I have a somewhat idiotic question that is kind of broad..

[0xJones]

So, one of the things that I have come to realize is that infosec is all about specialization and finding an area that interests you and going for it. I have finally found what it is that I want to do: Android Security specifically I want to be a malware analysis that deals with android malware. Right now there isn't a whole lot of malware out there for android (thats what people say but i truly don't know) but I'm sure there will be as it's becoming one of the most popular platforms. Android in general interests me (the internals, the linux kernel, filesystem, ART/Dalvik etc) but of course I want to do something security related.

But, I have a problem/question. I have been learning python and learning python is quite useless for what I want to eventually do, it's not completely useless as people have said python is great for automating a number of things but I feel like I'm wasting my time. I need to learn programming as I am a newbie and just started out but I am only on problem 20 of the book I am working through: Learn Python The Hard Way so would it be a bad idea to switch to learning java as that is the main language for the android platform?

That is my question, because I want to do android security like this guy should I stop learning python as my first language and start learning java? I don't want to spend to much time wondering what language as I just want to start coding but this is a legitimate (broad) question.

[iTpHo3NiX]

Tim Strazz is a reputable name in the Android hacking world, along with JCase (aka justincase)

Whoever told you Android malware is not very big, they are retarded. Think of how many android root methods there are for various devices. There is a broad range of various android root exploits. These when used in a manner that is malicious is defiantly malware. Take for example geofags towelroot. This is a root exploit for several compatible devices that doesn't even require a reboot. Although this is a great tool for people who WANT to root their phones, this is actually a really nice malicious payload. Embed this in an app to silently gain root and a lot of possibilities exist.

As far as what to learn Java is a great start. However you will also want to have C/C++ as well as ASM. Also get familiar with Linux, as well as SELinux as well as android and the android kernal from various manufacturers. Decompile and reverse engineer apks and decrypt obfuscated code. All this will help you with learning how things work, how to change them and ultimately help in identifying malicious code.

But for now start with C/C++ (androids native language, low level) and Java (high level) as well as ASM. Various exploitation techniques, shellcode, buffer overflows, etc. There is a lot to learn + constant changes

Good luck and I hope you contribute what you learn and your progress in your endevour

[0xJones]

Thanks for the reply DeepCopy, no one specifically told me android malware isn't big I see lots of people throwing a lot of comments like "Android is linux so it's secure" around which I approached in a skeptics pov. I still do want to learn C/C++ and ASM but I think I am going to start learning java instead of what I am currently learning which is python unless someone convinced me otherwise. I do also plan to get quite familiar with linux as I already run linux on my laptop and have for a bit. Thank you for the advice and thanks for the other twitter name drop!