saeidshirazi / Awesome Android Security
Licence: mit
A curated list of Android Security materials and resources For Pentesters and Bug Hunters
Stars: ✭ 506
Labels
Projects that are alternatives of or similar to Awesome Android Security
SSBiometricsAuthentication
Biometric factors allow for secure authentication on the Android platform.
Stars: ✭ 87 (-82.81%)
Mutual labels: android-security
SecurityDemo
ndk进行简单的签名校验,密钥保护demo,android应用签名校验
Stars: ✭ 22 (-95.65%)
Mutual labels: android-security
Awesome Reverse Engineering
Reverse Engineering Resources About All Platforms(Windows/Linux/macOS/Android/iOS/IoT) And Every Aspect! (More than 3500 open source tools and 2300 posts&videos)
Stars: ✭ 2,954 (+483.79%)
Mutual labels: android-security
fingerprintjs-android
Swiss army knife for identifying and fingerprinting Android devices.
Stars: ✭ 336 (-33.6%)
Mutual labels: android-security
dumproid
Android process memory dump tool without ndk.
Stars: ✭ 55 (-89.13%)
Mutual labels: android-security
Evabs
An open source Android application that is intentionally vulnerable so as to act as a learning platform for Android application security beginners.
Stars: ✭ 173 (-65.81%)
Mutual labels: android-security
Adhrit
Android Security Suite for in-depth reconnaissance and static bytecode analysis based on Ghera benchmarks.
Stars: ✭ 399 (-21.15%)
Mutual labels: android-security
apkutil
a useful utility for android app security testing
Stars: ✭ 52 (-89.72%)
Mutual labels: android-security
CheckoutVerifier
Verify your In-App Purchase receipts & protect your Apps from hacking, patching used by Piracy Apps like Lucky Patcher.
Stars: ✭ 48 (-90.51%)
Mutual labels: android-security
Android Pin Bruteforce
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN cracker for Android devices! (no root, no adb)
Stars: ✭ 217 (-57.11%)
Mutual labels: android-security
remote-adb-scan
pure python remote adb scanner + nmap scan module
Stars: ✭ 19 (-96.25%)
Mutual labels: android-security
mobileAudit
Django application that performs SAST and Malware Analysis for Android APKs
Stars: ✭ 140 (-72.33%)
Mutual labels: android-security
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (-57.31%)
Mutual labels: android-security
Cwac Security
CWAC-Security: Helping You Help Your Users Defend Their Data
Stars: ✭ 294 (-41.9%)
Mutual labels: android-security
Apk Medit
memory search and patch tool on debuggable apk without root & ndk
Stars: ✭ 189 (-62.65%)
Mutual labels: android-security
android-webauthn-authenticator
A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.
Stars: ✭ 101 (-80.04%)
Mutual labels: android-security
Injuredandroid
A vulnerable Android application that shows simple examples of vulnerabilities in a ctf style.
Stars: ✭ 317 (-37.35%)
Mutual labels: android-security
Damn-Vulnerable-Bank
Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
Stars: ✭ 379 (-25.1%)
Mutual labels: android-security
Awesome-Android-Security
Table of Contents
- Blog
- How To's
- Paper
- Books
- Course
- Tools
- Labs
- Talks
- Misc
- Bug Bounty & Writeups
- Cheat Sheet
- Checklist
- Bug Bounty Report
Blog
- Reverse Engineering Clubhouse
- Escape the Chromium sandbox on Android Devices
- Android Penetration Testing: Frida
- Android: Gaining access to arbitrary* Content Providers
- Getting root on a 4G LTE mobile hotspot
- Exploiting new-era of Request forgery on mobile applications
- Deep Dive into an Obfuscation-as-a-Service for Android Malware
- Evernote: Universal-XSS, theft of all cookies from all sites, and more
- Interception of Android implicit intents
- AAPG - Android application penetration testing guide
- TikTok: three persistent arbitrary code executions and one theft of arbitrary files
- Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
- Android: Access to app protected components
- Android: arbitrary code execution via third-party package contexts
- Android Pentesting Labs - Step by Step guide for beginners
- An Android Hacking Primer
- An Android Security tips
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Android Applications Reversing 101
- Android Security Guidelines
- Android WebView Vulnerabilities
- OWASP Mobile Top 10
- Practical Android Phone Forensics
- Mobile Pentesting With Frida
- Zero to Hero - Mobile Application Testing - Android Platform
- Detecting Dynamic Loading in Android Applications
How To's
- How to Bypasses Iframe Sandboxing
- How To Configuring Burp Suite With Android Nougat
- How To Bypassing Xamarin Certificate Pinning
- How To Bypassing Android Anti-Emulation
- How To Secure an Android Device
- Android Root Detection Bypass Using Objection and Frida Scripts
- Root Detection Bypass By Manual Code Manipulation.
