Expected duration: less than 1 week In the Android Studio that is provided, there is a sketched Android Application that is using the default or
a custom made K e y s t o r e in order to digitally signed a text message that is provided by the user. The
user is capable o f choosing the J a v a keystore that he want s to use a s long a s it is a l r e a d y stored in
some common Android f o l d e r . The Android Application consists o f two Activities, a public one ( c a l l e d
PrivateUserActivity and a private one called PrivateActivity. When the a p p l i c a t i o n start, the Public
activity (PrivateUserActivity) is loaded. The PrivateUserActivity let s the user to write the path
where a custom keystore is going to be used. There is a l s o a text fie ld where the user can write the pass-
w o r d that is ne eded in order to correctly open the keystore. There are a l s o three b u t t o n s that have the
functionality
T a s k 1.1
========
• it collects and processes the information coming from PrivateUserActivity
• it extracts from the keystore the information regarding the keys and certificates and shows in
the textview the key a l i a s e s , the certificate type and the cipher that is been used.
• when the user places in the textbox shown in the Figure 1 one o f the key a l i a s and has added
a text in the other textbox ( a l s o shown in the figure 1) if the "Return R e s u l t " b u t t o n is pressed,
then the provided user text is digitally signed using the keys in the chosen a l i a s .
• the provided digital signature is returned to PrivateActivity and is printed in the a p p l screen
using the Toast class (see relevant code inside the provided Android project)
T a s k 1.2
==========
(5 Marks): Based on the existing design a p p r o a c h and functionality that a p p e a r s on the
provided Android Application a s w e l l a s the code that y o u have developed to solve T a s k 1.1, explain
possible design issues that can compromize the security o f this Android Application.
Task 2. Android Repacking for Information Disclosure
===========================================
1. Choose an Android app to attack.
2. Select the location where the code will be changed.
3. Do the actual change (attack).
Nessus Advanced Windows Support Category: Computer Security, Internet Security, Network Administration, Technical Writing, Web Security Budget: $10 - $30 AUD
