1. What is the primary security feature of Android that isolates apps from each other?
a) Rooting
b) Sandboxing
c) Code Obfuscation
d) Secure Boot
Answer:
b) Sandboxing
Explanation:
Android uses sandboxing to isolate apps from one another and from the system. Each app runs in its own separate user space and has limited access to system resources unless explicitly granted permissions. This prevents one compromised app from affecting others.
2. What is the role of SELinux in Android security?
a) Encrypts the entire filesystem
b) Enforces access control policies
c) Protects against buffer overflow attacks
d) Prevents app crashes
Answer:
b) Enforces access control policies
Explanation:
SELinux (Security-Enhanced Linux) is a mandatory access control (MAC) system in Android that enforces security policies. It restricts how apps and processes interact with system resources, reducing the impact of exploits.
3. Which Android component is responsible for verifying the integrity of the OS during boot?
a) Play Protect
b) Secure Boot
c) Verified Boot
d) Android Keystore
Answer:
c) Verified Boot
Explanation:
Verified Boot ensures that the Android OS is secure by checking its integrity during boot. It prevents the device from loading tampered or modified versions of Android that might be compromised by malware.
4. What is Google Play Protect’s primary function?
a) Encrypts user data
b) Scans apps for malware
c) Monitors network activity
d) Restricts background data usage
Answer:
b) Scans apps for malware
Explanation:
Google Play Protect is Android’s built-in malware protection system that scans apps in the Google Play Store and on users’ devices. It warns users about potentially harmful apps (PHAs) and can automatically disable or remove dangerous apps.
5. Which type of attack allows a malicious app to execute unauthorized actions on behalf of the user?
a) Clickjacking
b) SQL Injection
c) Man-in-the-Middle Attack
d) Buffer Overflow
Answer:
a) Clickjacking
Explanation:
Clickjacking occurs when a user is tricked into clicking on something that they did not intend to click on, often by overlaying transparent elements over visible UI components. This allows attackers to steal credentials, authorize payments, or modify settings without user consent.
6. What is the purpose of Android’s “Scoped Storage” feature introduced in Android 10?
a) Increases app performance
b) Restricts apps’ access to shared storage
c) Prevents root access
d) Enables faster backups
Answer:
b) Restricts apps’ access to shared storage
Explanation:
Scoped Storage limits apps’ access to external storage, preventing them from freely reading or modifying files from other apps. This helps protect user privacy and prevent data leaks.
7. What is a “Tapjacking” attack in Android security?
a) Malware that modifies the touchscreen behavior
b) Phishing attack using fake Android popups
c) Overlay attack tricking users into unintended actions
d) Bluetooth-based device hijacking
Answer:
c) Overlay attack tricking users into unintended actions
Explanation:
Tapjacking is an attack where a malicious app overlays an invisible UI over a legitimate app, tricking the user into clicking elements they didn’t intend to. This can lead to unwanted actions such as enabling device administrator permissions for malware.
8. How does the “Android Keystore” enhance security?
a) Stores cryptographic keys securely
b) Blocks malicious app installations
c) Encrypts all user data automatically
d) Monitors app permissions
Answer:
a) Stores cryptographic keys securely
Explanation:
The Android Keystore system allows apps to store cryptographic keys securely so that they cannot be extracted from the device. This helps in securing authentication tokens, encrypted files, and user credentials.
9. What is the purpose of “App Signing by Google Play”?
a) Ensures an app is from a verified developer
b) Blocks unsigned apps from being installed
c) Encrypts app data stored on the device
d) Protects against screen recording attacks
Answer:
a) Ensures an app is from a verified developer
Explanation:
App Signing by Google Play ensures that only the original developer can update their app. Google manages the signing keys, reducing the risk of app tampering.
10. What is the purpose of SafetyNet in Android security?
a) Detects rooted devices and modified OS versions
b) Encrypts user data in real-time
c) Prevents phishing attacks on Android
d) Blocks adware and spyware
Answer:
a) Detects rooted devices and modified OS versions
Explanation:
SafetyNet is an Android API that checks whether a device is rooted, tampered with, or running an insecure OS. Apps like banking and payment apps use SafetyNet to block unauthorized devices.
11. What is the impact of disabling “Install from Unknown Sources”?
a) Prevents installing APKs from outside the Play Store
b) Blocks all app updates
c) Disables root access
d) Prevents background app activity
Answer:
a) Prevents installing APKs from outside the Play Store
Explanation:
Disabling “Install from Unknown Sources” prevents users from installing apps from third-party sources that might contain malware. It helps in reducing the risk of downloading malicious applications.
12. What is “Device Admin API” used for in Android security?
a) Provides system-level control for enterprise security
b) Blocks root access on Android devices
c) Encrypts messages between apps
d) Detects adware in installed applications
Answer:
a) Provides system-level control for enterprise security
Explanation:
The Device Admin API allows IT administrators to enforce security policies, such as remote wipe, password complexity, and disabling the camera, mainly used in enterprise environments.
13. Which of the following is the most common type of Android malware?
a) Ransomware
b) Spyware
c) Adware
d) Keyloggers
Answer:
c) Adware
Explanation:
Adware is the most common form of Android malware, often disguised as legitimate apps but displaying intrusive pop-ups and background ads to generate revenue.
14. What is the primary purpose of Android’s “BiometricPrompt” API?
a) To enhance app permissions
b) To securely authenticate users using biometrics
c) To prevent malware from being installed
d) To encrypt stored passwords
Answer:
b) To securely authenticate users using biometrics
Explanation:
The BiometricPrompt API provides a standardized, secure way for apps to use fingerprint, facial recognition, or iris scanning for authentication. It ensures that biometric data is securely stored and not accessible by apps directly.
15. Which Android security feature helps protect against phishing attacks in web browsers?
a) App Sandboxing
b) Google Safe Browsing
c) Secure Boot
d) Play Protect
Answer:
b) Google Safe Browsing
Explanation:
Google Safe Browsing warns users when they visit malicious websites known for phishing or distributing malware. It is built into Chrome and other Android browsers to enhance web security.
16. What is the primary risk of using public Wi-Fi on Android devices?
a) Reduced battery life
b) Man-in-the-Middle (MitM) attacks
c) Increased app crashes
d) Delayed software updates
Answer:
b) Man-in-the-Middle (MitM) attacks
Explanation:
Public Wi-Fi networks are often unsecured, allowing attackers to perform MitM attacks, where they can intercept and manipulate data being transmitted between the device and a server.
17. What is the purpose of Android’s “Work Profile” feature?
a) Encrypts all work-related files
b) Separates personal and work apps/data
c) Blocks unauthorized app installations
d) Disables the camera in work environments
Answer:
b) Separates personal and work apps/data
Explanation:
Work Profile is an enterprise security feature that isolates work apps and data from personal apps, ensuring better security and privacy in corporate environments.
18. Which permission should be granted cautiously due to its potential privacy risks?
a) Internet Access
b) Calendar Access
c) Background Location Access
d) Vibrate Permission
Answer:
c) Background Location Access
Explanation:
Background location access allows apps to track a user’s location even when the app is not actively being used, posing privacy and security risks if granted to untrusted apps.
19. What is the primary function of “WebView” in Android apps?
a) To protect user passwords
b) To display web content within an app
c) To scan for malware in URLs
d) To secure communication between apps
Answer:
b) To display web content within an app
Explanation:
WebView allows apps to render web pages inside the app without opening an external browser. However, if improperly configured, it can introduce security vulnerabilities like JavaScript injection.
20. Which attack exploits weak API authentication mechanisms?
a) SQL Injection
b) Broken Authentication
c) DNS Spoofing
d) XML External Entity (XXE) Injection
Answer:
b) Broken Authentication
Explanation:
Broken Authentication occurs when APIs do not enforce strong authentication mechanisms, allowing attackers to bypass login systems using brute-force attacks, session hijacking, or token manipulation.
21. What is the function of “App Ops” in Android security?
a) Monitors network activity
b) Controls app permissions at a granular level
c) Blocks malicious apps from installation
d) Encrypts stored app data
Answer:
b) Controls app permissions at a granular level
Explanation:
App Ops is an advanced permission management system that allows users to control individual permissions per app, such as location access, background processes, and notifications.
22. What is the main purpose of the “OEM Unlocking” option in Developer Settings?
a) Enables over-the-air updates
b) Allows bootloader unlocking for custom ROM installation
c) Prevents unauthorized app installations
d) Increases device security
Answer:
b) Allows bootloader unlocking for custom ROM installation
Explanation:
OEM Unlocking allows users to unlock the bootloader, enabling the installation of custom ROMs and kernels. However, it also makes the device more vulnerable to security threats.
23. What is the biggest risk of sideloading apps on Android?
a) Slow performance
b) Increased app crashes
c) Potential malware infections
d) Higher battery consumption
Answer:
c) Potential malware infections
Explanation:
Sideloading apps (installing APKs from third-party sources) bypasses Google Play Protect, increasing the risk of malware, spyware, or trojans infecting the device.
24. What does an Android “exploit chain” refer to?
a) A sequence of security patches
b) A series of vulnerabilities chained together for an attack
c) A secure update process
d) A set of encryption algorithms
Answer:
b) A series of vulnerabilities chained together for an attack
Explanation:
An exploit chain is when attackers use multiple vulnerabilities in succession to bypass security measures, escalate privileges, and take control of the device.
25. Which permission should a banking app never request?
a) Internet Access
b) Camera Access
c) SMS Read Access
d) Secure Storage Access
Answer:
c) SMS Read Access
Explanation:
A banking app should not request SMS read access, as this could be exploited to intercept OTPs and compromise two-factor authentication (2FA).
26. What is the “Stagefright” vulnerability in Android?
a) A zero-day exploit in Android messaging
b) A Bluetooth-based attack
c) A malware designed for financial fraud
d) A kernel exploit for root access
Answer:
a) A zero-day exploit in Android messaging
Explanation:
Stagefright was a critical Android vulnerability allowing malicious MMS messages to execute code remotely without user interaction.
27. What type of malware secretly records user activities?
a) Adware
b) Spyware
c) Trojan
d) Ransomware
Answer:
b) Spyware
Explanation:
Spyware is malware that records keystrokes, app usage, and personal information to steal sensitive data from users.
28. What is “Clipper Malware”?
a) Steals cryptocurrency transactions
b) Blocks incoming SMS messages
c) Modifies Android system updates
d) Crashes apps repeatedly
Answer:
a) Steals cryptocurrency transactions
Explanation:
Clipper malware monitors clipboard activity and replaces copied cryptocurrency wallet addresses with the attacker’s address.
29. What is the best way to prevent SIM swap fraud on Android?
a) Disable mobile data
b) Use a carrier PIN for SIM changes
c) Enable location tracking
d) Use fingerprint authentication
Answer:
b) Use a carrier PIN for SIM changes
Explanation:
Setting a PIN for SIM swaps ensures that attackers cannot hijack a user’s phone number for SMS-based authentication fraud.