- Magisk Systemless Root - Detection and Remediation
- How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8
Paper
- AndrODet: An adaptive Android obfuscation detector
- GEOST BOTNET - the discovery story of a new Android banking trojan
- Dual-Level Android Malware Detection
- An Investigation of the Android Kernel Patch Ecosystem
Books
- SEI CERT Android Secure Coding Standard
- Android Security Internals
- Android Cookbook
- Android Hacker's Handbook
- Android Security Cookbook
- The Mobile Application Hacker's Handbook
- Android Malware and Analysis
- Android Security: Attacks and Defenses
- Learning Penetration Testing For Android Devices
- Android Hacking 2020 Edition
Course
- Android Reverse Engineering_pt-BR
- Learning-Android-Security
- Advanced Android Development
- Learn the art of mobile app development
- Learning Android Malware Analysis
- Android App Reverse Engineering 101
- MASPT V2
- Android Pentration Testing(Persian)
Tools
Static Analysis
-
quark-engine - An Obfuscation-Neglect Android Malware Scoring System
-
Droid Hunter – Android application vulnerability analysis and Android pentest tool
-
Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.
-
Infer – A Static Analysis tool for Java, C, C++ and Objective-C
-
Android Check – Static Code analysis plugin for Android Project
-
FindBugs-IDEA Static byte code analysis to look for bugs in Java code
-
Trueseeing – fast, accurate and resillient vulnerabilities scanner for Android apps
-
StaCoAn – crossplatform tool which aids developers, bugbounty hunters and ethical hackers
Dynamic Analysis
- Mobile-Security-Framework MobSF
- Magisk v20.2 - Root & Universal Systemless Interface
- Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
- Droid-FF - Android File Fuzzing Framework
- Drozer
- Inspeckage
- PATDroid - Collection of tools and data structures for analyzing Android applications
- Radare2 - Unix-like reverse engineering framework and commandline tools
- Cutter - Free and Open Source RE Platform powered by radare2
- ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
Online APK Analyzers
- Oversecured
- Android Observatory APK Scan
- AndroTotal
- VirusTotal
- Scan Your APK
- AVC Undroid
- OPSWAT
- ImmuniWeb Mobile App Scanner
- Ostor Lab
- Quixxi
- TraceDroid
- Visual Threat
- App Critique
- Jotti's malware scan
- kaspersky scanner
Online APK Decompiler
- Android APK Decompiler
- Java Decompiler APk
- APK DECOMPILER APP
- DeAPK is an open-source, online APK decompiler
- apk and dex decompilation back to Java source code
- APK Decompiler Tools
Forensic Analysis
- Forensic Analysis for Mobile Apps (FAMA)
- Andriller
- Autopsy
- bandicoot
- Fridump-A universal memory dumper using Frida
- LiME - Linux Memory Extractor
Labs
- Damn-Vulnerable-Bank
- OVAA (Oversecured Vulnerable Android App)
- DIVA (Damn insecure and vulnerable App)
- OWASP Security Shepherd
- Damn Vulnerable Hybrid Mobile App (DVHMA)
- OWASP-mstg(UnCrackable Mobile Apps)
- VulnerableAndroidAppOracle
- Android InsecureBankv2
- Purposefully Insecure and Vulnerable Android Application (PIIVA)
- Sieve app(An android application which exploits through android components)
- DodoVulnerableBank(Insecure Vulnerable Android Application that helps to learn hacing and securing apps)
- Digitalbank(Android Digital Bank Vulnerable Mobile App)
- AppKnox Vulnerable Application
- Vulnerable Android Application
- Android Security Labs
- Android-security Sandbox
- VulnDroid(CTF Style Vulnerable Android App)
- FridaLab
- Santoku Linux - Mobile Security VM
- AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
Talks
- One Step Ahead of Cheaters -- Instrumenting Android Emulators
- Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
- Rock appround the clock: Tracking malware developers by Android
- Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre
- Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
- Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
- Hide Android Applications in Images
- Scary Code in the Heart of Android
- Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android
- Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
- Android FakeID Vulnerability Walkthrough
- Unleashing D* on Android Kernel Drivers
- The Smarts Behind Hacking Dumb Devices
- Overview of common Android app vulnerabilities
- Android security architecture
- Get the Ultimate Privilege of Android Phone
Misc
- Android Malware Adventures
- Android-Reports-and-Resources
- Hands On Mobile API Security
- Android Penetration Testing Courses
- Lesser-known Tools for Android Application PenTesting
- android-device-check - a set of scripts to check Android device security configuration
- apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection
- Andriller - is software utility with a collection of forensic tools for smartphones
- Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper
- Chasing the Joker
- Side Channel Attacks in 4G and 5G Cellular Networks-Slides
- Shodan.io-mobile-app for Android
- Popular Android Malware 2018
- Popular Android Malware 2019
- Popular Android Malware 2020
Bug Bounty & Writeup
Cheat Sheet
- Mobile Application Penetration Testing Cheat Sheet
- ADB (Android Debug Bridge) Cheat Sheet
- Frida Cheatsheet and Code Snippets for Android
Checklist
Bug Bounty Report
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].