Penetration Testing of Android-based Smartphones

Abstract: The purpose of this work has been to perform a security analysis of Android-based Smartphones. Smartphone usage and adaptation are increasing day by day with a variety ofapplications. These applications can be very critical in nature such as mobile banking, and mobile payment systems and users are often unknowing about the security risks involved in such applications.

Android, an open source operating system, is rapidly increasing in the Smartphone industry. It has already beaten the most popular mobile operating systems, like RIM, iOS, Windows Mobile and even Symbian, which ruled the mobile market for more than a decade.

In this thesis, we have analysed the architecture of the Android operating system and tested its security through penetration testing. We have picked the most popular and recommended tools to test the security in the TCP/IP suite and different attacks have been performed on three different Android versions. The thesis also contains a discussion about our findings, how secure the Android system is and how much trust can be placed on it while using it.