30. What is the primary purpose of Android’s “Privacy Dashboard” feature?
a) Detects and removes malware
b) Provides users with an overview of app permissions usage
c) Encrypts files stored in the internal storage
d) Blocks pop-up advertisements
Answer:
b) Provides users with an overview of app permissions usage
Explanation:
Privacy Dashboard, introduced in Android 12, gives users a clear and detailed view of how apps have accessed sensitive permissions like location, camera, and microphone in the last 24 hours.
31. What is an “Overlay Attack” in Android security?
a) A method to capture keystrokes
b) A phishing attack that places a fake UI over a real one
c) A network-based attack on Android devices
d) A Bluetooth hijacking attempt
Answer:
b) A phishing attack that places a fake UI over a real one
Explanation:
Overlay attacks use a malicious app to display a fake login screen on top of a legitimate app, tricking users into entering sensitive information such as usernames, passwords, or credit card details.
32. What security risk does “USB Debugging” introduce?
a) Allows malware to be remotely installed
b) Reduces app performance
c) Disables biometric authentication
d) Prevents OS updates
Answer:
a) Allows malware to be remotely installed
Explanation:
With USB Debugging enabled, an attacker with physical access to an Android device can execute ADB (Android Debug Bridge) commands, install malicious apps, or even extract data.
33. What is the “Factory Reset Protection” (FRP) feature in Android?
a) Prevents unauthorized factory resets
b) Encrypts internal storage
c) Enhances device performance
d) Blocks malware from running
Answer:
a) Prevents unauthorized factory resets
Explanation:
Factory Reset Protection (FRP) ensures that even if an attacker factory resets a stolen device, they cannot bypass Google account verification, making the device unusable to thieves.
34. Which Android permission is most dangerous if granted to a malicious app?
a) Bluetooth Access
b) Accessibility Services
c) Vibrate Control
d) Wallpaper Change
Answer:
b) Accessibility Services
Explanation:
Accessibility Services allow apps to control the device, read screen content, and perform user interactions. Malware often misuses this permission to perform clickjacking, keylogging, or data theft.
35. What is a “Rogue App” in Android security?
a) An app that hides in the app drawer
b) An app that impersonates a legitimate app but contains malware
c) An app that runs in a virtual environment
d) An app that requires root access
Answer:
b) An app that impersonates a legitimate app but contains malware
Explanation:
A rogue app looks like a real app but is actually malware designed to steal data, deliver phishing attacks, or spread spyware.
36. What is the “Locker Ransomware” attack on Android?
a) Locks the device and demands a ransom to unlock it
b) Encrypts files but allows device access
c) Hijacks network traffic
d) Bypasses Android screen lock
Answer:
a) Locks the device and demands a ransom to unlock it
Explanation:
Locker ransomware prevents users from accessing their Android device entirely, displaying a ransom message demanding payment to unlock it.
37. How does “App Pinning” improve Android security?
a) Prevents unauthorized app switching
b) Disables screenshot capture
c) Encrypts app data in transit
d) Stops malware from being installed
Answer:
a) Prevents unauthorized app switching
Explanation:
App Pinning ensures that users stay within a specific app unless they enter a password or use biometric authentication, which is useful for security when lending a phone to someone.
38. How does “Device Admin API” improve Android security?
a) Provides an extra layer of protection for enterprise users
b) Scans apps for malware
c) Restricts access to internet services
d) Detects malicious network traffic
Answer:
a) Provides an extra layer of protection for enterprise users
Explanation:
The Device Admin API is used for mobile device management (MDM) in organizations, allowing admins to enforce security policies like remote wipe, password rules, and device encryption.
39. What is an “Evil Twin” attack in Android security?
a) A malicious Wi-Fi network that mimics a legitimate one
b) A Bluetooth hijacking attack
c) A spyware attack using dual applications
d) A vulnerability in Android’s user authentication
Answer:
a) A malicious Wi-Fi network that mimics a legitimate one
Explanation:
In an Evil Twin attack, hackers create a fake Wi-Fi hotspot that looks legitimate, tricking users into connecting. Attackers then intercept data transmitted over the network.
40. What is “Credential Stuffing” in the context of Android security?
a) Reusing stolen usernames and passwords to gain unauthorized access
b) Injecting fake credentials into apps
c) Bypassing fingerprint authentication
d) Modifying APK files to bypass security
Answer:
a) Reusing stolen usernames and passwords to gain unauthorized access
Explanation:
Credential Stuffing is an attack where hackers use stolen login credentials from one data breach to attempt logins on other services where users may have reused passwords.
41. How does “Zero Trust Security” apply to Android devices?
a) It assumes no device or user is automatically trusted
b) It encrypts data at rest
c) It blocks third-party app installations
d) It enforces only biometric authentication
Answer:
a) It assumes no device or user is automatically trusted
Explanation:
Zero Trust Security ensures that all devices and users must be continuously authenticated before being granted access to resources, reducing the risk of breaches.
42. What is an “APK Repackaging Attack”?
a) Modifying an existing APK to insert malicious code
b) Encrypting APK files for security
c) Signing an APK with a trusted certificate
d) Running an APK in a virtualized environment
Answer:
a) Modifying an existing APK to insert malicious code
Explanation:
Attackers often modify legitimate Android apps (APKs) by inserting malware and then redistribute them via third-party stores or phishing sites.
43. What is the main security risk of “Android Widgets”?
a) They can be used for phishing attacks
b) They consume excessive battery power
c) They reduce app performance
d) They can disable antivirus software
Answer:
a) They can be used for phishing attacks
Explanation:
Malicious widgets can spoof real apps or collect sensitive data without the user noticing, leading to phishing or keylogging attacks.
44. What is the primary risk of using “rooted Android devices”?
a) Loss of device warranty
b) Increased malware infections
c) Slower app updates
d) Higher battery usage
Answer:
b) Increased malware infections
Explanation:
Rooted devices bypass Android’s built-in security measures, allowing malicious apps to gain root access and compromise system files.
45. What is the primary security risk of using Android’s “Smart Lock” feature?
a) Automatically grants access without requiring authentication
b) Blocks malware from running
c) Prevents app installations from unknown sources
d) Disables biometric authentication
Answer:
a) Automatically grants access without requiring authentication
Explanation:
Smart Lock allows users to bypass authentication in trusted locations, near trusted devices, or after detecting user activity. If an attacker gains access while Smart Lock is enabled, they can use the device without needing a PIN, password, or biometric authentication.
46. What is “Stagefright 2.0” in Android security?
a) A vulnerability allowing remote code execution via media files
b) A flaw in the Android lock screen
c) A malware that spreads via Bluetooth
d) A weakness in Android’s VPN encryption
Answer:
a) A vulnerability allowing remote code execution via media files
Explanation:
Stagefright 2.0 was an Android vulnerability that allowed attackers to execute malicious code by simply sending a crafted media file (MP3 or MP4). This meant that users did not need to open a file for their device to be exploited.
47. What is “Keylogging Malware” in Android security?
a) Malware that records and steals keystrokes
b) A bug in Android’s keyboard system
c) An exploit that modifies encryption keys
d) A tool that enhances password security
Answer:
a) Malware that records and steals keystrokes
Explanation:
Keylogging malware is designed to record every keystroke entered on an Android device, capturing sensitive information such as passwords, credit card details, and messages without the user knowing.
48. What is the best way to prevent “Man-in-the-Middle” (MitM) attacks on Android?
a) Always use a VPN on public Wi-Fi
b) Disable Bluetooth connectivity
c) Close background apps frequently
d) Use incognito mode in browsers
Answer:
a) Always use a VPN on public Wi-Fi
Explanation:
MitM attacks occur when an attacker intercepts communication between a device and a network. Using a VPN encrypts data traffic, making it harder for attackers to eavesdrop or manipulate sensitive information.
49. What is the primary purpose of “Android Enterprise Recommended” devices?
a) Ensuring security updates and business-grade support
b) Blocking malicious app installations
c) Encrypting business communications
d) Preventing software updates
Answer:
a) Ensuring security updates and business-grade support
Explanation:
Android Enterprise Recommended (AER) devices meet strict security, hardware, and update policies set by Google. These devices receive timely security patches and support enterprise security features.
50. What is “Android App Hardening” in cybersecurity?
a) Applying security techniques to prevent app exploitation
b) Encrypting all app data
c) Making apps load faster
d) Disabling unnecessary app permissions
Answer:
a) Applying security techniques to prevent app exploitation
Explanation:
App hardening includes code obfuscation, runtime integrity checks, anti-reverse engineering, and data encryption to make Android applications more secure against hackers and malware.
51. What is “Magisk” primarily used for in Android security?
a) Rooting Android devices while bypassing SafetyNet
b) Encrypting user data
c) Enhancing Wi-Fi security
d) Detecting ransomware attacks
Answer:
a) Rooting Android devices while bypassing SafetyNet
Explanation:
Magisk is a tool that allows users to root their Android devices without modifying system partitions, enabling them to use rooted apps while still passing Google’s SafetyNet security check.
52. What is “Silent Installation Attack” in Android malware?
a) Installing malicious apps without user interaction
b) Encrypting user files in the background
c) Hijacking SMS-based authentication
d) Exploiting VPN misconfigurations
Answer:
a) Installing malicious apps without user interaction
Explanation:
A Silent Installation Attack occurs when malware exploits vulnerabilities to install apps in the background without the user’s consent, often by abusing Android’s Accessibility Services.
53. What is “Clipboard Hijacking” in Android security?
a) Malware replacing copied content with malicious data
b) Apps monitoring user keystrokes
c) Unauthorized modification of APK files
d) Bypassing app permissions
Answer:
a) Malware replacing copied content with malicious data
Explanation:
Clipboard hijacking malware monitors copied text, such as cryptocurrency wallet addresses, and replaces them with attacker-controlled data, leading to fund theft or phishing attacks.
54. What is “APK Signature Spoofing” in Android security?
a) Modifying an app’s digital signature to mimic a trusted app
b) Encrypting APK files for added security
c) Preventing malware from modifying an APK
d) Using fake certificates to block malware
Answer:
a) Modifying an app’s digital signature to mimic a trusted app
Explanation:
APK Signature Spoofing allows attackers to modify an app’s signature and make it appear as if it was signed by a legitimate developer, enabling malicious code injection.
55. What is “Android Tap-and-Go” used for?
a) Transferring data securely between Android devices
b) Bypassing PIN authentication
c) Encrypting internal storage
d) Blocking malicious app installations
Answer:
a) Transferring data securely between Android devices
Explanation:
Tap-and-Go uses NFC technology to securely transfer user data, settings, and apps from one Android device to another during device migration.
56. What is the function of the “Trust Agents” feature in Android security?
a) Allows automatic unlocking in trusted environments
b) Blocks root access
c) Scans APK files for malware
d) Prevents app crashes
Answer:
a) Allows automatic unlocking in trusted environments
Explanation:
Trust Agents work with Smart Lock to allow automatic unlocking when certain conditions are met, such as being connected to a trusted Bluetooth device.
57. What is “Odin Mode” in Android devices?
a) A mode used for flashing firmware on Samsung devices
b) A secure bootloader for Android
c) A method for encrypting system files
d) A firewall tool
Answer:
a) A mode used for flashing firmware on Samsung devices
Explanation:
Odin Mode is a Samsung-exclusive feature that allows users to flash firmware, kernels, and custom ROMs on their devices.
