📱Android-AppSec

If you enjoy what I do, please support me Buy Me Ko-fi! https://ko-fi.com/h0tak88r

Android-Security-Teryaagh/00-Roadmap/Android-Security-Roadmap.pdf at main · Ralireza/Android-Security-TeryaaghGitHub

1. Learned Web Pentesting

2. Learned JAVA basics and OOP

   1. Lazy Programmers -> Arabic Course

   2. OOP (omarAhmed) -> Arabic Course

3. Learned Android App Development

   1. lazyProgrammers -> Arabic Course ( i was focusing on java so i didn't study kotlin part)

   2. Android App Java Tutorials -> Arabic Course

   3. freeCodeCamp -> English Course

4. Learned Android App Pentesting basics

   1. Android Application Pen-testing Course -> Arabic Course

5. Dive in Android App Hacking World

   1. Guide to Android Application Bug Bounty

   2. Android App Hacking - Black Belt Edition

   3. Hack-Tricks

   4. Frida for Beginners

   5. overSecuredBlog

   6. elcapitano-blog\

Android Security Awesome

This section contains materials on the security of Android applications, including various articles, studies, analysis tools and useful libraries to ensure the security of applications.

Analysis Tools

This block is broken into several parts. First, you can see common solutions for analyzing and searching for vulnerabilities. Some of them intersect with tools for iOS, because among them there are universal frameworks (but few of them).

Then there are tools used for dynamic analysis (it is necessary to run the application on a real device or emulator).

Well, the last point - the tools available online, using which you can download the application file and get the result after a while.

General

References

• Pithus (github) - free and open-source platform to Android analysis applications
• CuckooDroid 2.0 - Automated Android Malware Analysis
• QARK - An Obfuscation-Neglect Android Malware Scorping System
• QARK – Quick Android Review Kit
• ProxyDroid
• ADB Toolkit
• InjectFake SecurityProvider - print the key, key key key, algorithm parameters, keystore password in logcat
• MEDUSA
• diffuse
• ApkDiff
• GDA(GJoy Dex Analyzer)
• APKProxyHelper
• APKLab
• RASE - Persistent Rooting Android Studio Emulator
• EdXposed Framework
• fridroid-unpacker - Defeat Java packers via Frida instrumentation
• CheckKarlMarx - Security checks for release assemblies
• parserDex
• Androguard
• Amandroid – A Static Analysis Framework
• Androwarn – Yet Another Static Code Analyzer
• APK Analyzer – Static and Virtual Analysis Tool
• APK Inspector – A Powerful GUI Tool
• Droid Hunter – Android application vulnerability analysis and Android pentest tool
• Error Prone – Static Analysis Tool
• Findbugs – Find Bugs in Java Programs
• Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.
• Flow Droid – Static Data Flow Tracker
• Smail/Baksmail – Assembler/Disassembler for the dex format
• Smail-CFGs – Smail Control Flow Graph’s
• SPARTA – Static Program Analysis for Reliable Trusted Apps
• Thresher – To check he reachability properties
• Vector Attack Scanner – To Search Points to Volilial Attack
• Gradle Static Analysis Plugin
• Android Check – Static Code Analysis Slyn for Android Project
• APK Leaks – Scanning APK file for URIS, endpoints & secrets
• fridax
• MOBEXLER
• Generate Malformed QRCodes
• Tool for Injecting Malicious Payloads Into Barcodes
• AFL - american fuzzy lop
• Setup for i0S and Android Application Analysis - This is a cheatsheet to install tools required for i0S and Android application pentesting
• AES Killer (Burpsuite Plugin)
• ReFlutter
• Lief
• Mobile Verification Toolkit

Dynamic analysis

References

• Stingray
• Adhritis - Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks
• Android Hooker - Opensource project for Dynamic Analysiss of Android Applications
• AppAudit - Online tool (including an API) use dynamic and static analysis
• AppAduct - A bare-metal analysis tool on Android devices
• DroidBox - Dynamic Analysis of Android Applications
• Droid-FF - Android File Fuzzing Framework
• Drozer
• Marvin - Analyses Android applications and allow tracking of an app
• Inspeckage
• PATDroid - Collection of tools and data structures for Android applications
• AndroL4b - Android security virtual machine on ubuntu-mate
• Radare2 - Unix-like reverse engineering framework and commandline tools
• Cutter - Free and Open Source RE Platform Powered by Darree2
• ByteCodeViewer - Android APK Reverse Engineering Suite (Decomiler, Editor, Debugger)
• Mobile-Security-Framework MobS
• Runtime Mobile Security (RMS) - is a powerful web interface that helps you manipulate to Android and iOS Apps at Runtime

Online analyzers

References

• Android APK Decompiler
• Ostor Lab
• Quixxi
• Visual Threat

Vulnerable Applications

Various vulnerable applications that can be trained in analysis and see what security problems are at all.

