logo
DATABASE RESOURCES PRICING ABOUT US

Awesome Android Security - A Curated List Of Android Security Materials And Resources For Pentesters And Bug Hunters

Description

[![](https://1.bp.blogspot.com/-kNQtiqIYpbU/X5eREKBi3EI/AAAAAAAAUL0/fFWLXq5zsHYXvokqmKdj49jLsdBiSH8gQCNcBGAsYHQ/w640-h290/awesome-android-security_2_androidsec.png)](<https://1.bp.blogspot.com/-kNQtiqIYpbU/X5eREKBi3EI/AAAAAAAAUL0/fFWLXq5zsHYXvokqmKdj49jLsdBiSH8gQCNcBGAsYHQ/s1590/awesome-android-security_2_androidsec.png>) A curated list of Android Security materials and resources For Pentesters and Bug Hunters. **Blog** * [AAPG - Android application penetration testing guide](<https://nightowl131.github.io/AAPG/> "AAPG - Android application penetration testing guide" ) * [TikTok: three persistent arbitrary code executions and one theft of arbitrary files](<https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/> "TikTok: three persistent arbitrary code executions and one theft of arbitrary files" ) * [Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913](<https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/> "Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913" ) * [Android: Access to app protected components](<https://blog.oversecured.com/Android-Access-to-app-protected-components/> "Android: Access to app protected components" ) * [Android: arbitrary code execution via third-party package contexts](<https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/> "Android: arbitrary code execution via third-party package contexts" ) * [Android Pentesting Labs - Step by Step guide for beginners](<https://medium.com/bugbountywriteup/android-pentesting-lab-4a6fe1a1d2e0> "Android Pentesting Labs - Step by Step guide for beginners" ) * [An Android Hacking Primer](<https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0> "An Android Hacking Primer" ) * [An Android Security tips](<https://developer.android.com/training/articles/security-tips> "An Android Security tips" ) * [OWASP Mobile Security Testing Guide](<https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide> "OWASP Mobile Security Testing Guide" ) * [Security Testing for Android Cross Platform Application](<https://3xpl01tc0d3r.blogspot.com/2019/09/security-testing-for-android-app-part1.html> "Security Testing for Android Cross Platform Application" ) * [Dive deep into ](<https://blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security/> "Dive deep into" )[Android Application](<https://www.kitploit.com/search/label/Android%20Application> "Android Application" ) Security * [Pentesting Android Apps Using Frida](<https://www.notsosecure.com/pentesting-android-apps-using-frida/> "Pentesting Android Apps Using Frida" ) * [Mobile Security Testing Guide](<https://mobile-security.gitbook.io/mobile-security-testing-guide/> "Mobile Security Testing Guide" ) * [Android Applications Reversing 101](<https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit> "Android Applications Reversing 101" ) * [Android Security Guidelines](<https://developer.box.com/en/guides/security/> "Android Security Guidelines" ) * [Android WebView Vulnerabilities](<https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/> "Android WebView Vulnerabilities" ) * [OWASP Mobile Top 10](<https://www.owasp.org/index.php/OWASP_Mobile_Top_10> "OWASP Mobile Top 10" ) * [Practical Android Phone Forensics](<https://resources.infosecinstitute.com/practical-android-phone-forensics/> "Practical Android Phone Forensics" ) * [Mobile Pentesting With Frida](<https://drive.google.com/file/d/1JccmMLi6YTnyRrp_rk6vzKrUX3oXK_Yw/view> "Mobile Pentesting With Frida" ) * [Zero to Hero - Mobile Application Testing - Android Platform](<https://nileshsapariya.blogspot.com/2016/11/zero-to-hero-mobile-application-testing.html> "Zero to Hero - Mobile Application Testing - Android Platform" ) **How To's** * [How To Configuring Burp Suite With Android Nougat](<https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/> "How To Configuring Burp Suite With Android Nougat" ) * [How To Bypassing Xamarin Certificate