58. What is the main security function of “SafetyNet Attestation”?
a) Detects rooted or modified devices
b) Encrypts sensitive app data
c) Blocks unauthorized app installations
d) Prevents app crashes
Answer:
a) Detects rooted or modified devices
Explanation:
SafetyNet Attestation is an API used by apps to check if a device has been modified, rooted, or running custom firmware, preventing unauthorized access to banking and secure apps.
59. What is “Proximity Locking” in Android security?
a) Automatically locks the phone when the user moves away
b) Encrypts all files on the device
c) Disables Bluetooth in untrusted areas
d) Prevents screen recording
Answer:
a) Automatically locks the phone when the user moves away
Explanation:
Proximity Locking uses Bluetooth or motion sensors to detect if a user has moved away and automatically locks the device for security.
60. What is “Smishing” in Android security?
a) SMS-based phishing attacks
b) Malicious QR code attacks
c) Bluetooth vulnerability exploits
d) Fake app installation attacks
Answer:
a) SMS-based phishing attacks
Explanation:
Smishing (SMS phishing) involves attackers sending fraudulent SMS messages that trick users into clicking malicious links or providing sensitive information.
61. What is “Android SafetyNet Verify Apps” feature used for?
a) Detecting malicious apps before installation
b) Encrypting user passwords
c) Preventing app uninstallation
d) Blocking all third-party app stores
Answer:
a) Detecting malicious apps before installation
Explanation:
SafetyNet Verify Apps is a security feature that scans apps before installation to detect potential malware or harmful behavior. It is part of Google Play Protect.
62. What is “Data Execution Prevention (DEP)” in Android security?
a) Prevents execution of malicious code in memory
b) Encrypts stored user data
c) Blocks unauthorized network traffic
d) Detects malicious apps
Answer:
a) Prevents execution of malicious code in memory
Explanation:
DEP (Data Execution Prevention) is a memory protection feature that prevents code execution in non-executable memory regions, reducing the risk of buffer overflow attacks.
63. What is the “Play Integrity API” in Android security?
a) Detects rooted devices and modified apps
b) Encrypts user files
c) Protects against ransomware
d) Prevents app crashes
Answer:
a) Detects rooted devices and modified apps
Explanation:
The Play Integrity API helps developers verify whether an Android device, OS, or app has been modified or compromised, preventing fraud and unauthorized access.
64. What is the main purpose of “Android’s Encrypted Backups”?
a) Securely store user data with end-to-end encryption
b) Speed up data restoration
c) Improve cloud synchronization
d) Increase storage efficiency
Answer:
a) Securely store user data with end-to-end encryption
Explanation:
Android’s encrypted backups protect user data stored in Google Drive by encrypting it before uploading, ensuring that only the device owner can restore it.
65. What is an “Android Dropper” in malware?
a) A type of malware that installs other malicious payloads
b) An encryption tool for Android files
c) A rootkit for hiding applications
d) A security feature in Play Store
Answer:
a) A type of malware that installs other malicious payloads
Explanation:
An Android Dropper is a malware variant that installs additional malicious apps or payloads on a device without user consent, often bypassing security controls.
66. What is “Android Runtime Permission Model” designed to do?
a) Prompt users before granting sensitive app permissions
b) Block third-party app installations
c) Detect background network activity
d) Encrypt user passwords
Answer:
a) Prompt users before granting sensitive app permissions
Explanation:
Introduced in Android 6.0 (Marshmallow), the Runtime Permission Model ensures that users manually approve sensitive permissions (e.g., location, microphone, contacts) at runtime, rather than during app installation.
67. What is “Zerodium” in the context of Android security?
a) A company that buys and sells exploits for high prices
b) A vulnerability scanning tool for Android
c) A feature that prevents phishing attacks
d) A security update process
Answer:
a) A company that buys and sells exploits for high prices
Explanation:
Zerodium is a vulnerability brokerage firm that offers bounties for zero-day exploits, including Android vulnerabilities that can be used for advanced cyberattacks.
68. What is “DexProtector” used for in Android security?
a) Protecting apps from reverse engineering and tampering
b) Encrypting files in cloud storage
c) Blocking SMS-based phishing attacks
d) Enhancing Wi-Fi security
Answer:
a) Protecting apps from reverse engineering and tampering
Explanation:
DexProtector is a tool that provides code obfuscation, anti-reverse engineering, and encryption to protect Android apps from unauthorized modifications.
69. What does “Android Full-Disk Encryption (FDE)” protect?
a) All data stored on the internal storage
b) Only app-related data
c) Network communications
d) Installed applications
Answer:
a) All data stored on the internal storage
Explanation:
Full-Disk Encryption (FDE) encrypts all user data on the device’s internal storage, making it unreadable without the correct decryption key.
70. What is “Android App Integrity Verification”?
a) Checks if an app has been modified or tampered with
b) Scans apps for battery usage
c) Encrypts all app logs
d) Blocks background apps from running
Answer:
a) Checks if an app has been modified or tampered with
Explanation:
Android App Integrity Verification ensures that an app’s digital signature is valid and hasn’t been modified or repackaged by attackers.
71. What is the purpose of the “StrictMode” policy in Android?
a) Detects performance issues and security risks in apps
b) Encrypts app data
c) Enhances battery performance
d) Prevents malware execution
Answer:
a) Detects performance issues and security risks in apps
Explanation:
StrictMode is a developer tool that helps detect performance issues, security risks, and potential vulnerabilities, such as long-running operations on the main thread.
72. What is “Binder” in Android security?
a) A secure inter-process communication (IPC) mechanism
b) A feature that enhances app permissions
c) A malware detection tool
d) A data encryption protocol
Answer:
a) A secure inter-process communication (IPC) mechanism
Explanation:
Binder is Android’s inter-process communication (IPC) system that enables secure communication between apps and system components.
73. What is “Android Virtualization Framework (AVF)” used for?
a) Running secure virtual machines on Android
b) Encrypting internal storage
c) Detecting malware in app permissions
d) Preventing clickjacking attacks
Answer:
a) Running secure virtual machines on Android
Explanation:
AVF (Android Virtualization Framework) allows Android devices to run lightweight virtual machines (VMs), enhancing security isolation for critical applications.
74. What is “PUP” (Potentially Unwanted Program) in Android security?
a) An app that exhibits questionable behavior but is not outright malware
b) A security patching tool
c) A process that speeds up app execution
d) A firewall feature
Answer:
a) An app that exhibits questionable behavior but is not outright malware
Explanation:
PUPs (Potentially Unwanted Programs) include apps that display excessive ads, track user activity, or contain hidden charges, but they are not classified as malware.
75. What is “Bootloader Unlocking” in Android security?
a) Allows users to install custom ROMs and modify the OS
b) Enables hardware encryption
c) Prevents app installation from third-party sources
d) Blocks root access
Answer:
a) Allows users to install custom ROMs and modify the OS
Explanation:
Unlocking the bootloader removes restrictions placed by the manufacturer, allowing users to install custom firmware, root their device, or modify system components.
76. What is “Frida” in Android security?
a) A dynamic instrumentation toolkit for app analysis and reverse engineering
b) A secure sandbox for running untrusted apps
c) A built-in firewall to block network attacks
d) An Android patching tool
Answer:
a) A dynamic instrumentation toolkit for app analysis and reverse engineering
Explanation:
Frida is a popular tool used for security testing, reverse engineering, and runtime manipulation of Android apps. It allows penetration testers to inject scripts into running processes to analyze or modify app behavior.
77. What is “Intent Hijacking” in Android security?
a) An attack where a malicious app intercepts sensitive app communications
b) A method to bypass app permissions
c) A flaw in Android’s biometric authentication
d) A malware that modifies app intents for increased battery usage
Answer:
a) An attack where a malicious app intercepts sensitive app communications
Explanation:
Intent Hijacking occurs when an untrusted app intercepts an explicit or implicit intent sent between Android components, allowing attackers to steal or manipulate data.
78. What is the purpose of “Keystore System” in Android security?
a) Securely stores cryptographic keys and prevents extraction
b) Encrypts all system files
c) Detects malware in downloaded files
d) Blocks unauthorized app updates
Answer:
a) Securely stores cryptographic keys and prevents extraction
Explanation:
The Android Keystore System securely stores cryptographic keys in a hardware-backed environment, ensuring they cannot be extracted or tampered with.
79. What is an “Obfuscation Technique” in Android security?
a) A method used to make source code harder to reverse engineer
b) A feature that blocks screen recording
c) A way to detect ransomware in real-time
d) A method to encrypt Wi-Fi connections
Answer:
a) A method used to make source code harder to reverse engineer
Explanation:
Obfuscation techniques make an Android app’s code difficult to read or understand, helping to protect it from reverse engineering, tampering, and piracy.
80. What is “Juice Jacking” in Android security?
a) A cyberattack where hackers steal data through public charging stations
b) A vulnerability in Android battery optimization
c) A malware that drains device battery life
d) A Bluetooth-based attack
Answer:
a) A cyberattack where hackers steal data through public charging stations
Explanation:
Juice Jacking occurs when attackers install malware or steal data from a device via a compromised USB charging port, typically found in public charging stations.
81. What is “Cloakware” in Android app security?
a) A technique to protect applications from reverse engineering
b) A VPN service for secure browsing
c) A firewall that monitors app permissions
d) A process for encrypting backup data
Answer:
a) A technique to protect applications from reverse engineering
Explanation:
Cloakware refers to security solutions that obfuscate and protect app code from being reverse-engineered, tampered with, or exploited by attackers.
82. What is “Xposed Framework” used for in Android security?
a) Modifying system and app behavior at runtime
b) Blocking malware from running in the background
c) Encrypting Wi-Fi connections
d) Scanning APK files for security risks
Answer:
a) Modifying system and app behavior at runtime
Explanation:
Xposed Framework is a powerful tool that allows users to modify Android system behavior and app functionalities without modifying APK files or flashing custom ROMs.
83. What is an “Exploit Payload” in Android hacking?
a) A piece of malicious code executed after exploiting a vulnerability
b) A security patch applied to Android firmware
c) A legitimate debugging feature in Android Studio
d) A technique for increasing battery performance
Answer:
a) A piece of malicious code executed after exploiting a vulnerability
Explanation:
An exploit payload is the malicious code that is executed after an attacker successfully exploits a vulnerability in an Android app or system.
84. What is “DexGuard” in Android security?
a) A security tool for protecting Android applications from reverse engineering
b) A malware scanning software
c) A feature in Android’s Security Patch Update process
d) A type of ransomware targeting financial apps
Answer:
a) A security tool for protecting Android applications from reverse engineering
Explanation:
DexGuard is a commercial tool for code obfuscation, encryption, and runtime protection, preventing attackers from reverse-engineering Android apps.
85. What is “Android Patch Gap”?
a) A delay between vulnerability discovery and patch release
b) A security flaw in app permissions
c) A process for encrypting Android files
d) A framework used for testing app vulnerabilities
Answer:
a) A delay between vulnerability discovery and patch release
Explanation:
The Android Patch Gap refers to the time delay between the discovery of a security vulnerability and the actual release of a security patch by vendors.
