Android-security

A curated list of resources to study Android security for a beginner

1. Week 1
2. Week 2
3. Week 3
4. Week 4
5. Week 5
6. Week 6
7. Extra Stuff
8. Tools

---

Week 1

• Decompile an APK file: ApkToolReverse engineering and disassembling tool

• Understanding the directory structure codepath

  howtodoinjava

• Working of android(Internal) Addictivetips

  Android

  Book

Week 2

• Setup basic android hacking lab Medium Blog

Week 3

• View Source code > Unzip app.apk -o app > open exampe dir and do "d2j-dex2jar classes.dex" > Decompile the generated .classes file with Java decompiler

• Permissions (use apktools and open AndroidManifest.xml) Android Developer

Week 4

• Understanding Android OS Android Application security

• Android Application fundamentals Android application security

• Introduction to adb, apktool, dex2jar and jd-gui Android application security

Week 5

• Intentionally vulnerable apps for practice DIVA OWASP goatdroid Android insecure bank

• Insecure data storage Vuln

• Absence of binary protection Vuln

Week 6

• Insufficient protection of communication channel Vuln Mobilesecurity.gitbook.io

• Developer Backdoor Hard coded credentials :D.

• Testing Authenticatio mechanism. Vuln

Week 7

• [Vuln] Weak Cryptography. Mobile-security.gitbook.io Manifestsecurity

• Infufficient Transport Layer Protection Mobile-security.gitbook.io Manifestsecurity

• Unintented Data leakage Manifestsecurity

Extra Reference and resources

• Appsec Wiki
• Manifest Security
• Android security Awesome
• OWASP mobile testing guide
• Android sec reference
• Android Lab
• Android's official vulnerability disclosure
• Exploits from Exploit-DB
• Azeria-labs Assembly basics ARM
• Azeria-labs Online Assembler ARM
• Azeria-labs ARM exploitation
• Azeria-labs Emulator Raspberry pi

Tools

• Quark
• Frida
• Radare2 - Reversing
• Virus Total
• APKAnalyzer
• Apktool
• Android Framework for Exploitation
• Dwarf - RE
• Ghidra
• Gdb