbox, https://www.joesandbox.com/#android

  125. axmldec (an Android binary XML decoder), https://github.com/ytsutano/axmldec/releases

  126. dex2jar, https://github.com/pxb1988/dex2jar

  127. JD-GUI, http://java-decompiler.github.io

  128. dsixda, https://github.com/dsixda/Android-Kitchen

  129. zipalign, https://developer.android.com/studio/command-line/zipalign

  130. Xposed, http://repo.xposed.info , https://github.com/rovo89/Xposed/, https://github.com/rovo89/XposedInstaller , https://forum.xda-developers.com/xposed,

  131. Frida, https://github.com/frida/frida/

  132. F-Droid, https://f-droid.org/

  133. Android Cryptographic Primitives

  134. Android 密碼學算法, https://developer.android.com/guide/topics/security/cryptography

  135. Android 密碼學算法原始碼

  136. Full-Disk Encryption (FDE)

  137. File-Based Encryption (FBE)

  138. Adiantum encryption, https://source.android.com/security/encryption/adiantum

  139. Sony Xperia Open Devices, https://developer.sony.com/develop/open-devices/

  140. Sony Xperia AOSP build instructions, https://developer.sony.com/develop/open-devices/guides/aosp-build-instructions/

  141. Sony Xperia GitHub project, https://github.com/sonyxperiadev/

  142. Android Open Kang Project (AOKP), http://aokp.co

  143. LineageOS, https://lineageos.org

  144. CyanogenMod (CM), http://www.cyanogenmod.org.ru

  145. 魔趣, http://www.mokeedev.com

  146. OmniROM, https://www.omnirom.org

  147. Linaro Android, https://wiki.linaro.org/Platform/Android, https://www.linaro.org

  148. DroniX, https://www.facebook.com/DroniX-155167021211383/

  149. CopperheadOS, https://copperhead.co/android/

  150. Tor on Android, https://www.torproject.org/docs/android.html.en

  151. App線上檢測, VirusTotal, https://www.virustotal.com/

  152. Nikolay Elenkov | Twitter

  153. Android Security Architecture (by Nikolay Elenkov) 2015, https://www.youtube.com/watch?v=3asW-nBU-JU

  154. An introduction to Android application security testing (by Nikolay Elenkov) 2017, https://www.youtube.com/watch?v=hRuNHUwiQJA

  155. AndroidSecurity|Twitter

  156. Course: Android Internals and Security, by Prof. Prabhaker Mateti, Wright State University

  157. Karim Yaghmour, Embedded Android - Working with the AOSP, https://www.youtube.com/watch?v=LimC0XpeT0k

  158. Secure an Android Device, https://source.android.com/security?hl=en

  159. Android Enterprise Security White Paper

  160. Android Security & Privacy 2018 Year In Review, https://www.youtube.com/watch?v=6Ct1RBFjwI0

  161. Android Security 2017 Year in Review, What's New in Android Security (Google I/O '17)

  162. Android Security 2016 Year In Review, https://www.youtube.com/watch?v=QJXsurYoJ10

  163. Android boot animation開機動畫的格式(bootanimation format), https://android.googlesource.com/platform/frameworks/base/+/master/cmds/bootanimation/FORMAT.md

  164. Nexus 6P (Android 8)的開機動畫, /system/media/bootanimation.zip

  165. Pixel 2 (Android 10)的開機動畫, /product/media/bootanimation.zip

  166. Android RAT, (AndroRAT) https://github.com/DesignativeDave/androrat , https://github.com/karma9874/AndroRAT, (Arbitrium-RAT) https://github.com/BenChaliah/Arbitrium-RAT, (TheFatRat) https://github.com/Screetsec/TheFatRat , (AhMyth) https://github.com/AhMyth/AhMyth-Android-RAT

  167. AFLogical OSE (Android Forensics), https://github.com/nowsecure/android-forensics

  168. OpenKeychain, https://github.com/open-keychain/open-keychain

  169. Kali Linux for Android Mobile Devices, https://www.offensive-security.com/kali-linux-nethunter-download/ , https://github.com/offensive-security/kali-nethunter/wiki

  170. Android-PIN-Bruteforce, https://github.com/urbanadventurer/Android-PIN-Bruteforce

  171. Best Wireshark Alternatives for Android (September 2019)

  172. Mobile Security Framework (MobSF), https://github.com/MobSF/Mobile-Security-Framework-MobSF

  173. Andrax, https://andrax-pentest.org,

  174. Haven, https://github.com/guardianproject/haven

  175. zANTI, https://www.zimperium.com/zanti-mobile-penetration-testing

  176. cSploit, http://www.csploit.org

  177. Metasploit, https://www.metasploit.com

  178. UserLAnd (Use Linux Anywhere), https://github.com/CypherpunkArmory/UserLAnd

  179. Joshua J. Drake, “Researching Android Device Security with the Help of a Droid Army,” Black Hat USA 2014. https://www.youtube.com/watch?v=dIYeNgU5EAg

  180. Maplesyrup, https://github.com/nsacyber/maplesyrup

  181. GravityRAT針對Android設備的間諜行為分析

  182. NIST SP 800-124, Guidelines for Managing the Security of Mobile Devices in the Enterprise, Revision 2, March 2020.

  183. Open source software by the NSA, https://code.nsa.gov

  184. Fastboot error when flasing rom 'FAILED remote unknown command'

  185. Android SDK Platform Tools, https://developer.android.com/studio/releases/platform-tools

  186. SDK Platform Tools r27.0.0 for Mac

  187. Android逆向入門

  188. iOS安全逆向之旅--安全逆向環境搭建和工具使用介紹

  189. APK加固之靜態脫殼機編寫入門