Public Report – Google Enterprise API Security Assessment

During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. This assessment was also performed with reference to the Common Criteria Protection Profile for Mobile Device Fundamentals (PPMDF), from which the … Continue reading Public Report – Google Enterprise API Security Assessment

Public Report – Android Cloud Backup/Restore

In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android backup/restore feature is only one … Continue reading Public Report – Android Cloud Backup/Restore

Tool Release: SSL pinning bypass and other Android tools

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. SSL pinning bypass and other Android tools 13 Dec 2013 - Marc Blanchou iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications: Android-SSL-TrustKiller This … Continue reading Tool Release: SSL pinning bypass and other Android tools

Tool Release: Blackbox Android App Analysis with Introspy

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Blackbox Android App Analysis with Introspy 13 Dec 2013 - Marc Blanchou & Alban Diquet As previously announced during our Ruxcon presentation, we’re now releasing Introspy for Android. The final version of the tool was demonstrated … Continue reading Tool Release: Blackbox Android App Analysis with Introspy