References

• Allsafe
• InsecureShop
• OWASP: OMTG-Hacking-Playground
• Daman insecure and App (DIVA)
• Damn-Vulnerable-Bank
• InjuredAndroid
• Damn Vulnerable Hybrid Mobile App (DVHMA)
• ExploitMe labs by SecurityCompass
• InsecureBankV2
• Sieve (Vulnerable ‘Password Manager’ app)
• sievePWN
• Android Labs
• Digitalbank
• Dodo Voluline Bank
• Oracle android app
• Urdu vulnerability app
• MOshZuk File
• Appknox
• Vuln app
• Daman Vulnerable FirefoxOS Application
• Android Security Sandbox
• OVAA (Oversecured Vulnerable Android App)
• SecurityShepherd
• OWASP-mstg
• Purpose very Insecure and Vulnerable Android Application (PIIVA)
• Sieve app
• Vulnerable Android Application
• Android - Security
• VulnDroid
• FridaLab
• Santoku Linux - Mobile Security VM
• Vuldroid
• DamanVulnerableCryptoApp

Articles

This is the largest section of all. Here are articles on various topics related to Android security. Separately collected all Russian-language materials, as well as articles using Frida.

Ru

References

• Development of Android security mechanisms (from version to version)
• Security of mobile OAuth 2.0
• Android Task Hijacking. We analyze the actual technique of replacing applications in Android
• Checked with PVS-Studio Android source codes, or no one is perfect
• Replace Runtime Permissions in Android
• How root rights and alternative firmware make your Android smartphone vulnerable
• Drozer, emulator and elven crutches

En

References

Frida

• Tiktok data acquisition Frida tutorial, Frida Java Hook detailed explanation: code and example. Part 1
• Tiktok data acquisition Frida tutorial, Frida Java Hook detailed explanation: code and example. Part 2
• Frida. 11x256's Reverse Engineering blog
• Blog about Frida. grepharder blog
• Frida Scripting Guide
• Android Hacking with FRIDA
• How to Direct Android Native Terms with Frida (Noob Friendly)
• Frida scripting guide for Java
• Reverse Engineering Nike Run Club Android App Used Frida
• Penttesting Android Apps Using Frida
• Android Root Detection Bypass Using Objection and Frida Scripts
• Mobile Pentesting With Frida
• How to use FRIDa to bruteforce Secure Startup with FDE-encryption on a Samsung G935F Android running 8
• Decrypting Mobile App using AES Killer and Frida
• How Learning to Use Frida with Unity App
• Beginning Frida: Learning Frida use on Linux and (just a bit on) Wintel and Android systems with Python and JavaScript (Frida. hooking, and other tools)

Others

• Selection of dyscalos with HackerOne
• Detailed instructions for setting up the working environment
• Android Security Workshop
• OWASP Top 10: Static Analysis of Android Application & Tools Used
• Android security checklist: WebView
• Use cryptography in mobile apps the right way
• Why Dynamic Code Downloading Can Be Massacred for Your Apps: a Google Example
• Arbitrary code execution on Facebook for Android through download feature
• Android Webview Exploited
• Android: Gaining access to* Content Orders
• Exploiting memory corruption on Android events
• Two Weeks of Samsung Devices Sple: Part 1
• Two Weeks of Samsung Devices Seased: Part 2
• Evernote: Universal-XSS, theft of all cookies from all sites, and more
• Interception of Android implicit intents
• TikTok: three persistent code executions and one theft of simple files
• Oversecured Extraquires Stop Code Executed In the Google Play Core Library
• Persistent execution code in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
• Android: Access to App Protective Computers
• Android: code execution third via third-party package contexts
• 24,000 Android apps user data via Firebase blunders
• The Wolf is Back - Android malware modification
• Modern Security in Android. Part 1
• Modern Security in Android. Part 2
• Modern Security in Android. Part 3
• Android IPC: Part 1 – Introduction
• Android IPC: Part 2 – Binder and Service Manager Perspective
• StrandHogg 2
• Towards Discovering and Understanding Task Hijacking in Android
• Aarrogya setu spyware analisys
• Playing Around With The Fuchsia Operating System Security
• Intercepting traffic from Android Flutter applications
• SafetyNet's dreaded hardware attestation
• Tiltoning in Android 11
• Snapchat detection on Android
• Reversing an Android app Protector, Part 1 – Code Obfuscation & RASP
• Reversing an Android app Protector, Part 2 – Assets and Code Encryption
• Reversing an Android app Protector, Part 3 – Code Virtualization
• Structured fuzzing Android's NFC
• MMS Exploit Part 1: Introduction to the Samsung Qmage Codec and Remote Attack Surface
• DJI ANDROID GO 4 APPLICATION SECURITY ANALYSIS
• B3nac - Android application
• Dynamic Analysis of Inside Android Cloning Apps

