HackLab: Android Security

Event language: English

This course explains how Android’s architecture has improved over the years and what’s being done to reduce the likelihood of such attacks happening. We will discuss various techniques in-depth (theory and practice) that can be used to analyze the security properties of individual applications.

Interested? Send us an email

Course Objectives 

This is a single day, technical, hands-on training that is focused around the general security architecture and different analysis techniques for Android. This is a course suited for security analysts and reverse engineers, as well as mobile application developers concerned with the security posture of their application.

We will address security by design principles applicable for mobile applications and deep-dive into concepts and techniques that can be used to analyze the security of mobile applications during hands-on exercises. We will use static and dynamic analysis techniques on sample applications to gain an understanding of how an application works without having access to the source code of the application. Using these techniques we build an understanding of how security was implemented and discuss what could be done to remediate weaknesses in the applications.

Target Group

  • Mobile developers
  • Security engineers 
  • IT professionals 
  • IT auditors with interest in hacking

Participants should have fundamental insight into operating systems and have experience with Android, either as a developer of mobile applications, security tester, or reverse engineer.


  • Introduction
  • Android security architecture review:
    • Android kernel
    • Android runtime
    • Application framework
    • Application development basics
    • Permission model
    • Secure design principles
  • Static analysis techniques
    • Decompilation, disassembly and recompilation
    • Usage of reverse engineering tools such as APKtool, enjarify and Procyon
  • Dynamic analysis techniques
    • SSL man-in-the-middle
    • Sensitive data extraction
    • (Intent) fuzzing
    • Dynamic debugging and instrumentation
    • Temporary rooting
  • Capture the flag exercises
If you are interested in this training send us an email and we will contact you.
The costs are € 795 ex VAT. Catering (lunch) and course materials are included in the price.

Deloitte Academy is a training institute accredited by several organizations.

For more information about our accreditation, please refer to our Education hours page.


Until four weeks before the start of the course you may cancel your participation by email free of charge. Should you cancel within four weeks before the start of the course you will have to pay the full course fee.

Deloitte Academy reserves the right to cancel a course if circumstances dictate. You will be informed of this as soon as possible.

For more information about our Terms and Conditions, please refer to our FAQ page.

If you have any questions, please contact us: 

Phone number: 088-288 93 33

'Researching a large amount of different sources everyday, I feel like the application of the four CTI principles and the discussed validation techniques will help to improve the quality of my work significantly'


Cedric Van Bockhaven

Cedric Van Bockhaven

Specialist Master

Cedric works as a Red Team Operator in the Deloitte Cyber Secure team and performs projects across all sectors. He provides both internal and external trainings with a heavy focus on the technical side of security topics. Hackazon (Deloitte’s Capture the Flag platform) is Cedric’s creative outlet to create new technical hands-on cyber security exercises that can be solved participants. Cedric also organizes and facilitates these events. Cedric is a certified CISSP, GICSP, OSCP, OSCE, and followed trainings such as Corelan ADVANCED.

This might also be interesting for you

Check out our other courses

Share Share event on social
Interested? Send us an email