A curated list of Android Security materials and resources For Pentesters and Bug Hunters.

Blog

• AAPG - Android application penetration testing guide
• TikTok: three persistent arbitrary code executions and one theft of arbitrary files
• Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
• Android: Access to app protected components
• Android: arbitrary code execution via third-party package contexts
• Android Pentesting Labs - Step by Step guide for beginners
• An Android Hacking Primer
• An Android Security tips
• OWASP Mobile Security Testing Guide
• Security Testing for Android Cross Platform Application
• Dive deep into Android Application Security
• Pentesting Android Apps Using Frida
• Mobile Security Testing Guide
• Android Applications Reversing 101
• Android Security Guidelines
• Android WebView Vulnerabilities
• OWASP Mobile Top 10
• Practical Android Phone Forensics
• Mobile Pentesting With Frida
• Zero to Hero - Mobile Application Testing - Android Platform

How To's

• How To Configuring Burp Suite With Android Nougat
• How To Bypassing Xamarin Certificate Pinning
• How To Bypassing Android Anti-Emulation
• How To Secure an Android Device
• Android Root Detection Bypass Using Objection and Frida Scripts
• Root Detection Bypass By Manual Code Manipulation.
• Magisk Systemless Root - Detection and Remediation
• How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8

Paper

• AndrODet: An adaptive Android obfuscation detector
• GEOST BOTNET - the discovery story of a new Android banking trojan

Books

• SEI CERT Android Secure Coding Standard
• Android Security Internals
• Android Cookbook
• Android Hacker's Handbook
• Android Security Cookbook
• The Mobile Application Hacker's Handbook
• Android Malware and Analysis
• Android Security: Attacks and Defenses
• Learning Penetration Testing For Android Devices

Course

• Learning-Android-Security
• Mobile Application Security and Penetration Testing
• Advanced Android Development
• Learn the art of mobile app development
• Learning Android Malware Analysis
• Android App Reverse Engineering 101
• MASPT V2
• Android Pentration Testing(Persian)

Tools

Static Analysis

• Apktool:A tool for reverse engineering Android apk files

• quark-engine - An Obfuscation-Neglect Android Malware Scoring System

• DeGuard:Statistical Deobfuscation for Android

• jadx - Dex to Java decompiler

• Amandroid – A Static Analysis Framework

• Androwarn – Yet Another Static Code Analyzer

• Droid Hunter – Android application vulnerability analysis and Android pentest tool

• Error Prone – Static Analysis Tool

• Findbugs – Find Bugs in Java Programs

• Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.

• Flow Droid – Static Data Flow Tracker

• Smali/Baksmali – Assembler/Disassembler for the dex format

• Smali-CFGs – Smali Control Flow Graph’s

• SPARTA – Static Program Analysis for Reliable Trusted Apps

• Gradle Static Analysis Plugin

• Checkstyle – A tool for checking Java source code

• PMD – An extensible multilanguage static code analyzer

• Soot – A Java Optimization Framework

• Android Quality Starter

• QARK – Quick Android Review Kit

• Infer – A Static Analysis tool for Java, C, C++ and Objective-C

• Android Check – Static Code analysis plugin for Android Project

• FindBugs-IDEA Static byte code analysis to look for bugs in Java code

• APK Leaks – Scanning APK file for URIs, endpoints & secrets

• Trueseeing – fast, accurate and resillient vulnerabilities scanner for Android apps

• StaCoAn – crossplatform tool which aids developers, bugbounty hunters and ethical hackers

Dynamic Analysis

• Mobile-Security-Framework MobSF
• Magisk v20.2 - Root & Universal Systemless Interface
• Runtime Mobile Security (RMS) - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
• Droid-FF - Android File Fuzzing Framework
• Drozer
• Inspeckage
• PATDroid - Collection of tools and data structures for analyzing Android applications
• Radare2 - Unix-like reverse engineering framework and commandline tools
• Cutter - Free and Open Source RE Platform powered by radare2
• ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)

Online APK Analyzers

• Oversecured
• Android Observatory APK Scan
• AndroTotal
• VirusTotal
• Scan Your APK
• AVC Undroid
• OPSWAT
• ImmuniWeb Mobile App Scanner
• Ostor Lab
• Quixxi
• TraceDroid
• Visual Threat
• App Critique
• Jotti's malware scan
• kaspersky scanner

Online APK Decompiler

• Android APK Decompiler
• Java Decompiler APk
• APK DECOMPILER APP
• DeAPK is an open-source, online APK decompiler
• apk and dex decompilation back to Java source code
• APK Decompiler Tools

Labs

• OVAA (Oversecured Vulnerable Android App)
• DIVA (Damn insecure and vulnerable App)
• OWASP Security Shepherd
• Damn Vulnerable Hybrid Mobile App (DVHMA)
• OWASP-mstg(UnCrackable Mobile Apps)
• VulnerableAndroidAppOracle
• Android InsecureBankv2
• Purposefully Insecure and Vulnerable Android Application (PIIVA)
• Sieve app(An android application which exploits through android components)
• DodoVulnerableBank(Insecure Vulnerable Android Application that helps to learn hacing and securing apps)
• Digitalbank(Android Digital Bank Vulnerable Mobile App)
• AppKnox Vulnerable Application
• Vulnerable Android Application
• Android Security Labs
• Android-security Sandbox
• VulnDroid(CTF Style Vulnerable Android App)
• FridaLab
• Santoku Linux - Mobile Security VM
• AndroL4b - A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

Talks

• One Step Ahead of Cheaters -- Instrumenting Android Emulators
• Vulnerable Out of the Box: An Evaluation of Android Carrier Devices
• Rock appround the clock: Tracking malware developers by Android
• Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre
• Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets
• Honey, I Shrunk the Attack Surface – Adventures in Android Security Hardening
• Hide Android Applications in Images
• Scary Code in the Heart of Android
• Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android
• Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
• Android FakeID Vulnerability Walkthrough
• Unleashing D* on Android Kernel Drivers
• The Smarts Behind Hacking Dumb Devices
• Overview of common Android app vulnerabilities
• Android security architecture
• Get the Ultimate Privilege of Android Phone

Misc

• Android Malware Adventures
• Android-Reports-and-Resources
• Hands On Mobile API Security
• Android Penetration Testing Courses
• Lesser-known Tools for Android Application PenTesting
• android-device-check - a set of scripts to check Android device security configuration
• apk-mitm - a CLI application that prepares Android APK files for HTTPS inspection
• Andriller - is software utility with a collection of forensic tools for smartphones
• Dexofuzzy: Android malware similarity clustering method using opcode sequence-Paper
• Chasing the Joker
• Side Channel Attacks in 4G and 5G Cellular Networks-Slides
• Shodan.io-mobile-app for Android
• Popular Android Malware 2018
• Popular Android Malware 2019
• Popular Android Malware 2020

Bug Bounty & Writeup

• Hacker101 CTF: Android Challenge Writeups

• Arbitrary code execution on Facebook for Android through download feature

• RCE via Samsung Galaxy Store App

Cheat Sheet

• Mobile Application Penetration Testing Cheat Sheet
• ADB (Android Debug Bridge) Cheat Sheet
• Frida Cheatsheet and Code Snippets for Android