hacktricks/mobile-pentesting/android-checklist.md

Android APK Checklist

htARTE (HackTricks AWS Red Team Expert) qa'vIn AWS hacking!

• qaStaHvIS cybersecurity company? HackTricks laH advertise company or PEASS latest version download HackTricks PDF access want? SUBSCRIPTION PLANS Check!
• The PEASS Family Discover, NFTs collection exclusive our
• official PEASS & HackTricks swag Get
• Join 💬 Discord group or telegram group follow me on Twitter 🐦@carlospolopm.
• Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo**.

Find vulnerabilities that matter most so you can fix them faster. Intruder tracks your attack surface, runs proactive threat scans, finds issues across your whole tech stack, from APIs to web apps and cloud systems. Try it for free today.

{% embed url="https://www.intruder.io/?utm_campaign=hacktricks&utm_source=referral" %}

---

Learn Android fundamentals

• Basics
• Dalvik & Smali
• Entry points
• Activities
• URL Schemes
• Content Providers
• Services
• Broadcast Receivers
• Intents
• Intent Filter
• Other components
• How to use ADB
• How to modify Smali

Static Analysis

• obfuscation Check use mobile rooted emulator used anti-tampering checks
• Sensitive applications mobile rooted actuate
• interesting strings Search (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
• firebase APIs Special attention
• manifest: Read
• application debug mode Check
• APK allows backups Check
• Exported Activities
• Content Providers
• Exposed services
• Broadcast Receivers
• URL Schemes
• [application saving data insecurely internally or externally?
• password hard coded or saved in disk Check insecurely crypto algorithms Check
• libraries compiled using the PIE flag?
• static Android Analyzers Don't forget

Dynamic Analysis

• Prepare the environment (online, local VM or physical)
• unintended data leakage Check (logging, copy/paste, crash logs)?
• Confidential information being saved in SQLite dbs? Check
• Exploitable exposed Activities? Check
• Exploitable Content Providers? Check
• Exploitable exposed Services? Check
• Exploitable Broadcast Receivers? Check
• transmitting information in clear text/using weak algorithms Check MitM possible?
• Inspect HTTP/HTTPS traffic
• capture the HTTP traffic common Web vulnerabilities search (Hacktricks has a lot of information about Web vulns).
• possible Android Client Side Injections Check (probably some static code analysis will help here)
• Frida: Frida, interesting dynamic data obtain (maybe some passwords...)

Some obfuscation/Deobfuscation information

• Read here

< * **ghItlhvam vItlhutlhlaHbe'chugh, [hacktricks repo](https://github.com/carlospolop/hacktricks) je [hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud) vItlhutlhlaHbe'chugh PRmey submit.**.