86. What is “Banking Trojan” in Android security?
a) A malware that steals financial information from banking apps
b) A tool for encrypting mobile payments
c) A built-in Android security feature
d) A method used for blocking unauthorized app installations
Answer:
a) A malware that steals financial information from banking apps
Explanation:
Banking Trojans disguise themselves as legitimate apps but secretly steal banking credentials, credit card details, and payment information.
87. What is “Metasploit” used for in Android security testing?
a) A penetration testing framework for exploiting vulnerabilities
b) A VPN service for secure browsing
c) A cloud-based malware detection system
d) An Android update service
Answer:
a) A penetration testing framework for exploiting vulnerabilities
Explanation:
Metasploit is a widely used penetration testing framework that allows security testers to exploit, analyze, and patch Android vulnerabilities.
88. What is “Blackbox Testing” in Android security?
a) Testing an application without knowledge of its internal structure
b) Testing an app’s source code for vulnerabilities
c) A technique for encrypting Android data
d) A process used for optimizing battery life
Answer:
a) Testing an application without knowledge of its internal structure
Explanation:
Blackbox Testing is a security testing technique where testers evaluate an Android app’s security without access to its source code, mimicking a real-world attacker’s perspective.
89. What is “Firebase App Check” used for in Android security?
a) Protecting backend resources from abuse and fraud
b) Encrypting user passwords
c) Scanning apps for malware
d) Detecting phishing attacks in messages
Answer:
a) Protecting backend resources from abuse and fraud
Explanation:
Firebase App Check helps prevent unauthorized access to backend services by verifying that requests come from genuine, non-compromised apps.
90. What is “Privilege Escalation” in Android security?
a) Gaining unauthorized higher-level access on a device
b) Encrypting all user credentials
c) A method for securing Wi-Fi networks
d) A feature in Android to increase app performance
Answer:
a) Gaining unauthorized higher-level access on a device
Explanation:
Privilege Escalation occurs when an attacker exploits a vulnerability to gain unauthorized administrative privileges, allowing them to execute system-level commands.
91. What is “APK Decompilation” in Android security?
a) Extracting and analyzing an Android app’s source code
b) Encrypting APK files to prevent modification
c) A process that speeds up app installation
d) A security patching mechanism
Answer:
a) Extracting and analyzing an Android app’s source code
Explanation:
APK Decompilation involves reverse engineering an Android app to extract its source code, assets, and resources. Attackers use decompilation tools like JADX or APKTool to analyze an app’s behavior and discover vulnerabilities.
92. What is “Malvertising” in Android security?
a) A method where ads distribute malware
b) A secure ad-serving framework
c) A feature for detecting malicious network traffic
d) A type of Android firewall
Answer:
a) A method where ads distribute malware
Explanation:
Malvertising (Malicious Advertising) involves embedding malicious scripts or exploit kits in online advertisements. When users view or click these ads, malware can be silently installed on their devices.
93. What is “Certificate Pinning” in Android security?
a) Ensuring that an app only accepts specific SSL certificates
b) Blocking fake digital certificates from unknown sources
c) Encrypting SSL/TLS communications
d) Preventing app uninstallation
Answer:
a) Ensuring that an app only accepts specific SSL certificates
Explanation:
Certificate Pinning protects apps from Man-in-the-Middle (MitM) attacks by ensuring that only pre-approved SSL certificates are accepted, even if a compromised Certificate Authority issues a fake certificate.
94. What is “OWASP Mobile Security Testing Guide (MSTG)”?
a) A security framework for mobile app penetration testing
b) A cloud-based malware detection system
c) A method for securing Android backups
d) An Android update mechanism
Answer:
a) A security framework for mobile app penetration testing
Explanation:
The OWASP Mobile Security Testing Guide (MSTG) is an open-source manual for security testing of Android and iOS applications, providing guidelines for pentesters and developers.
95. What is the “Android Runtime (ART)” used for?
a) Executing Android applications efficiently and securely
b) Encrypting app permissions at runtime
c) Detecting malware in app files
d) Preventing unauthorized network access
Answer:
a) Executing Android applications efficiently and securely
Explanation:
Android Runtime (ART) is responsible for executing Android apps, replacing the older Dalvik Virtual Machine (DVM) with improved performance, security, and memory management.
96. What is “Rogue Wi-Fi Network Attack” in Android security?
a) A method where attackers create a fake Wi-Fi network to intercept data
b) A technique to bypass Wi-Fi security settings
c) A Bluetooth-based attack on Android devices
d) A vulnerability in Android’s hotspot feature
Answer:
a) A method where attackers create a fake Wi-Fi network to intercept data
Explanation:
In a Rogue Wi-Fi Attack, hackers create a fake Wi-Fi hotspot that appears legitimate, tricking users into connecting. Attackers then steal data, inject malware, or conduct phishing attacks.
97. What is the role of “Google Play Signing” in Android security?
a) Ensuring app integrity and verifying developer authenticity
b) Encrypting user passwords stored in Google Play
c) Blocking malicious ads in Google Play Store
d) Scanning apps for security vulnerabilities
Answer:
a) Ensuring app integrity and verifying developer authenticity
Explanation:
Google Play Signing securely stores app signing keys and ensures that only the original developer can update the app, preventing app tampering and repackaging attacks.
98. What is “MITM Proxy” used for in Android penetration testing?
a) Intercepting and analyzing encrypted network traffic
b) Detecting rogue Wi-Fi networks
c) Encrypting all network communications
d) Blocking unauthorized app installations
Answer:
a) Intercepting and analyzing encrypted network traffic
Explanation:
MITM Proxy (Man-in-the-Middle Proxy) is a tool that allows security testers to intercept, inspect, and modify encrypted network traffic between an Android app and a server.
99. What is “DroidBox” used for in Android security testing?
a) Dynamic analysis of Android apps for security vulnerabilities
b) A tool for encrypting Android system logs
c) A framework for detecting fake apps in Google Play
d) A method for optimizing Android battery performance
Answer:
a) Dynamic analysis of Android apps for security vulnerabilities
Explanation:
DroidBox is an Android application sandbox that performs dynamic analysis, monitoring an app’s behavior in real time to detect malware, data leaks, and security flaws.
100. What is “AppShielding” in Android security?
a) A technique to protect apps from reverse engineering and tampering
b) A feature that blocks third-party app stores
c) A method for securing Android network traffic
d) A cloud-based malware scanning tool
Answer:
a) A technique to protect apps from reverse engineering and tampering
Explanation:
AppShielding involves security techniques such as code obfuscation, anti-debugging, and anti-tampering to protect Android apps from reverse engineering and unauthorized modifications.
101. What is “Android Kernel Hardening”?
a) Strengthening the Linux kernel to prevent exploits
b) Encrypting all user data stored on the device
c) Blocking unauthorized root access
d) Preventing malware installation on the system
Answer:
a) Strengthening the Linux kernel to prevent exploits
Explanation:
Android Kernel Hardening includes security enhancements like SELinux, Address Space Layout Randomization (ASLR), and stack canaries to mitigate exploits and vulnerabilities.
102. What is “Content Provider Injection” in Android security?
a) A vulnerability where attackers manipulate an app’s database via unprotected content providers
b) A secure method of storing encrypted files
c) A feature that blocks unauthorized background apps
d) A phishing technique targeting Android users
Answer:
a) A vulnerability where attackers manipulate an app’s database via unprotected content providers
Explanation:
Content Provider Injection is an Android vulnerability that allows attackers to inject malicious data into an app’s database if the content provider is exposed or unprotected.
103. What is “Session Fixation” in Android web security?
a) An attack where an attacker forces a user to use a known session ID
b) A method for securing web-based Android applications
c) A feature in Android browsers for detecting phishing attacks
d) A security patching process
Answer:
a) An attack where an attacker forces a user to use a known session ID
Explanation:
Session Fixation is an authentication attack where the attacker sets a predetermined session ID for the user, allowing them to hijack the session later.
104. What is “Android WebView Exploitation” in security testing?
a) A technique used to exploit vulnerabilities in embedded web components
b) A method for securing mobile browsers
c) A security feature that blocks malicious scripts
d) A type of Android firewall
Answer:
a) A technique used to exploit vulnerabilities in embedded web components
Explanation:
Android WebView allows apps to display web content inside an app. If improperly configured, it can be vulnerable to JavaScript injection, cross-site scripting (XSS), or local file access attacks.
105. What is “Heap Spray Attack” in Android security?
a) A technique where an attacker fills the memory heap with malicious payloads
b) A method for optimizing memory usage in Android apps
c) A way to encrypt Android application memory
d) A feature that speeds up app performance
Answer:
a) A technique where an attacker fills the memory heap with malicious payloads
Explanation:
Heap spraying is an attack method where a hacker loads the memory heap with malicious payloads, waiting for a vulnerable program to execute them—often used in buffer overflow exploits.
106. What is the purpose of “SELinux in Enforcing Mode” on Android?
a) Prevent unauthorized access to system processes and files
b) Encrypt user files
c) Monitor Bluetooth network connections
d) Improve battery optimization
Answer:
a) Prevent unauthorized access to system processes and files
Explanation:
SELinux in Enforcing Mode ensures that even if an attacker gains root access, they cannot modify system files or execute unauthorized commands.
107. What is “Zimperium zIPS” used for in Android security?
a) A mobile threat defense solution that detects real-time cyber threats
b) A technique for encrypting Android system logs
c) A security patching mechanism for Android devices
d) A tool that enhances network speed
Answer:
a) A mobile threat defense solution that detects real-time cyber threats
Explanation:
Zimperium zIPS is an enterprise security solution that protects Android devices from zero-day malware, phishing attacks, and network-based exploits.
108. What is “Address Space Layout Randomization (ASLR)” in Android security?
a) A technique that randomizes memory addresses to prevent exploitation
b) A method for increasing battery performance
c) A security feature for app permissions
d) A tool that scans Android updates for malware
Answer:
a) A technique that randomizes memory addresses to prevent exploitation
Explanation:
ASLR (Address Space Layout Randomization) makes it harder for attackers to predict memory locations, protecting against buffer overflow and return-oriented programming (ROP) attacks.
109. What is “Janus Vulnerability” in Android?
a) A flaw that allows attackers to modify APKs without breaking signatures
b) A zero-day exploit targeting Android NFC services
c) A vulnerability affecting Android’s VPN encryption
d) A phishing method using fake login screens
Answer:
a) A flaw that allows attackers to modify APKs without breaking signatures
Explanation:
The Janus Vulnerability (CVE-2017-13156) allows attackers to inject malicious code into a legitimate APK file without affecting its digital signature, making it appear trusted.
110. What is “DroidHunter” used for in Android security?
a) A malware scanner for detecting Android rootkits and hidden threats
b) A VPN tool for securing Android browsing
c) A tool for increasing Android app performance
d) A framework for encrypting Android system files
Answer:
a) A malware scanner for detecting Android rootkits and hidden threats
Explanation:
DroidHunter is a malware detection tool that analyzes Android system components for rootkits, backdoors, and persistent threats.
