A curated list of resources to study Android security for a beginner
-
Decompile an APK file: ApkTool
Reverse engineering and disassembling tool
-
Understanding the directory structure codepath
-
Working of android(Internal) Addictivetips
- Setup basic android hacking lab Medium Blog
-
View Source code > Unzip app.apk -o app > open exampe dir and do "d2j-dex2jar classes.dex" > Decompile the generated .classes file with Java decompiler
-
Permissions (use apktools and open AndroidManifest.xml) Android Developer
-
Understanding Android OS Android Application security
-
Android Application fundamentals Android application security
-
Introduction to adb, apktool, dex2jar and jd-gui Android application security
-
Intentionally vulnerable apps for practice DIVA OWASP goatdroid Android insecure bank
-
Insecure data storage Vuln
-
Absence of binary protection Vuln
-
Insufficient protection of communication channel Vuln Mobilesecurity.gitbook.io
-
Developer Backdoor Hard coded credentials :D.
-
Testing Authenticatio mechanism. Vuln
-
[Vuln] Weak Cryptography. Mobile-security.gitbook.io Manifestsecurity
-
Infufficient Transport Layer Protection Mobile-security.gitbook.io Manifestsecurity
-
Unintented Data leakage Manifestsecurity