Pinning](<https://www.gosecure.net/blog/2020/04/06/bypassing-xamarin-certificate-pinning-on-android/> "How To Bypassing Xamarin Certificate Pinning" ) * [How To Bypassing Android Anti-Emulation](<https://www.juanurs.com/Bypassing-Android-Anti-Emulation-Part-I/> "How To Bypassing Android Anti-Emulation" ) * [How To Secure an Android Device](<https://source.android.com/security> "How To Secure an Android Device" ) * [Android Root Detection Bypass Using Objection and Frida Scripts](<https://medium.com/@GowthamR1/android-root-detection-bypass-using-objection-and-frida-scripts-d681d30659a7> "Android Root Detection Bypass Using Objection and Frida Scripts" ) * [Root Detection Bypass By Manual Code Manipulation.](<https://medium.com/@sarang6489/root-detection-bypass-by-manual-code-manipulation-5478858f4ad1> "Root Detection Bypass By Manual Code Manipulation." ) * [Magisk Systemless Root - Detection and Remediation](<https://www.mobileiron.com/en/blog/magisk-android-rooting> "Magisk Systemless Root - Detection and Remediation" ) * [How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8](<https://github.com/Magpol/fridafde> "How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8" ) **Paper** * [AndrODet: An adaptive Android obfuscation detector](<https://arxiv.org/pdf/1910.06192.pdf> "AndrODet: An adaptive Android obfuscation detector" ) * [GEOST BOTNET - the discovery story of a new Android banking trojan](<http://public.avast.com/research/VB2019-Garcia-etal.pdf> "GEOST BOTNET - the discovery story of a new Android banking trojan" ) **Books** * [SEI CERT Android Secure Coding Standard](<https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard> "SEI CERT Android Secure Coding Standard" ) * [Android Security Internals](<https://www.oreilly.com/library/view/android-security-internals/9781457185496/> "Android Security Internals" ) * [Android Cookbook](<https://androidcookbook.com/> "Android Cookbook" ) * [Android Hacker's Handbook](<https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X> "Android Hacker's Handbook" ) * [Android Security Cookbook](<https://www.packtpub.com/in/application-development/android-security-cookbook> "Android Security Cookbook" ) * [The Mobile Application Hacker's Handbook](<https://www.amazon.in/Mobile-Application-Hackers-Handbook-ebook/dp/B00TSA6KLG> "The Mobile Application Hacker's Handbook" ) * [Android Malware and Analysis](<https://www.oreilly.com/library/view/android-malware-and/9781482252200/> "Android Malware and Analysis" ) * [Android Security: Attacks and Defenses](<https://www.crcpress.com/Android-Security-Attacks-and-Defenses/Misra-Dubey/p/book/9780367380182> "Android Security: Attacks and Defenses" ) * [Learning ](<https://www.amazon.com/Learning-Penetration-Testing-Android-Devices-ebook/dp/B077L7SNG8> "Learning" )[Penetration Testing](<https://www.kitploit.com/search/label/Penetration%20Testing> "Penetration Testing" ) For Android Devices **Course** * [Learning-Android-Security](<https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html> "Learning-Android-Security" ) * [Mobile Application Security and Penetration Testing](<https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/> "Mobile Application Security and Penetration Testing" ) * [Advanced Android Development](<https://developer.android.com/courses/advanced-training/overview> "Advanced Android Development" ) * [Learn the art of mobile app development](<https://www.edx.org/professional-certificate/harvardx-computer-science-and-mobile-apps> "Learn the art of mobile app development" ) * [Learning Android Malware Analysis](<https://www.linkedin.com/learning/learning-android-malware-analysis> "Learning Android Malware Analysis" ) * [Android App Reverse Engineering 101](<https://maddiestone.github.io/AndroidAppRE/> "Android App Reverse Engineering 101" ) * [MASPT V2](<https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/> "MASPT V2" ) * [Android Pentration Testing(Persian)](<https://www.youtube.com/watch?v=XqS_bA6XfNU&list=PLvVo-xqnJCI7rftDaiEtWFLXlkxN-1Nxn> "Android Pentration Testing\(Persian\)" ) **Tools** **Static