111. What is “Rogue Google Play Apps” in Android security?
a) Malicious apps that bypass Google Play Protect and distribute malware
b) Official apps that fail to update
c) A security flaw in Google Play updates
d) A feature that blocks unverified app downloads
Answer:
a) Malicious apps that bypass Google Play Protect and distribute malware
Explanation:
Some malware-infected apps manage to bypass Google Play Protect using code obfuscation, delayed execution, or social engineering to spread spyware, adware, or Trojans.
112. What is “RASP (Runtime Application Self-Protection)” in Android security?
a) A technology that detects and prevents runtime attacks on mobile apps
b) A feature that monitors Android battery performance
c) A framework for optimizing app permissions
d) A VPN tool for encrypting Android network connections
Answer:
a) A technology that detects and prevents runtime attacks on mobile apps
Explanation:
RASP (Runtime Application Self-Protection) helps detect and block real-time attacks on Android apps, preventing code injection, debugging attempts, and memory tampering.
113. What is “Intent Spoofing” in Android security?
a) An attack where a malicious app sends fake intents to manipulate another app
b) A technique for bypassing biometric authentication
c) A phishing attack targeting SMS messages
d) A method for encrypting push notifications
Answer:
a) An attack where a malicious app sends fake intents to manipulate another app
Explanation:
Intent Spoofing is a vulnerability where an untrusted app sends fake intents to another app, tricking it into performing unauthorized actions.
114. What is “APK Bindiffing” in Android security?
a) Comparing two APK versions to detect changes and vulnerabilities
b) A technique for detecting network threats
c) A method to block unauthorized background services
d) A firewall feature in Android security
Answer:
a) Comparing two APK versions to detect changes and vulnerabilities
Explanation:
APK Bindiffing is used in reverse engineering to analyze differences between two APK versions, helping identify code modifications, security fixes, and injected malware.
115. What is “Overlay Permission Abuse” in Android security?
a) A technique where a malicious app overlays fake screens on legitimate apps
b) A security feature that prevents unauthorized downloads
c) A method for blocking app notifications
d) A tool for encrypting Android system updates
Answer:
a) A technique where a malicious app overlays fake screens on legitimate apps
Explanation:
Attackers exploit Android’s SYSTEM_ALERT_WINDOW permission to create malicious overlays, tricking users into entering credentials or granting excessive permissions.
116. What is “XSS in WebView-based Android apps”?
a) Cross-Site Scripting vulnerabilities within WebView components
b) A security feature that encrypts JavaScript execution
c) A browser-based firewall mechanism
d) A method for securing Android NFC transactions
Answer:
a) Cross-Site Scripting vulnerabilities within WebView components
Explanation:
XSS (Cross-Site Scripting) in WebView-based apps occurs when user input is not properly sanitized, allowing malicious JavaScript to execute inside the app’s WebView.
117. What is “ADB Exploitation” in Android security?
a) Abusing Android Debug Bridge (ADB) to gain unauthorized control of a device
b) A feature for monitoring system updates
c) A tool used for network encryption
d) A method for optimizing battery usage
Answer:
a) Abusing Android Debug Bridge (ADB) to gain unauthorized control of a device
Explanation:
Attackers exploit ADB Debugging Mode to gain unauthorized remote access, install malware, or extract sensitive data.
118. What is “Google Play Protect’s Safe Browsing” feature designed to do?
a) Warn users about malicious websites in Chrome and WebView
b) Block all third-party app installations
c) Encrypt app data at rest
d) Prevent Bluetooth-based attacks
Answer:
a) Warn users about malicious websites in Chrome and WebView
Explanation:
Google Play Protect’s Safe Browsing scans web pages and warns users if they are visiting a phishing or malware-infected site inside Google Chrome or WebView-based apps.
119. What is “TaintDroid” used for in Android security?
a) A dynamic analysis tool for detecting data leaks in apps
b) A VPN service for secure browsing
c) A malware used for Android exploitation
d) A tool to detect rogue Wi-Fi hotspots
Answer:
a) A dynamic analysis tool for detecting data leaks in apps
Explanation:
TaintDroid is a real-time dynamic taint analysis tool that tracks how user data moves through an Android app, helping detect data leaks and privacy violations.
120. What is “FakeID Vulnerability” in Android?
a) A flaw allowing malicious apps to impersonate trusted certificates
b) A security patching process for identity verification
c) A way to bypass biometric authentication
d) A malware that manipulates caller IDs
Answer:
a) A flaw allowing malicious apps to impersonate trusted certificates
Explanation:
The FakeID vulnerability (CVE-2014-3153) allows malicious apps to bypass Android’s digital certificate verification and impersonate trusted applications, gaining unauthorized permissions.
121. What is “Google SafetyNet’s reCAPTCHA” used for in Android security?
a) Protecting apps and websites from automated bots
b) Encrypting network traffic
c) Preventing app uninstallation
d) Blocking rogue Android updates
Answer:
a) Protecting apps and websites from automated bots
Explanation:
Google SafetyNet’s reCAPTCHA helps prevent bot-based attacks, credential stuffing, and automated abuse in Android apps and web services.
122. What is “ExynosModem Vulnerability” in Android security?
a) A flaw in Samsung’s Exynos chipset that allows remote code execution
b) A backdoor exploit in Qualcomm modems
c) A rootkit targeting Android NFC services
d) A malware designed to intercept VoIP calls
Answer:
a) A flaw in Samsung’s Exynos chipset that allows remote code execution
Explanation:
The ExynosModem vulnerability affects Samsung’s Exynos chipsets, allowing attackers to remotely execute code via baseband exploits, potentially leading to device compromise.
123. What is “Dynamic Code Loading” in Android security?
a) A technique where an app loads additional code at runtime
b) A method for optimizing background tasks
c) A feature that enhances battery performance
d) A tool for analyzing network traffic
Answer:
a) A technique where an app loads additional code at runtime
Explanation:
Dynamic Code Loading (DCL) allows an Android app to download and execute additional code after installation. Attackers can misuse this feature to inject malicious code dynamically.
124. What is “StrandHogg Vulnerability” in Android security?
a) A flaw allowing malicious apps to hijack legitimate app screens
b) A weakness in Android’s encryption protocols
c) A phishing method using SMS messages
d) A malware that spreads via Bluetooth
Answer:
a) A flaw allowing malicious apps to hijack legitimate app screens
Explanation:
The StrandHogg vulnerability lets malicious apps display fake login screens over legitimate ones, tricking users into entering credentials unknowingly.
125. What is “Needle Injection Attack” in Android security?
a) A method where malicious code is injected into a running app process
b) A Bluetooth-based data theft technique
c) A vulnerability in NFC-based transactions
d) A phishing method targeting Android banking apps
Answer:
a) A method where malicious code is injected into a running app process
Explanation:
A Needle Injection Attack involves injecting malicious code into an app’s runtime process, allowing attackers to modify its behavior without altering the APK.
126. What is “Triada Malware” in Android security?
a) A sophisticated Android Trojan that operates at the system level
b) A type of ransomware that encrypts Android data
c) A phishing toolkit for Android banking apps
d) A Bluetooth exploit targeting Android smartwatches
Answer:
a) A sophisticated Android Trojan that operates at the system level
Explanation:
Triada malware is an advanced Android Trojan that gains root access and operates at the system level, injecting malicious code into legitimate system processes.
127. What is “NFC Relay Attack” in Android security?
a) A method where attackers intercept and relay NFC-based transactions
b) A vulnerability in Bluetooth Low Energy (BLE)
c) A technique for encrypting NFC-based communication
d) A tool for monitoring NFC traffic
Answer:
a) A method where attackers intercept and relay NFC-based transactions
Explanation:
An NFC Relay Attack occurs when attackers use two NFC-enabled devices to relay a transaction between a victim’s phone and a payment terminal, enabling fraudulent transactions.
128. What is “Ghost Push Malware” in Android security?
a) A malware that installs unwanted apps and is difficult to remove
b) A Bluetooth-based spyware targeting Android devices
c) A flaw in Android’s multitasking system
d) A ransomware variant targeting mobile banking apps
Answer:
a) A malware that installs unwanted apps and is difficult to remove
Explanation:
Ghost Push Malware is a persistent Android malware that can install adware, backdoors, and unwanted apps, often requiring a full factory reset to remove.
129. What is “SIM Swapping Attack” in Android security?
a) A technique where an attacker fraudulently transfers a victim’s phone number to a new SIM card
b) A vulnerability in Android’s SMS encryption
c) A malware designed to intercept mobile banking transactions
d) A method for bypassing app authentication
Answer:
a) A technique where an attacker fraudulently transfers a victim’s phone number to a new SIM card
Explanation:
In a SIM Swapping Attack, cybercriminals trick mobile carriers into issuing a new SIM card linked to a victim’s phone number, allowing them to bypass SMS-based 2FA and hijack accounts.
130. What is “Android BankBot Malware”?
a) A banking Trojan designed to steal user credentials from banking apps
b) A ransomware that encrypts banking transactions
c) A feature in Google Pay for secure transactions
d) A tool for encrypting banking data on Android devices
Answer:
a) A banking Trojan designed to steal user credentials from banking apps
Explanation:
BankBot Malware is a Trojan that overlays fake login screens on banking apps, tricking users into entering their credentials, which are then sent to attackers.
131. What is “Event Injection Attack” in Android security?
a) A technique where a malicious app injects fake input events into the system
b) A phishing attack targeting calendar events
c) A method for encrypting Android push notifications
d) A Bluetooth-based hacking attempt
Answer:
a) A technique where a malicious app injects fake input events into the system
Explanation:
Event Injection Attacks allow attackers to simulate user interactions (e.g., taps, swipes, keystrokes) to bypass security mechanisms, open malicious links, or perform unauthorized actions.
132. What is “Android Backdoor Malware”?
a) A malicious program that provides unauthorized remote access to an attacker
b) A vulnerability in Android’s system recovery mode
c) A flaw in Google Play Store security patches
d) A malware that only targets smartwatches
Answer:
a) A malicious program that provides unauthorized remote access to an attacker
Explanation:
Android Backdoor Malware is designed to gain unauthorized remote access to a device, allowing hackers to execute commands, steal data, or control the phone remotely.
133. What is “KeyStore Key Attestation” in Android security?
a) A mechanism that verifies cryptographic keys have not been tampered with
b) A tool for monitoring background processes
c) A method for encrypting app databases
d) A security vulnerability in biometric authentication
Answer:
a) A mechanism that verifies cryptographic keys have not been tampered with
Explanation:
KeyStore Key Attestation ensures that cryptographic keys stored in Android’s hardware-backed KeyStore are genuine and have not been modified or extracted.
134. What is “Evil Twin Attack” in Android security?
a) A method where attackers create a fake Wi-Fi hotspot to steal data
b) A vulnerability in Android’s Bluetooth communication
c) A Trojan designed to infect Android banking apps
d) A phishing technique using cloned SIM cards
Answer:
a) A method where attackers create a fake Wi-Fi hotspot to steal data
Explanation:
An Evil Twin Attack occurs when an attacker sets up a fraudulent Wi-Fi hotspot with the same SSID as a legitimate one, tricking users into connecting and exposing sensitive information.
