From the course: Android App Security: A Structured Approach to Pen Testing

Web vs. Android security - Android Tutorial

From the course: Android App Security: A Structured Approach to Pen Testing

Start my 1-month free trial

Web vs. Android security

- [Narrator] Let us understand the major differences between Web application and Android application pen testing. If you look from a thousand-mile view, Android application pen testing is a relatively new concept as opposed to Web application pen testing, which has been there for more than a decade now. There are some significant differences between the process and approach of Web and Android application pen testing. To begin with, in case of Web application security, client-side goal comprises of HTML, JavaScript, or even CSS. Hence, client-side testing is not very significant. But in case of Android application, client-side testing or testing of client-side code becomes very significant as a considerable amount of processing occurs at the client end as well. For Web applications, source code of the application is generally not known unless we are talking about white-box assessment. But in case of Android applications, the source code is easily accessible and available, hence usually comes under the scope of work of penetration testing. While testing for Web applications, we usually ignore the risks associated with compromised end-user devices. But in case of Android applications, compromised end points are major risks. In the coming sections, we will look at the examples of similar test cases. Lastly, in case of Web applications, access to the application is always secure. What I mean by that, is there is only one single source that is your Web server through which users can access the website, but in case of Android applications, users may download the application via third-party source. Now these applications may be legitimate or may be infected by some kind of a malware. Hence, we need to make sure that the APK is not compromised.

Contents