Analysis** * [Apktool:A tool for reverse engineering Android apk files](<https://ibotpeaches.github.io/Apktool/> "Apktool:A tool for reverse engineering Android apk files" ) * [quark-engine - An Obfuscation-Neglect Android Malware Scoring System](<https://github.com/quark-engine/quark-engine> "quark-engine - An Obfuscation-Neglect Android Malware Scoring System" ) * [DeGuard:Statistical Deobfuscation for Android](<http://apk-deguard.com/> "DeGuard:Statistical Deobfuscation for Android" ) * [jadx - Dex to Java decompiler](<https://github.com/skylot/jadx/releases> "jadx - Dex to Java decompiler" ) * [Amandroid – A Static Analysis Framework](<http://pag.arguslab.org/argus-saf> "Amandroid – A Static Analysis Framework" ) * [Androwarn – Yet Another Static Code Analyzer](<https://github.com/maaaaz/androwarn/> "Androwarn – Yet Another Static Code Analyzer" ) * [Droid Hunter – Android application ](<https://github.com/hahwul/droid-hunter> "Droid Hunter – Android application" )[vulnerability analysis](<https://www.kitploit.com/search/label/Vulnerability%20Analysis> "vulnerability analysis" ) and Android pentest tool * [Error Prone – Static Analysis Tool](<https://github.com/google/error-prone> "Error Prone – Static Analysis Tool" ) * [Findbugs – Find Bugs in Java Programs](<http://findbugs.sourceforge.net/downloads.html> "Findbugs – Find Bugs in Java Programs" ) * [Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.](<https://github.com/find-sec-bugs/find-sec-bugs/> "Find Security Bugs – A SpotBugs plugin for security audits of Java web applications." ) * [Flow Droid – Static Data Flow Tracker](<https://github.com/secure-software-engineering/FlowDroid> "Flow Droid – Static Data Flow Tracker" ) * [Smali/Baksmali – Assembler/Disassembler for the dex format](<https://github.com/JesusFreke/smali> "Smali/Baksmali – Assembler/Disassembler for the dex format" ) * [Smali-CFGs – Smali Control Flow Graph’s](<https://github.com/EugenioDelfa/Smali-CFGs> "Smali-CFGs – Smali Control Flow Graph’s" ) * [SPARTA – Static Program Analysis for Reliable Trusted Apps](<https://www.cs.washington.edu/sparta> "SPARTA – Static Program Analysis for Reliable Trusted Apps" ) * [Gradle Static Analysis Plugin](<https://github.com/novoda/gradle-static-analysis-plugin> "Gradle Static Analysis Plugin" ) * [Checkstyle – A tool for checking Java source code](<https://github.com/checkstyle/checkstyle> "Checkstyle – A tool for checking Java source code" ) * [PMD – An extensible multilanguage static code analyzer](<https://github.com/pmd/pmd> "PMD – An extensible multilanguage static code analyzer" ) * [Soot – A Java Optimization Framework](<https://github.com/Sable/soot> "Soot – A Java Optimization Framework" ) * [Android Quality Starter](<https://github.com/pwittchen/android-quality-starter> "Android Quality Starter" ) * [QARK – Quick Android Review Kit](<https://github.com/linkedin/qark> "QARK – Quick Android Review Kit" ) * [Infer – A Static Analysis tool for Java, C, C++ and Objective-C](<https://github.com/facebook/infer> "Infer – A Static Analysis tool for Java, C, C++ and Objective-C" ) * [Android Check – Static Code analysis plugin for Android Project](<https://github.com/noveogroup/android-check> "Android Check – Static Code analysis plugin for Android Project" ) * [FindBugs-IDEA Static byte code analysis to look for bugs in Java code](<https://plugins.jetbrains.com/plugin/3847-findbugs-idea> "FindBugs-IDEA Static byte code analysis to look for bugs in Java code" ) * [APK Leaks – Scanning APK file for URIs, endpoints & secrets](<https://github.com/dwisiswant0/apkleaks> "APK Leaks – Scanning APK file for URIs, endpoints & secrets" ) * [Trueseeing – fast, accurate and resillient vulnerabilities scanner for Android apps](<https://github.com/monolithworks/trueseeing> "Trueseeing – fast, accurate and resillient vulnerabilities scanner for Android apps" ) * [StaCoAn – crossplatform tool which aids developers, bugbounty hunters and ethical hackers](<https://github.com/vincentcox/StaCoAn> "StaCoAn – crossplatform tool which aids developers, bugbounty hunters and ethical