CNIT 128: Hacking Mobile Devices

Fall 2022 Sam Bowne

72515 Mon 6:10 - 9:00 pm

Schedule · Slides · Projects · Links · Grading

Use Twitch

To attend class:

The old zoom link was
Password: student1

Free Textbook Access

  • Go here
  • Click "Institution not listed"
  • Enter your CCSF email address
  • Enter the book's title the "Find a Solution..." field

Catalog Description

Mobile devices such as smartphones and tablets are now used for making purchases, emails, social networking, and many other risky activities. These devices run specialized operating systems have many security problems. This class will cover how mobile operating systems and apps work, how to find and exploit vulnerabilities in them, and how to defend them. Topics will include phone call, voicemail, and SMS intrusion, jailbreaking, rooting, NFC attacks, malware, browser exploitation, and application vulnerabilities. Hands-on projects will include as many of these activities as are practical and legal.

Advisory: CNIT 113 and 123, or equivalent familiarity with hacking computers and operating mobile devices

Upon successful completion of this course, the student will be able to:
  • Assess the risks of using mobile devices for common activities such as making phone calls, emailing, and shopping
  • Perform jailbreaks for iOS devices and analyze the Android security model and rooting
  • Differentiate and describe types of mobile malware and anti-mal ware options
  • Evaluate Web browser services and attacks on mobile platforms and recommend countermeasures
  • Configure, deploy, and defeat locking, remote location and wiping services. Outcome 6: Prioritize common mobile app risks and determine how and when to appropriately install and use them.


"The Mobile Application Hacker's Handbook 1st Edition", by Dominic Chell, Wiley; 1 edition (February 24, 2015), ISBN-10: 1118958500 ISBN-13: 978-1118958506

Buy from Amazon ($49)


The quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts.

CCSF students should take quizzes in the CCSF online Canvas system:

Non-CCSF students Enroll Here (reset password, if needed)

Discussion Board

Each CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due.

For the topics and requirements, see the Discussion board in Canvas.

Non-CCSF students don't have a Discussion Board in Canvas, but are encouraged to join Twitter and engage in the public discussions there.


For class-related questions, please email

Schedule (may be revised)

DateQuiz & ProjTopic

Mon 8-22 The Worst Mobile Apps

Mon 8-29Quiz Ch 1 & Ch 6a due *
(M 140 & M141) or
(M 101 & M103) or
(M 104 & M 106) due *
1. Mobile Application (In)security &
6. Analyzing Android Applications (Part 1)

Mon 9-5 Holiday -- No Class

Mon 9-12Quiz Ch 6b
M 105 due
Discussion 1
6. Analyzing Android Applications (Part 2)

Mon 9-19Quiz Ch 6c
M 107 & M 111 due
Discussion 2
6. Analyzing Android Applications (Part 3)

Mon 9-26Quiz Ch 7a
M 200 (or M 201 or M 203) due
Discussion 3
7. Attacking Android Applications (Part 1)

Mon 10-3Quiz Ch 7b
M 207 due
Discussion 4
7. Attacking Android Applications (Part 2)

Mon 10-10 Holiday -- No Class

Mon 10-17Quiz Ch 7c
M 302 due
Discussion 5
7. Attacking Android Applications (Part 3)

Mon 10-24Quiz Ch 8a
M 401 due
Discussion 6
8. Android Implementation Issues (Part 1)

Mon 10-31Quiz Ch 8b
M 511 due
Discussion 7
8. Android Implementation Issues (Part 2)

Mon 11-7Quiz Ch 8c
M 402 due
Discussion 8
8. Android Implementation Issues (Part 3)

Mon 11-14Quiz Ch 9
M 503 due
Discussion 10
9. Writing Secure Android Applications

Mon 11-21Quiz Ch 2a
M 412 due
Discussion 11
2. Analyzing iOS Applications (Part 1)

Mon 11-28Quiz Ch 2b
M 513 due
Discussion 12
2. Analyzing iOS Applications (Part 2)

Mon 12-5Quiz Ch 3a (extra credit)
M 521 due
3. Attacking iOS Applications (Part 1)

Mon 12-12Quiz Ch 3b (extra credit)
All Extra Credit Projects Due
Last class: 3. Attacking iOS Applications (Part 2)

Tue 12-13
Tue 12-20
  Final Exam available online throughout the week.
You can only take it once.

