A curated list of Android Security materials and resources For Pentesters and Bug Hunters.
Blog
- AAPG – Android application penetration testing guide
- TikTok: three persistent arbitrary code executions and one theft of arbitrary files
- Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC – CVE-2020-8913
- Android: Access to app protected components
- Android: arbitrary code execution via third-party package contexts
- Android Pentesting Labs – Step by Step guide for beginners
- An Android Hacking Primer
- An Android Security tips
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Android Applications Reversing 101
- Android Security Guidelines
- Android WebView Vulnerabilities
- OWASP Mobile Top 10
- Practical Android Phone Forensics
- Mobile Pentesting With Frida
- Zero to Hero – Mobile Application Testing – Android Platform
How To’s
- How To Configuring Burp Suite With Android Nougat
- How To Bypassing Xamarin Certificate Pinning
- How To Bypassing Android Anti-Emulation
- How To Secure an Android Device
- Android Root Detection Bypass Using Objection and Frida Scripts
- Root Detection Bypass By Manual Code Manipulation.
- Magisk Systemless Root – Detection and Remediation
- How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8
Paper
- AndrODet: An adaptive Android obfuscation detector
- GEOST BOTNET – the discovery story of a new Android banking trojan
Books
- SEI CERT Android Secure Coding Standard
- Android Security Internals
- Android Cookbook
- Android Hacker’s Handbook
- Android Security Cookbook
- The Mobile Application Hacker’s Handbook
- Android Malware and Analysis
- Android Security: Attacks and Defenses
- Learning Penetration Testing For Android Devices
Course
- Learning-Android-Security
- Mobile Application Security and Penetration Testing
- Advanced Android Development
- Learn the art of mobile app development
- Learning Android Malware Analysis
- Android App Reverse Engineering 101
- MASPT V2
- Android Pentration Testing(Persian)
Tools
Static Analysis
- Apktool:A tool for reverse engineering Android apk files
- quark-engine – An Obfuscation-Neglect Android Malware Scoring System
- DeGuard:Statistical Deobfuscation for Android
- jadx – Dex to Java decompiler
- Amandroid – A Static Analysis Framework
- Androwarn – Yet Another Static Code Analyzer
- Droid Hunter – Android application vulnerability analysis and Android pentest tool
- Error Prone – Static Analysis Tool
- Findbugs – Find Bugs in Java Programs
- Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.
- Flow Droid – Static Data Flow Tracker
- Smali/Baksmali – Assembler/Disassembler for the dex format
- Smali-CFGs – Smali Control Flow Graph’s
- SPARTA – Static Program Analysis for Reliable Trusted Apps
- Gradle Static Analysis Plugin
- Checkstyle – A tool for checking Java source code
- PMD – An extensible multilanguage static code analyzer
- Soot – A Java Optimization Framework
- Android Quality Starter
- QARK – Quick Android Review Kit
- Infer – A Static Analysis tool for Java, C, C++ and Objective-C
- Android Check – Static Code analysis plugin for Android Project
- FindBugs-IDEA Static byte code analysis to look for bugs in Java code
- APK Leaks – Scanning APK file for URIs, endpoints & secrets
- Trueseeing – fast, accurate and resillient vulnerabilities scanner for Android apps
- StaCoAn – crossplatform tool which aids developers, bugbounty hunters and ethical hackers
Dynamic Analysis
- Mobile-Security-Framework MobSF
- Magisk v20.2 – Root & Universal Systemless Interface
- Runtime Mobile Security (RMS) – is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
- Droid-FF – Android File Fuzzing Framework
- Drozer
- Inspeckage
- PATDroid – Collection of tools and data structures for analyzing Android applications
- Radare2 – Unix-like reverse engineering framework and commandline tools
- Cutter – Free and Open Source RE Platform powered by radare2
- ByteCodeViewer – Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
Online APK Analyzers
- Oversecured
- Android Observatory APK Scan
- AndroTotal
- VirusTotal
- Scan Your APK
- AVC Undroid
- OPSWAT
- ImmuniWeb Mobile App Scanner
- Ostor Lab
- Quixxi
- TraceDroid
- Visual Threat
- App Critique
- Jotti’s malware scan
- kaspersky scanner
Online APK Decompiler
- Android APK Decompiler
- Java Decompiler APk
- APK DECOMPILER APP
- DeAPK is an open-source, online APK decompiler
- apk and dex decompilation back to Java source code
- APK Decompiler Tools
Labs
- OVAA (Oversecured Vulnerable Android App)
- DIVA (Damn insecure and vulnerable App)
- OWASP Security Shepherd
- Damn Vulnerable Hybrid Mobile App (DVHMA)
- OWASP-mstg(UnCrackable Mobile Apps)
- VulnerableAndroidAppOracle
- Android InsecureBankv2
- Purposefully Insecure and Vulnerable Android Application (PIIVA)
- Sieve app(An android application which exploits through android components)
- DodoVulnerableBank(Insecure Vulnerable Android Application that helps to learn hacing and securing apps)
- Digitalbank(Android Digital Bank Vulnerable Mobile App)
- AppKnox Vulnerable Application
- Vulnerable Android Application
- Android Security Labs
- Android-security Sandbox
- VulnDroid(CTF Style Vulnerable Android App)
- FridaLab
- Santoku Linux – Mobile Security VM
- AndroL4b – A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Talks
- One Step Ahead of Cheaters — Instrumenting Android Emulators
- Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
- Rock appround the clock: Tracking malware developers by Android
- Chaosdata – Ghost in the Droid: Possessing Android Applications with ParaSpectre
- Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets
- Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
- Hide Android Applications in Images
- Scary Code in the Heart of Android
- Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android
- Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
- Android FakeID Vulnerability Walkthrough
- Unleashing D* on Android Kernel Drivers
- The Smarts Behind Hacking Dumb Devices
- Overview of common Android app vulnerabilities
- Android security architecture
- Get the Ultimate Privilege of Android Phone
Misc
- Android Malware Adventures
- Android-Reports-and-Resources
- Hands On Mobile API Security
- Android Penetration Testing Courses
- Lesser-known Tools for Android Application PenTesting
- android-device-check – a set of scripts to check Android device security configuration
- apk-mitm – a CLI application that prepares Android APK files for HTTPS inspection
- Andriller – is software utility with a collection of forensic tools for smartphones
- Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper
- Chasing the Joker
- Side Channel Attacks in 4G and 5G Cellular Networks-Slides
- Shodan.io-mobile-app for Android
- Popular Android Malware 2018
- Popular Android Malware 2019
- Popular Android Malware 2020
Bug Bounty & Writeup
- Hacker101 CTF: Android Challenge Writeups
- Arbitrary code execution on Facebook for Android through download feature
- RCE via Samsung Galaxy Store App
Cheat Sheet