hackers" ) **Dynamic Analysis** * [Mobile-Security-Framework MobSF](<https://github.com/MobSF/Mobile-Security-Framework-MobSF> "Mobile-Security-Framework MobSF" ) * [Magisk v20.2 - Root & Universal Systemless Interface](<https://github.com/topjohnwu/Magisk5> "Magisk v20.2 - Root & Universal Systemless Interface" ) * [Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime](<https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security> "Runtime Mobile Security \(RMS\) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime" ) * [Droid-FF - Android File Fuzzing Framework](<https://github.com/antojoseph/droid-ff> "Droid-FF - Android File Fuzzing Framework" ) * [Drozer](<https://github.com/FSecureLABS/drozer> "Drozer" ) * [Inspeckage](<https://github.com/ac-pm/Inspeckage> "Inspeckage" ) * [PATDroid - Collection of tools and data structures for analyzing Android applications](<https://github.com/mingyuan-xia/PATDroid> "PATDroid - Collection of tools and data structures for analyzing Android applications" ) * [Radare2 - Unix-like ](<https://github.com/radareorg/radare2> "Radare2 - Unix-like" )[reverse engineering framework](<https://www.kitploit.com/search/label/Reverse%20Engineering%20Framework> "reverse engineering framework" ) and commandline tools * [Cutter - Free and Open Source RE Platform powered by radare2](<https://cutter.re/> "Cutter - Free and Open Source RE Platform powered by radare2" ) * [ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)](<https://bytecodeviewer.com/> "ByteCodeViewer - Android APK Reverse Engineering Suite \(Decompiler, Editor, Debugger\)" ) **Online APK Analyzers** * [Oversecured](<https://oversecured.com/> "Oversecured" ) * [Android Observatory APK Scan](<https:/androidobservatory.org/upload> "Android Observatory APK Scan" ) * [AndroTotal](<http://andrototal.org/> "AndroTotal" ) * [VirusTotal](<https://www.virustotal.com/#/home/upload> "VirusTotal" ) * [Scan Your APK](<https://scanyourapk.com/> "Scan Your APK" ) * [AVC Undroid](<https://undroid.av-comparatives.org/index.php> "AVC Undroid" ) * [OPSWAT](<https://metadefender.opswat.com/#!/> "OPSWAT" ) * [ImmuniWeb Mobile App Scanner](<https://www.htbridge.com/mobile/> "ImmuniWeb Mobile App Scanner" ) * [Ostor Lab](<https://www.ostorlab.co/scan/mobile/> "Ostor Lab" ) * [Quixxi](<https://quixxisecurity.com/> "Quixxi" ) * [TraceDroid](<http://tracedroid.few.vu.nl/submit.php> "TraceDroid" ) * [Visual Threat](<http://www.visualthreat.com/UIupload.action> "Visual Threat" ) * [App Critique](<https://appcritique.boozallen.com/> "App Critique" ) * [Jotti's malware scan](<https://virusscan.jotti.org/> "Jotti's malware scan" ) * [kaspersky scanner](<https://opentip.kaspersky.com/> "kaspersky scanner" ) **Online APK Decompiler** * [Android APK Decompiler](<http://www.decompileandroid.com/> "Android APK Decompiler" ) * [Java Decompiler APk](<http://www.javadecompilers.com/apk> "Java Decompiler APk" ) * [APK DECOMPILER APP](<https://www.apkdecompilers.com/> "APK DECOMPILER APP" ) * [DeAPK is an open-source, online APK decompiler ](<https://deapk.vaibhavpandey.com/> "DeAPK is an open-source, online APK decompiler" ) * [apk and dex decompilation back to Java source code](<http://www.decompiler.com/> "apk and dex decompilation back to Java source code" ) * [APK Decompiler Tools](<https://apk.tools/tools/apk-decompiler/alternateURL/> "APK Decompiler Tools" ) **Labs** * [OVAA (Oversecured Vulnerable Android App)](<https://github.com/oversecured/ovaa> "OVAA \(Oversecured Vulnerable Android App\)" ) * [DIVA (Damn insecure and vulnerable App)](<https://github.com/payatu/diva-android> "DIVA \(Damn insecure and vulnerable App\)" ) * [OWASP Security Shepherd ](<https://github.com/OWASP/SecurityShepherd> "OWASP Security Shepherd" ) * [Damn Vulnerable Hybrid Mobile App (DVHMA)](<https://github.com/logicalhacking/DVHMA> "Damn Vulnerable Hybrid Mobile App \(DVHMA\)" ) * [OWASP-mstg(UnCrackable Mobile Apps)](<https://github.com/OWASP/owasp-mstg/tree/master/Crackmes> "OWASP-mstg\(UnCrackable Mobile Apps\)" ) * [VulnerableAndroidAppOracle](<https://github.com/dan7800/VulnerableAndroidAppOracle> "VulnerableAndroidAppOracle" ) * [Android