All quizzes due 30 min. before class
* No late penalty until 9-11



The Worst Mobile Apps (DEF CON 28, 2020) · Keynote


1. Mobile Application (In)security · PDF · Keynote


6. Analyzing Android Applications  Part 1 (pg. 173 - 205) · PDF · Keynote
Part 2 (pg. 205 - 222) · PDF · Keynote
Part 3 (pg. 222 - 246) · PDF · Keynote
7. Attacking Android Applications  Part 1 (pg. 247 - 271) · PDF · Keynote
Part 2 (pg. 271 - 303) · PDF · Keynote
Part 3 (pg. 303 - 350) · PDF · Keynote
8. Identifying and Exploiting
    Android Implementation Issues
  Part 1 (pg. 353 - 375) · PDF · Keynote
Part 2 (pg. 376 - 401) · PDF · Keynote
Part 3 (pg. 401 - 426) · PDF · Keynote
9. Writing Secure Android Applications · PDF · Keynote


2. Analyzing iOS Applications  Part 1 (pg. 17 - 42) · PDF · Keynote
Part 2 (pg. 42 - 67) · PDF · Keynote
3. Attacking iOS Applications  Part 1 (pg. 69 - 91) · PDF · Keynote
Part 2 (pg. 91 - 131) · PDF · Keynote


Apple Platform Security
Apple Platform Security PDF
DVIA (Damn Vulnerable iOS App) | A vulnerable iOS app for pentesting
OWASP/owasp-masvs: The Mobile Application Security Verification Standard (MASVS) is a standard for mobile app security.
2019-12-29: Hybrid App Developers: Don't Store Your User's Passwords
Passwords are the biggest threat to GDPR compliance (Mar. 2019)
Chat app Knuddels fined 20 k Eurosunder GDPR regulation (Nov 24, 2018)
Remote logging for mobile apps (April, 2019)
From checkra1n to Frida: iOS App Pentesting Quickstart on iOS 13 --
Project Zero: Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641 (Jan. 2019)
Project Zero: Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass (Jan. 2019)
Project Zero: Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution (Jan. 2019)
Reverse-Engineering-and-Tampering iOS Apps OWASP
GDB to LLDB command map -- The LLDB Debugger
Google Maps Platform--Protecting API Keys
We reverse engineered 16k apps, here's what we found
Hands On Mobile API Security: Get Rid of Client Secrets
Why OAuth API Keys and Secrets Aren't Safe in Mobile Apps
Hey Developer, Give me your API keys.!!
Ch 2b: Hack in the (sand)Box
Android App Reverse Engineering 101 | Learn to reverse engineer Android applications!
DJI Privacy Analysis Validation--GOOD ANDROID PROJECT
Oversecured detects dangerous vulnerabilities in the TikTok Android app--USE FOR PROJECT
AndroGoat: Vulnerable Android App
Ch 6a: Encryption  |  Android Open Source Project
Ch 6b: Android versions market share
Ch 7a: Android activity manager "am" command help
2021-02-22: Virtual iPhones with Free Trial!
pidcat: Colored logcat script which only shows log entries for a specific application package.
Ch 7b: Service vs IntentService in Android
Can I Jailbreak? - Home
Jailbreaking iOS for Mobile Security Assessments (March 2021 Edition) - SANS Institute
Ch 8a: What happens if you enter the wrong PIN for many times in an Android phone? - Quora
Ch 8b: How to reset your Android lock screen password/PIN/pattern - TechRepublic
Ch 8c: Android WebView addJavascriptInterface Code execution Vulnerability
MOBISEC - Mobile Security Course
iOS Hooking With Objection - HackTricks
ZipperDown Vulnerability--Path Traversal in iOS and Android
ANDROID PT / Path Traversal Vulnerability
Ch 6c: Android OS version market share over time | AppBrain
Drozer / needle - is it still alive?
2022-10-04: Releases · abhi-r3v0/EVABS
EVABSv4 Walkthrough
Android Studio Emulator (AVD) Rooting with Magisk using rootAVD - YouTube
EVABSv4 (Part 2) - ITZone
Troubleshooting Android Studio - Android Emulator Wifi Connected with No Internet
Registers in smali
Ch 2a: Cachegrab sttack exposes secrets from ARM TrustZone
Ch 2c Citigroup says its iPhone app puts customers at risk
Ch 2d: Citi Discloses Security Flaw in Its iPhone App - WSJ
How to Reverse Engineer and Patch an iOS Application for Beginners: Part I
Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains
Heap Overflows on iOS ARM64: Heap Spraying, Use-After-Free (Part 3)
How to instrument system applications on Android stock images with Frida and Magisk
Security of runtime process in iOS and iPadOS - Apple Support
Xamarin | Open-source mobile app platform for .NET, with iOS -- USE FOR PROJECTS


Links from Previous Textbook

Last Updated: 12-12-22 8:54 pm