  • Part 1
  • Part 2
• Tik-Tok App Analisys

  • TikTok: Logs, Logs, Logs
  • TikTok: What is an app log?
  • TikTok: The disinformation is everywhere
• Exploiting Android Messengers with WebRTC

  • Part 1
  • Part 2
  • Part 3
• Android Pentesting Labs - Step by Step Guide for
• An Android Hacking Primer
• Secure and Android Device
• Security tips
• OWASP Mobile Security Testing Guide
• Security Testing for Android Cross Platform Application
• Dive deep in Android Application Security
• Mobile Security Testing Guide
• Mobile Application Penetration Testing Cheat Sheet
• Android Applications Reversing 101
• Android Security Guidelines
• Android WebView Vulnerabilities
• OWASP Mobile Top 10
• Practical Android Phone Forensics
• Mobile Reverse Engineering Unleashed
• Quark-engine - An Obfuscation-Neglect Android Malware Scoring System
• Root Detection Bypass By Manual Code Manipulation.
• GEOST BOTNET - the discovery of a new Android banking trojan
• Magisk Systemless Root - Detection and Remediation
• AndrODet: An adaptive Android obfuscation detector
• Hands On Mobile API Security
• Zero to Hero - Mobile Application Testing - Android Platform
• Android Malware Adventures
• AAPG - Android application testing guide
• Bypassing Android Anti-Emulation
• Bypassing Xamarin Certificate Pinning
• Configuring Burp Suite With Android Nougat
• Inspecting Android HTTP with a fake VPN
• Outlook for Android XSS
• Universal XSS in Android WebView
• Mobile Blackhat Asia 2020
• Lockscreen and Authentication Improvements in Android 11
• Firefox: How a website can bet all your cookies
• Exploiting a Single Instruction Race Condition in Binder
• An iOS hacker try Android
• Hack crypto secrets from heap memory to exploit Android application
• A Special Attack Surface of the Android System (1): Evil Dialog Box
• Launching Internal & Non-Exported Deeplinks On Facebook
• Reverse Engineering Flutter for Android
• Persistant Arbitrary code execution in mass android
• Common Hals When Using In Android
• The art of exploiting UAF by Ret2bpf in Android kernel
• Re route Your Intent for Privilege Escalation (A Universal Way to Exploit Android Pending Intents in High profile and System Apps)
• A Deep Dive in Privacy Dashboard of Top Android Vendors
• Android Component Security | The Four Horsemen
• Android Application Testing Using Windows 11 and Windows Subsystem for Android
• Android Awesome Security
• Forensic guide to iMessage, WhatsApp, Telegram, Signal and Skype data acquisition
• Malware Uses Corporate MDM as attack vector
• Mobexler Checklist
• Ad Fraud Spotted in Barcode Reader Malware Analysis
• Researching Confid Messenger Encryption
• Reverse Engineering Snapchat (Part I): Obfuscation Techniques
• Reverse Engineering Snapchat (Part II): Deobfuscating the Undeobfuscatable
• Firebase Cloud Messaging Service Takeover
• Saying Goodbye to My Favorite 5 Minute P1
• Reverse engineering Flutter apps (Part 1)
• How I Hacked Facebook Again!
• Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
• How to UseGhidra to Reverse Engineer Mobile Application
• React Native Application Static Analysis
• Pentesting Non-Proxy Aware Mobile Applications Without Root/Jailbreak
• 2 Click Remote Code execution in Evernote Android
• Android 13 deep dive: Every change up to DP2, documented