InsecureBankv2](<https://github.com/dineshshetty/Android-InsecureBankv2> "Android InsecureBankv2" ) * [Purposefully Insecure and Vulnerable Android Application (PIIVA)](<https://github.com/htbridge/pivaa> "Purposefully Insecure and Vulnerable Android Application \(PIIVA\)" ) * [Sieve app(An android application which exploits through android components)](<https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk> "Sieve app\(An android application which exploits through android components\)" ) * [DodoVulnerableBank(Insecure Vulnerable Android Application that helps to learn hacing and securing apps)](<https://github.com/CSPF-Founder/DodoVulnerableBank> "DodoVulnerableBank\(Insecure Vulnerable Android Application that helps to learn hacing and securing apps\)" ) * [Digitalbank(Android Digital Bank Vulnerable Mobile App)](<https://github.com/CyberScions/Digitalbank> "Digitalbank\(Android Digital Bank Vulnerable Mobile App\)" ) * [AppKnox Vulnerable Application](<https://github.com/appknox/vulnerable-application> "AppKnox Vulnerable Application" ) * [Vulnerable Android Application](<https://github.com/Lance0312/VulnApp> "Vulnerable Android Application" ) * [Android Security Labs](<https://github.com/SecurityCompass/AndroidLabs> "Android Security Labs" ) * [Android-security Sandbox](<https://github.com/rafaeltoledo/android-security> "Android-security Sandbox" ) * [VulnDroid(CTF Style Vulnerable Android App)](<https://github.com/shahenshah99/VulnDroid> "VulnDroid\(CTF Style Vulnerable Android App\)" ) * [FridaLab](<https://rossmarks.uk/blog/fridalab/> "FridaLab" ) * [Santoku Linux - Mobile Security VM](<https://santoku-linux.com/> "Santoku Linux - Mobile Security VM" ) * [AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis](<https://github.com/sh4hin/Androl4b> "AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis" ) **Talks** * [One Step Ahead of Cheaters -- Instrumenting Android Emulators](<https://www.youtube.com/watch?v=L3AniAxp_G4> "One Step Ahead of Cheaters -- Instrumenting Android Emulators" ) * [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices](<https://www.youtube.com/watch?v=R2brQvQeTvM> "Vulnerable Out of the Box: An Evaluation of Android Carrier Devices" ) * [Rock appround the clock: Tracking malware developers by Android](<https://www.youtube.com/watch?v=wd5OU9NvxjU> "Rock appround the clock: Tracking malware developers by Android" ) * [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre](<https://www.youtube.com/watch?v=ohjTWylMGEA> "Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre" ) * [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets](<https://www.youtube.com/watch?v=TDk2RId8LFo> "Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets" ) * [Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening](<https://www.youtube.com/watch?v=EkL1sDMXRVk> "Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening" ) * [Hide Android Applications in Images](<https://www.youtube.com/watch?v=hajOlvLhYJY> "Hide Android Applications in Images" ) * [Scary Code in the Heart of Android](<https://www.youtube.com/watch?v=71YP65UANP0> "Scary Code in the Heart of Android" ) * [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android](<https://www.youtube.com/watch?v=q_HibdrbIxo> "Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android" ) * [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library](<https://www.youtube.com/watch?v=s0Tqi7fuOSU> "Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library" ) * [Android FakeID Vulnerability Walkthrough](<https://www.youtube.com/watch?v=5eJYCucZ-Tc> "Android FakeID Vulnerability Walkthrough" ) * [Unleashing D* on Android Kernel Drivers](<https://www.youtube.com/watch?v=1XavjjmfZAY> "Unleashing D* on Android Kernel Drivers" ) * [The Smarts Behind Hacking Dumb Devices](<https://www.youtube.com/watch?v=yU1BrY1ZB2o> "The Smarts Behind Hacking Dumb Devices" ) * [Overview of common Android app vulnerabilities](<https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/> "Overview