135. What is “ZitMo (Zeus-in-the-Mobile)” in Android security?
a) A mobile variant of the Zeus banking Trojan that intercepts SMS messages
b) A tool for encrypting Android apps
c) A zero-day vulnerability affecting Android updates
d) A technique for securing mobile payments
Answer:
a) A mobile variant of the Zeus banking Trojan that intercepts SMS messages
Explanation:
ZitMo (Zeus-in-the-Mobile) is a variant of the Zeus banking Trojan that targets Android devices to steal SMS-based two-factor authentication (2FA) codes for fraudulent banking transactions.
136. What is “Task Hijacking” in Android security?
a) An attack where a malicious app takes control of a legitimate app’s task stack
b) A malware that hijacks Android system updates
c) A security feature that blocks unauthorized app installations
d) A method for securing push notifications
Answer:
a) An attack where a malicious app takes control of a legitimate app’s task stack
Explanation:
Task Hijacking occurs when a malicious app manipulates Android’s multitasking system to overlay or replace legitimate app activities, leading to credential theft or session hijacking.
137. What is “App Sandboxing” in Android security?
a) A security feature that isolates apps to prevent unauthorized data access
b) A technique for running apps in the background
c) A malware detection system in Google Play
d) A method for encrypting app updates
Answer:
a) A security feature that isolates apps to prevent unauthorized data access
Explanation:
App Sandboxing ensures that each Android app runs in its own isolated environment, preventing unauthorized access to system files or other apps’ data.
138. What is “System Partition Protection” in Android?
a) A mechanism that prevents unauthorized modification of system files
b) A security flaw in Android firmware updates
c) A feature for detecting adware infections
d) A method for optimizing app performance
Answer:
a) A mechanism that prevents unauthorized modification of system files
Explanation:
System Partition Protection ensures that critical Android system files cannot be modified unless a device is rooted or bootloader unlocked.
139. What is “ADB over Network” in Android security risks?
a) A feature that allows debugging over Wi-Fi, which can be exploited by attackers
b) A method for securing Android system logs
c) A framework for detecting phishing attacks
d) A technique for bypassing biometric authentication
Answer:
a) A feature that allows debugging over Wi-Fi, which can be exploited by attackers
Explanation:
ADB over Network allows Android Debug Bridge (ADB) connections over Wi-Fi, but if left enabled without security, it can let attackers remotely access the device.
140. What is “Bootloader Locking” in Android security?
a) A feature that prevents unauthorized modifications to the Android OS
b) A method for encrypting internal storage
c) A way to increase app installation speed
d) A flaw in Google Play Store security
Answer:
a) A feature that prevents unauthorized modifications to the Android OS
Explanation:
Bootloader Locking ensures that only official firmware can be installed, preventing unauthorized modifications, custom ROMs, or malware injections.
141. What is “Overlay-based Click Fraud” in Android security?
a) A technique where malicious overlays trick users into clicking fake ads
b) A Bluetooth exploit targeting Android smart devices
c) A vulnerability in Android’s gesture controls
d) A ransomware attack targeting Android banking apps
Answer:
a) A technique where malicious overlays trick users into clicking fake ads
Explanation:
Overlay-based Click Fraud uses transparent overlays or hidden UI elements to trick users into clicking ads or buttons, generating fraudulent revenue for attackers.
142. What is “HummingBad Malware” in Android security?
a) A sophisticated ad fraud malware that secretly installs apps and generates ad revenue
b) A keylogger designed to steal Android login credentials
c) A method for encrypting Android backup files
d) A tool for optimizing Google Play Store downloads
Answer:
a) A sophisticated ad fraud malware that secretly installs apps and generates ad revenue
Explanation:
HummingBad is an Android malware that installs fraudulent apps, displays intrusive ads, and generates fake ad clicks to earn revenue for cybercriminals.
143. What is “Android App Hibernation” in security?
a) A feature that restricts inactive apps from accessing sensitive data
b) A method for encrypting app permissions
c) A tool for detecting fake Android apps
d) A vulnerability affecting Android lock screens
Answer:
a) A feature that restricts inactive apps from accessing sensitive data
Explanation:
Android App Hibernation automatically limits background activity and revokes permissions for apps that haven’t been used for an extended period.
144. What is “Screen Overlay Attack” in Android security?
a) An attack where a malicious app displays a fake UI over another app
b) A vulnerability in Android’s biometric authentication
c) A flaw in Android’s GPS tracking system
d) A malware that targets system updates
Answer:
a) An attack where a malicious app displays a fake UI over another app
Explanation:
A Screen Overlay Attack occurs when a malicious app displays a fake screen over a legitimate app, tricking users into entering sensitive information like passwords or PINs.
145. What is “Fleeceware” in Android security?
a) Apps that charge users excessive subscription fees without their knowledge
b) A ransomware variant targeting Android financial apps
c) A Bluetooth-based malware that spreads via pairing requests
d) A method for securing mobile network traffic
Answer:
a) Apps that charge users excessive subscription fees without their knowledge
Explanation:
Fleeceware refers to fraudulent apps that lure users into paying hidden, excessive subscription fees through deceptive trials or misleading purchase agreements.
146. What is “Intent Sniffing” in Android security?
a) An attack where a malicious app intercepts and reads data from intent messages
b) A method for encrypting push notifications
c) A phishing scam targeting SMS authentication
d) A technique for hiding background processes
Answer:
a) An attack where a malicious app intercepts and reads data from intent messages
Explanation:
Intent Sniffing is an Android security risk where a malicious app listens for intent broadcasts, potentially leaking sensitive data between apps.
147. What is “Phantom App Attack” in Android security?
a) A technique where attackers install an invisible, malicious app on a device
b) A tool for blocking malware-infected applications
c) A vulnerability in Android’s biometric authentication
d) A security feature in Google Play Protect
Answer:
a) A technique where attackers install an invisible, malicious app on a device
Explanation:
Phantom App Attacks involve installing malicious apps that remain invisible to the user while collecting data, tracking activities, or launching further attacks.
148. What is “SIM Toolkit (STK) Attack” in Android security?
a) A method where attackers send malicious SIM commands to control a device
b) A malware that modifies Android’s boot process
c) A phishing attack that targets Google Play Store credentials
d) A method for encrypting SMS messages
Answer:
a) A method where attackers send malicious SIM commands to control a device
Explanation:
A SIM Toolkit (STK) Attack occurs when hackers exploit the SIM card’s ability to execute remote commands, potentially allowing them to send SMS messages, steal data, or track users.
149. What is “Obfuscated Malware” in Android security?
a) Malware that is modified to hide its code from analysis and detection
b) A security feature in Android’s Play Protect
c) A tool used to remove unwanted applications
d) A phishing technique used to collect credit card details
Answer:
a) Malware that is modified to hide its code from analysis and detection
Explanation:
Obfuscated Malware uses code obfuscation techniques to evade security detection, making it harder for antivirus software and malware analysts to identify its behavior.
150. What is “CVE” in Android security?
a) A publicly known identifier for a specific security vulnerability
b) A technique for encrypting Android network traffic
c) A type of mobile ransomware
d) A security patching tool for Android devices
Answer:
a) A publicly known identifier for a specific security vulnerability
Explanation:
CVE (Common Vulnerabilities and Exposures) is a database that assigns unique identifiers to security vulnerabilities, helping security professionals track and mitigate threats.
151. What is “LockerPin Ransomware” in Android security?
a) A type of ransomware that changes a device’s PIN and locks users out
b) A tool for encrypting system files
c) A security update process in Android
d) A method for bypassing two-factor authentication
Answer:
a) A type of ransomware that changes a device’s PIN and locks users out
Explanation:
LockerPin Ransomware locks Android users out of their devices by changing the PIN code, preventing access until a ransom is paid.
152. What is “Rogue Base Station Attack” in Android security?
a) A method where attackers set up fake cell towers to intercept mobile communications
b) A security feature in Android’s VPN settings
c) A phishing attack that targets NFC payments
d) A method for optimizing Android device storage
Answer:
a) A method where attackers set up fake cell towers to intercept mobile communications
Explanation:
A Rogue Base Station Attack occurs when attackers deploy a fake cellular tower, tricking nearby Android devices into connecting and intercepting calls, messages, and data traffic.
153. What is “Root Detection Bypass” in Android security?
a) A method where attackers evade detection mechanisms used by banking apps to detect rooted devices
b) A feature in Android security updates
c) A malware used for financial fraud
d) A VPN encryption flaw
Answer:
a) A method where attackers evade detection mechanisms used by banking apps to detect rooted devices
Explanation:
Root Detection Bypass is a technique where attackers or modified apps hide rooting status to avoid being blocked by security-sensitive applications like banking apps.
154. What is “Baseband Exploitation” in Android security?
a) A technique where vulnerabilities in a device’s baseband firmware are exploited for remote attacks
b) A method for encrypting mobile network traffic
c) A tool for detecting unauthorized SIM card swaps
d) A security feature that blocks unverified apps
Answer:
a) A technique where vulnerabilities in a device’s baseband firmware are exploited for remote attacks
Explanation:
Baseband Exploitation targets firmware responsible for mobile network communication, allowing attackers to execute remote commands, intercept calls, or track device locations.
155. What is “Android Stagefright Exploit”?
a) A vulnerability that allows remote code execution via malicious multimedia files
b) A tool for analyzing Android system logs
c) A phishing attack targeting Google authentication
d) A Bluetooth security flaw
Answer:
a) A vulnerability that allows remote code execution via malicious multimedia files
Explanation:
The Stagefright vulnerability allows attackers to exploit Android’s media processing engine by sending a malicious MMS, executing remote code without user interaction.
156. What is “Banking Overlay Attack” in Android security?
a) A phishing attack where a fake banking login screen overlays the legitimate app
b) A security update for financial applications
c) A method for encrypting banking transactions
d) A malware that modifies Android’s app permissions
Answer:
a) A phishing attack where a fake banking login screen overlays the legitimate app
Explanation:
A Banking Overlay Attack is a social engineering technique where malware displays a fake login screen over a real banking app to steal user credentials.
157. What is “BlueBorne Attack” in Android security?
a) A Bluetooth-based vulnerability that allows remote device exploitation
b) A malware that spreads through Bluetooth file transfers
c) A phishing method using fake Bluetooth pairing requests
d) A security patch that encrypts Bluetooth communication
Answer:
a) A Bluetooth-based vulnerability that allows remote device exploitation
Explanation:
The BlueBorne Attack exploits Bluetooth protocol vulnerabilities, allowing attackers to gain control over Android devices remotely without requiring user interaction.
158. What is “Android Tapjacking Attack”?
a) An attack where a malicious app overlays transparent UI elements to trick users into unintended actions
b) A technique for encrypting Android system notifications
c) A phishing attack that mimics Android lock screens
d) A security patching mechanism in Android devices
Answer:
a) An attack where a malicious app overlays transparent UI elements to trick users into unintended actions
Explanation:
Tapjacking occurs when a malicious app overlays a transparent UI element over another app, tricking the user into clicking buttons unknowingly, which can result in unauthorized transactions, permission grants, or app control takeovers.
