Learn & practice AWS Hacking:<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">\
Learn & practice GCP Hacking: <imgsrc="/.gitbook/assets/grte.png"alt=""data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
* [ ] Check for the use of [obfuscation](android-checklist.md#some-obfuscation-deobfuscation-information), checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. [Read this for more info](android-app-pentesting/#other-checks).
* [ ] Maombi nyeti (kama programu za benki) yanapaswa kuangalia kama simu imejikita na yanapaswa kuchukua hatua kwa mujibu wa hilo.
* [ ] Search for [interesting strings](android-app-pentesting/#looking-for-interesting-info) (nywila, URL, API, usimbuaji, milango ya nyuma, tokeni, Bluetooth uuids...).
* [ ] Umakini maalum kwa [firebase ](android-app-pentesting/#firebase)APIs.
* [ ] Je, kuna [nywila iliyowekwa kwa nguvu au kuhifadhiwa kwenye diski](android-app-pentesting/#poorkeymanagementprocesses)? Je, programu [inatumia algorithimu za usimbuaji zisizo salama](android-app-pentesting/#useofinsecureandordeprecatedalgorithms)?
* [ ] Maktaba zote zimeundwa kwa kutumia bendera ya PIE?
* [ ] Usisahau kwamba kuna kundi la [waanalyzer wa Android wa statiki](android-app-pentesting/#automatic-analysis) ambao wanaweza kukusaidia sana katika awamu hii.
* [ ] Prepare the environment ([online](android-app-pentesting/#online-dynamic-analysis), [local VM or physical](android-app-pentesting/#local-dynamic-analysis))
* [ ] [Vipokezi vya matangazo wanaoweza kutumika](android-app-pentesting/#exploiting-broadcast-receivers)?
* [ ] Je, programu inasambaza [taarifa kwa maandiko wazi/ikatumia algorithimu dhaifu](android-app-pentesting/#insufficient-transport-layer-protection)? Je, MitM inawezekana?
* [ ] [Kagua trafiki ya HTTP/HTTPS](android-app-pentesting/#inspecting-http-traffic)
* [ ] Hii ni muhimu sana, kwa sababu ikiwa unaweza kukamata trafiki ya HTTP unaweza kutafuta udhaifu wa kawaida wa Mtandao (Hacktricks ina habari nyingi kuhusu udhaifu wa Mtandao).
* [ ] Check for possible [Android Client Side Injections](android-app-pentesting/#android-client-side-injections-and-others) (labda uchambuzi wa msimbo wa statiki utaweza kusaidia hapa)
* [ ] [Frida](android-app-pentesting/#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
Learn & practice AWS Hacking:<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<imgsrc="/.gitbook/assets/arte.png"alt=""data-size="line">\
Learn & practice GCP Hacking: <imgsrc="/.gitbook/assets/grte.png"alt=""data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