of common Android app vulnerabilities" ) * [Android security architecture](<https://www.youtube.com/watch?v=3asW-nBU-JU> "Android security architecture" ) * [Get the Ultimate Privilege of Android Phone](<https://vimeo.com/335948808> "Get the Ultimate Privilege of Android Phone" ) **Misc** * [Android Malware Adventures](<https://docs.google.com/presentation/d/1pYB522E71hXrp4m3fL3E3fnAaOIboJKqpbyE5gSsOes/edit> "Android Malware Adventures" ) * [Android-Reports-and-Resources](<https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md> "Android-Reports-and-Resources" ) * [Hands On Mobile API Security](<https://hackernoon.com/hands-on-mobile-api-security-get-rid-of-client-secrets-a79f111b6844> "Hands On Mobile API Security" ) * [Android Penetration Testing Courses](<https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed> "Android Penetration Testing Courses" ) * [Lesser-known Tools for Android Application PenTesting](<https://captmeelo.com/pentest/2019/12/30/lesser-known-tools-for-android-pentest.html> "Lesser-known Tools for Android Application PenTesting" ) * [android-device-check - a set of scripts to check Android device security configuration](<https://github.com/nelenkov/android-device-check> "android-device-check - a set of scripts to check Android device security configuration" ) * [apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection](<https://github.com/shroudedcode/apk-mitm> "apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection" ) * [Andriller - is software utility with a collection of forensic tools for smartphones](<https://github.com/den4uk/andriller> "Andriller - is software utility with a collection of forensic tools for smartphones" ) * [Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper](<https://www.virusbulletin.com/virusbulletin/2019/11/dexofuzzy-android-malware-similarity-clustering-method-using-opcode-sequence/> "Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper" ) * [Chasing the Joker](<https://docs.google.com/presentation/d/1sFGAERaNRuEORaH06MmZKeFRqpJo1ol1xFieUa1X_OA/edit#slide=id.p1> "Chasing the Joker" ) * [Side Channel Attacks in 4G and 5G Cellular Networks-Slides](<https://i.blackhat.com/eu-19/Thursday/eu-19-Hussain-Side-Channel-Attacks-In-4G-And-5G-Cellular-Networks.pdf> "Side Channel Attacks in 4G and 5G Cellular Networks-Slides" ) * [Shodan.io-mobile-app for Android](<https://github.com/PaulSec/Shodan.io-mobile-app> "Shodan.io-mobile-app for Android" ) * [Popular Android Malware 2018](<https://github.com/sk3ptre/AndroidMalware_2018> "Popular Android Malware 2018" ) * [Popular Android Malware 2019](<https://github.com/sk3ptre/AndroidMalware_2019> "Popular Android Malware 2019" ) * [Popular Android Malware 2020](<https://github.com/sk3ptre/AndroidMalware_2020> "Popular Android Malware 2020" ) **Bug Bounty & Writeup** * [Hacker101 CTF: Android Challenge Writeups](<https://medium.com/bugbountywriteup/hacker101-ctf-android-challenge-writeups-f830a382c3ce> "Hacker101 CTF: Android Challenge Writeups" ) * [Arbitrary code execution on Facebook for Android through download feature](<https://medium.com/@dPhoeniixx/arbitrary-code-execution-on-facebook-for-android-through-download-feature-fb6826e33e0f> "Arbitrary code execution on Facebook for Android through download feature" ) * [RCE via Samsung Galaxy Store App](<https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/> "RCE via Samsung Galaxy Store App" ) **Cheat Sheet** * [Mobile Application Penetration Testing Cheat Sheet](<https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet> "Mobile Application Penetration Testing Cheat Sheet" ) * [ADB (Android Debug Bridge) Cheat Sheet](<https://www.mobileqaengineer.com/blog/2020/2/4/adb-android-debug-bridge-cheat-sheet> "ADB \(Android Debug Bridge\) Cheat Sheet" ) * [Frida Cheatsheet and Code Snippets for Android](<https://erev0s.com/blog/frida-code-snippets-for-android/> "Frida Cheatsheet and Code Snippets for Android" ) **[Awesome-Android-Security](<https://github.com/saeidshirazi/awesome-android-security> "Download Awesome-Android-Security" )**


Related