159. What is “Cloak and Dagger Attack” in Android security?
a) An attack that combines accessibility and overlay attacks to control a device without user consent
b) A brute force attack targeting Android lock screens
c) A Bluetooth-based attack for data exfiltration
d) A security update process in Google Play Protect
Answer:
a) An attack that combines accessibility and overlay attacks to control a device without user consent
Explanation:
The Cloak and Dagger attack exploits Android’s Accessibility Services along with screen overlay features, allowing attackers to secretly manipulate user input, steal credentials, and control the device without user awareness.
160. What is “Man-in-the-Disk Attack” in Android security?
a) A vulnerability where attackers manipulate app data stored in external storage
b) A phishing technique targeting Android file explorers
c) A malware that infects SD cards to spread to other devices
d) A security feature that encrypts external storage
Answer:
a) A vulnerability where attackers manipulate app data stored in external storage
Explanation:
A Man-in-the-Disk (MitD) Attack occurs when apps use external storage insecurely, allowing attackers to modify or replace files used by the app, leading to malicious code execution or privilege escalation.
161. What is “SMiShing” in Android security?
a) SMS-based phishing attacks that trick users into clicking malicious links
b) A method for encrypting Android push notifications
c) A security patch for Android’s messaging service
d) A Trojan that spreads through SMS messages
Answer:
a) SMS-based phishing attacks that trick users into clicking malicious links
Explanation:
SMiShing (SMS Phishing) is a cyberattack where attackers send fraudulent SMS messages that trick users into revealing sensitive information or downloading malware.
162. What is “Overlay Permission Misuse” in Android security?
a) A vulnerability where malicious apps use overlay permissions to display fake UI elements
b) A feature that enhances Android’s UI performance
c) A technique for securing Android push notifications
d) A method used to optimize Android battery performance
Answer:
a) A vulnerability where malicious apps use overlay permissions to display fake UI elements
Explanation:
Overlay Permission Misuse occurs when a malicious app displays fake popups or UI elements over legitimate apps, tricking users into entering passwords, confirming payments, or granting critical permissions.
163. What is “Process Hollowing” in Android malware?
a) A technique where malware replaces the code of a legitimate process with malicious code
b) A method for detecting background malware in Android
c) A vulnerability affecting Android’s multitasking system
d) A technique for encrypting Android push notifications
Answer:
a) A technique where malware replaces the code of a legitimate process with malicious code
Explanation:
Process Hollowing is a technique where malware injects malicious code into a legitimate Android process, making it appear as a trusted process while executing malicious activities in the background.
164. What is “Malvertising in Android”?
a) A cyberattack where attackers use malicious ads to distribute malware
b) A technique for hiding spyware in Android system updates
c) A method used to secure Android apps from ad fraud
d) A vulnerability that affects Android’s app installation process
Answer:
a) A cyberattack where attackers use malicious ads to distribute malware
Explanation:
Malvertising (Malicious Advertising) occurs when attackers inject malware into online ads, which are then delivered through legitimate ad networks, infecting devices without user interaction.
165. What is “Fake App Cloning” in Android security?
a) A technique where attackers create fake versions of legitimate apps to steal user credentials
b) A security feature that prevents app duplication
c) A method for optimizing Android file storage
d) A vulnerability affecting Android’s cloud backup system
Answer:
a) A technique where attackers create fake versions of legitimate apps to steal user credentials
Explanation:
Fake App Cloning occurs when cybercriminals create fraudulent copies of legitimate apps, distribute them outside official app stores, and steal user data when users enter their credentials.
166. What is “Android Data Leakage via Clipboard”?
a) A risk where sensitive copied text remains accessible to all apps
b) A vulnerability in Android’s file-sharing system
c) A security update that prevents data leaks
d) A phishing attack targeting copied passwords
Answer:
a) A risk where sensitive copied text remains accessible to all apps
Explanation:
Android allows all apps to access clipboard data, meaning any sensitive text (passwords, banking details, etc.) copied by a user can be read by other apps, leading to potential data leakage.
167. What is “MitM Attack via Malicious VPN” in Android security?
a) A method where attackers use a fake VPN service to intercept and modify internet traffic
b) A vulnerability in Android’s built-in VPN feature
c) A technique used to detect malware on Android devices
d) A method for securing Android’s network traffic
Answer:
a) A method where attackers use a fake VPN service to intercept and modify internet traffic
Explanation:
A Man-in-the-Middle (MitM) attack via malicious VPN occurs when attackers distribute fake VPN apps that intercept, modify, or steal network traffic, capturing sensitive user data.
168. What is “Android Spyware via Accessibility Services”?
a) A malware that abuses accessibility features to steal data and control devices
b) A built-in Android feature for detecting spyware
c) A method for securing Android biometric authentication
d) A vulnerability affecting Android app permissions
Answer:
a) A malware that abuses accessibility features to steal data and control devices
Explanation:
Malware exploits Android Accessibility Services to read screen content, capture keystrokes, and control user interactions, leading to spyware infections.
169. What is “Android Cryptojacking Malware”?
a) A malware that hijacks device resources to mine cryptocurrency
b) A ransomware variant that encrypts Android files
c) A phishing attack targeting cryptocurrency wallets
d) A method for encrypting Android cloud storage
Answer:
a) A malware that hijacks device resources to mine cryptocurrency
Explanation:
Android Cryptojacking Malware secretly mines cryptocurrency using a victim’s device processing power, leading to battery drain, performance degradation, and overheating.
170. What is “Android Ransomware via Screen Locking”?
a) A ransomware attack that locks the screen and demands payment for unlocking
b) A vulnerability in Android’s screen brightness control
c) A security patch that prevents lock screen bypassing
d) A feature that encrypts Android notifications
Answer:
a) A ransomware attack that locks the screen and demands payment for unlocking
Explanation:
Android Screen-Locking Ransomware prevents users from accessing their devices by locking the screen and demanding a ransom, often masquerading as a legal warning.
171. What is “Android Fake System Update Malware”?
a) A malicious app that pretends to be a system update to gain control of the device
b) A vulnerability in Android’s software update mechanism
c) A method for bypassing Google Play Protect
d) A legitimate feature used for securing Android firmware updates
Answer:
a) A malicious app that pretends to be a system update to gain control of the device
Explanation:
Attackers create fake system update apps that trick users into installing malware, allowing remote control, data theft, and surveillance on the infected device.
172. What is “Clicker Malware” in Android security?
a) A type of malware that clicks on ads in the background to generate fraudulent revenue
b) A phishing technique that redirects users to malicious websites
c) A malware that records touchscreen inputs
d) A keylogger that captures sensitive information
Answer:
a) A type of malware that clicks on ads in the background to generate fraudulent revenue
Explanation:
Clicker Malware operates in the background, fraudulently clicking ads and generating revenue for cybercriminals while consuming battery and system resources.
173. What is “SpyLoan Malware” in Android security?
a) A type of malware that disguises itself as a loan application to steal sensitive data
b) A banking Trojan that steals financial details from loan apps
c) A spyware used by financial institutions to track users
d) A security patch that prevents financial fraud
Answer:
a) A type of malware that disguises itself as a loan application to steal sensitive data
Explanation:
SpyLoan Malware pretends to be legitimate financial loan apps but steals user information, contacts, and messages, sometimes blackmailing victims for money.
174. What is “Android Zero-Click Attack”?
a) A cyberattack that exploits device vulnerabilities without requiring user interaction
b) A phishing attack that tricks users into clicking malicious links
c) A ransomware variant that encrypts all user data
d) A brute-force attack targeting Android lock screens
Answer:
a) A cyberattack that exploits device vulnerabilities without requiring user interaction
Explanation:
Zero-click attacks exploit vulnerabilities in messaging apps, multimedia files, or network services to execute malicious code without requiring user interaction.
175. What is “Android Fake Antivirus Malware”?
a) A malware that pretends to be an antivirus app but infects the device
b) A security patch that prevents fake apps from being installed
c) A vulnerability in Android’s built-in malware detection
d) A phishing scam that targets antivirus software
Answer:
a) A malware that pretends to be an antivirus app but infects the device
Explanation:
Fake antivirus malware claims to scan for threats but instead installs spyware, steals data, or locks the device with ransomware.
176. What is “Rootkit Malware” in Android security?
a) A malware that gains root access to hide itself and perform malicious activities
b) A security feature that encrypts Android kernel processes
c) A method for detecting rogue applications in Android
d) A vulnerability affecting Android boot processes
Answer:
a) A malware that gains root access to hide itself and perform malicious activities
Explanation:
A rootkit is a stealthy malware that hides in system files, allowing attackers to bypass security controls, steal data, and maintain persistent access.
177. What is “Android Keystroke Logging Malware”?
a) A malware that records everything typed on an Android device
b) A built-in Android security feature for detecting unauthorized access
c) A method for securing keyboard input in Android apps
d) A phishing technique targeting banking applications
Answer:
a) A malware that records everything typed on an Android device
Explanation:
Keystroke logging malware secretly records passwords, messages, and sensitive data typed on an infected Android device.
178. What is “Android Cryptocurrency Wallet Hijacking”?
a) A malware that replaces copied cryptocurrency wallet addresses with the attacker’s address
b) A tool that enhances security for cryptocurrency transactions
c) A vulnerability in Android’s NFC payment system
d) A phishing scam targeting cryptocurrency users
Answer:
a) A malware that replaces copied cryptocurrency wallet addresses with the attacker’s address
Explanation:
Cryptocurrency Wallet Hijacking Malware monitors the clipboard for cryptocurrency wallet addresses, replacing them with an attacker-controlled address.
179. What is “Banking Trojan with Screen Recording Capabilities”?
a) A malware that records a user’s screen to steal banking credentials
b) A built-in Android feature that logs financial transactions
c) A phishing scam that mimics legitimate banking notifications
d) A VPN service that secures online banking sessions
Answer:
a) A malware that records a user’s screen to steal banking credentials
Explanation:
Advanced banking Trojans use screen recording to capture login credentials, allowing attackers to steal sensitive financial information.
180. What is “Android Clipboard Hijacking via Accessibility Services”?
a) A malware that exploits accessibility services to steal clipboard data
b) A method for encrypting clipboard data in Android apps
c) A security feature that prevents unauthorized clipboard access
d) A phishing scam that targets Android text messages
Answer:
a) A malware that exploits accessibility services to steal clipboard data
Explanation:
Malware misuses Accessibility Services to monitor clipboard activity, stealing passwords, cryptocurrency addresses, and sensitive text.
181. What is “Android Botnet Malware”?
a) A malware that turns an infected device into part of a botnet for cyberattacks
b) A built-in Android security feature for detecting rogue networks
c) A type of adware that displays intrusive ads on Android devices
d) A phishing attack that hijacks social media accounts
Answer:
a) A malware that turns an infected device into part of a botnet for cyberattacks
Explanation:
Botnet malware infects Android devices, allowing attackers to remotely control them for launching DDoS attacks, spam campaigns, or data theft.
182. What is “Juice Jacking via Fast Charging Ports”?
a) A cyberattack where attackers steal data from devices plugged into public USB charging stations
b) A method for securing Android battery optimization
c) A tool for preventing unauthorized device connections
d) A security feature that enhances Android’s charging speed
Answer:
a) A cyberattack where attackers steal data from devices plugged into public USB charging stations
Explanation:
Juice Jacking occurs when attackers modify public USB charging stations to install malware or steal data from connected Android devices.
183. What is “Android Malware that Abuses Device Administrator Privileges”?
a) A malware that locks device settings and prevents uninstallation
b) A legitimate security feature for enterprise devices
c) A tool used to encrypt Android apps
d) A vulnerability that affects NFC-based transactions
Answer:
a) A malware that locks device settings and prevents uninstallation
Explanation:
Some Android malware abuses device administrator privileges, making it difficult to remove, locking device settings, or forcing ransom payments.
184. What is “Android Screenshot Malware”?
a) A malware that secretly takes screenshots to steal sensitive information
b) A feature in Android that blocks unauthorized screenshots
c) A method for detecting phishing attempts in Android apps
d) A security patch that prevents screen recording
Answer:
a) A malware that secretly takes screenshots to steal sensitive information
Explanation:
Screenshot malware runs in the background and periodically captures screenshots, potentially exposing passwords, messages, and financial details.
185. What is “Fake Google Play Services Malware”?
a) A malicious app that mimics Google Play Services to gain excessive permissions
b) A security feature in Android that prevents fake app installations
c) A VPN tool used to protect Android devices
d) A phishing attack that targets Google login credentials
Answer:
a) A malicious app that mimics Google Play Services to gain excessive permissions
Explanation:
Some malware disguises itself as Google Play Services to trick users into granting high-level permissions, enabling surveillance, remote access, and data theft.
186. What is “Android Remote Access Trojan (RAT)”?
a) A type of malware that allows attackers to remotely control a device
b) A security feature in Android’s multi-factor authentication
c) A method for blocking unauthorized app installations
d) A technique for encrypting Android backups
Answer:
a) A type of malware that allows attackers to remotely control a device
Explanation:
Remote Access Trojans (RATs) allow cybercriminals to remotely control an infected Android device, enabling data theft, surveillance, and unauthorized access.
187. What is “Android Credential Stuffing Attack”?
a) A cyberattack where hackers reuse stolen credentials from other data breaches
b) A technique for encrypting Android login sessions
c) A phishing attack that steals app passwords
d) A security feature in Android that prevents brute-force attacks
Answer:
a) A cyberattack where hackers reuse stolen credentials from other data breaches
Explanation:
Credential stuffing involves using previously leaked usernames and passwords to gain unauthorized access to Android apps or services.
188. What is “Android Hidden Ad Fraud Malware”?
a) A malware that runs hidden ads in the background to generate revenue
b) A vulnerability in Android’s notification system
c) A tool used for detecting fake applications
d) A security patch that prevents background app execution
Answer:
a) A malware that runs hidden ads in the background to generate revenue
Explanation:
Hidden ad fraud malware secretly displays or clicks ads in the background, consuming system resources while generating money for attackers.
189. What is “Fake Android System Alert Malware”?
a) A malware that displays fake system alerts to trick users into granting permissions
b) A legitimate Android security warning system
c) A feature that blocks malware-infected notifications
d) A VPN tool that prevents unauthorized alerts
Answer:
a) A malware that displays fake system alerts to trick users into granting permissions
Explanation:
Some malware generates fake system alerts asking users to update software, grant administrator privileges, or enter credentials, leading to device compromise.
190. What is “Android DNS Hijacking”?
a) An attack where hackers manipulate DNS settings to redirect users to malicious websites
b) A security feature that encrypts domain name requests
c) A malware that modifies app permissions
d) A tool for blocking unwanted network connections
Answer:
a) An attack where hackers manipulate DNS settings to redirect users to malicious websites
Explanation:
DNS hijacking modifies an Android device’s DNS settings, redirecting users to fake websites that steal login credentials or distribute malware.
191. What is “Android Fake App Installation Attack”?
a) A cyberattack where malware secretly installs fake apps in the background
b) A method for securing Android app downloads
c) A tool that blocks malware-ridden apps
d) A security update that prevents app tampering
Answer:
a) A cyberattack where malware secretly installs fake apps in the background
Explanation:
Some malware can silently install fake apps without user consent, displaying intrusive ads, stealing data, or taking control of the device.
192. What is “Overlay Injection in Mobile Banking Apps”?
a) A technique where malware overlays a fake screen over a banking app to steal credentials
b) A legitimate security feature that encrypts banking transactions
c) A method for protecting Android devices from phishing attacks
d) A security patch that prevents app overlays
Answer:
a) A technique where malware overlays a fake screen over a banking app to steal credentials
Explanation:
Overlay injection attacks allow attackers to display a fake login screen over a real banking app, tricking users into entering their account details.
193. What is “Android VPN Snooping Attack”?
a) An attack where a malicious VPN intercepts and logs user traffic
b) A security feature that encrypts mobile network traffic
c) A method for detecting unauthorized VPN connections
d) A phishing attack targeting VPN login credentials
Answer:
a) An attack where a malicious VPN intercepts and logs user traffic
Explanation:
Some malicious VPNs log browsing activity, passwords, and financial data, selling user information or injecting ads into websites.
194. What is “Android Browser Extension Malware”?
a) A malicious browser extension that injects ads, steals credentials, or modifies search results
b) A legitimate tool for securing Android web browsing
c) A vulnerability affecting Android’s browsing cache
d) A security patch that prevents unauthorized browser extensions
Answer:
a) A malicious browser extension that injects ads, steals credentials, or modifies search results
Explanation:
Browser extension malware can steal passwords, redirect searches, and inject malicious ads, affecting user privacy and security.
195. What is “Android RAM Scraping Malware”?
a) A malware that extracts sensitive data from device memory
b) A security tool used to clean Android RAM
c) A feature that prevents unauthorized memory access
d) A phishing attack that targets cloud-based storage
Answer:
a) A malware that extracts sensitive data from device memory
Explanation:
RAM scraping malware steals unencrypted sensitive data from an app’s memory, including payment card details and passwords.
196. What is “Android Key Reinstallation Attack (KRACK)”?
a) A Wi-Fi attack that exploits weaknesses in WPA2 encryption
b) A vulnerability in Android’s biometric authentication
c) A malware that modifies encryption keys
d) A phishing scam that targets Wi-Fi users
Answer:
a) A Wi-Fi attack that exploits weaknesses in WPA2 encryption
Explanation:
KRACK (Key Reinstallation Attack) allows attackers to decrypt Wi-Fi traffic, potentially exposing passwords, messages, and sensitive data.
197. What is “Android Sensor-based Side Channel Attack”?
a) An attack where malware uses motion sensors to infer PINs and passwords
b) A method for encrypting Android app permissions
c) A phishing technique targeting mobile banking apps
d) A security patch that prevents sensor data leaks
Answer:
a) An attack where malware uses motion sensors to infer PINs and passwords
Explanation:
Attackers can use motion, gyroscope, and accelerometer data to infer keystrokes and passwords, bypassing traditional authentication mechanisms.
198. What is “Android Tap-and-Go Exploit”?
a) An attack that exploits NFC-based Tap-and-Go data transfers to steal information
b) A feature that improves mobile payments security
c) A method for encrypting Android NFC transactions
d) A security patch that prevents unauthorized tap transactions
Answer:
a) An attack that exploits NFC-based Tap-and-Go data transfers to steal information
Explanation:
Attackers can exploit NFC Tap-and-Go technology by setting up rogue NFC readers that can capture data from Android devices performing quick transfers.
199. What is “Fake Accessibility Prompt Attack” in Android security?
a) An attack where malware tricks users into enabling accessibility services to gain control of the device
b) A security feature that enhances app permissions
c) A phishing scam that mimics Android system warnings
d) A method for encrypting screen reader services
Answer:
a) An attack where malware tricks users into enabling accessibility services to gain control of the device
Explanation:
Some malware disguises itself as a legitimate app and asks users to enable accessibility services, allowing it to automate taps, steal passwords, and manipulate the UI.
200. What is “Android Keystore Exploitation”?
a) An attack that attempts to extract cryptographic keys stored in the Android Keystore
b) A method for securing Android data storage
c) A security patch that prevents key leaks in Android devices
d) A phishing technique that targets encrypted files
Answer:
a) An attack that attempts to extract cryptographic keys stored in the Android Keystore
Explanation:
The Android Keystore securely stores encryption keys, but some vulnerabilities have allowed attackers to extract keys, compromising app security.
201. What is “SIM Jacking Attack” in Android security?
a) A cyberattack where an attacker tricks the mobile carrier into transferring a victim’s SIM card to a new device
b) A security feature that encrypts Android SMS messages
c) A vulnerability in Android’s SIM card encryption
d) A phishing scam that hijacks mobile banking accounts
Answer:
a) A cyberattack where an attacker tricks the mobile carrier into transferring a victim’s SIM card to a new device
Explanation:
SIM Jacking (also known as SIM Swap Fraud) is an attack where hackers social-engineer mobile carriers into transferring a victim’s SIM to gain control over calls, texts, and authentication codes.
202. What is “Android Logcat Injection Attack”?
a) A vulnerability where attackers inject malicious commands into system logs to execute code
b) A method for securing Android application logs
c) A security feature that detects unauthorized debugging
d) A tool used to analyze mobile application performance
Answer:
a) A vulnerability where attackers inject malicious commands into system logs to execute code
Explanation:
Some Android apps log sensitive data using Logcat, and if improperly sanitized, attackers can inject malicious payloads that can be later executed by other apps.
203. What is “Fake Google Play Update Scam”?
a) A phishing scam that tricks users into installing malware by pretending to be a Google Play update
b) A security patch that prevents fake app installations
c) A feature that blocks unverified Android updates
d) A method for optimizing app store downloads
Answer:
a) A phishing scam that tricks users into installing malware by pretending to be a Google Play update
Explanation:
Attackers use fake Google Play update notifications to trick users into downloading malware, stealing credentials, or granting excessive permissions.
204. What is “Android Media File Jacking Attack”?
a) An attack where malware manipulates media files in real-time before they are displayed to users
b) A security patch that encrypts Android video and audio files
c) A feature that detects unauthorized media file modifications
d) A method for securing Android’s multimedia storage
Answer:
a) An attack where malware manipulates media files in real-time before they are displayed to users
Explanation:
Media File Jacking exploits the way some Android apps process unverified media files, allowing attackers to modify images, videos, or audio files before the user sees them.
205. What is “Android Silent SMS Attack”?
a) A method where attackers send invisible SMS messages to track a device’s location
b) A security feature that encrypts SMS messages
c) A phishing technique that targets Android messaging apps
d) A method for blocking unauthorized SMS messages
Answer:
a) A method where attackers send invisible SMS messages to track a device’s location
Explanation:
A Silent SMS Attack involves sending an invisible SMS that does not appear on the user’s device but forces the device to respond, allowing attackers to track location and intercept metadata.