Android APK Checklist

Previousmobile-apps-pentesting NextAndroid Applications Pentesting

Last updated 3 years ago

Was this helpful?

Android APK Checklist

Do you use Hacktricks every day? Did you find the book very useful? Would you like to receive extra help with cybersecurity questions? Would you like to find more and higher quality content on Hacktricks? so we can dedicate more time to it and also get access to the Hacktricks private group where you will get the help you need and much more!

If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the , or follow me on Twitter . If you want to share some tricks with the community you can also submit pull requests to that will be reflected in this book and don't forget to give ⭐ on github to motivate me to continue developing this book.

Check for the use of , checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. .
Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
Search for (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
- Special attention to APIs.
- Check if the application is in debug mode and try to "exploit" it
- Check if the APK allows backups
- Exported Activities
- Content Providers
- Exposed services
- Broadcast Receivers
- URL Schemes
All the libraries compiled using the PIE flag?
Don't forget that there is a bunch of that can help you a lot during this phase.
Prepare the environment (, )
Is there any (logging, copy/paste, crash logs)?
- This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
Check for possible (probably some static code analysis will help here)
: Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)

Some obfuscation/Deobfuscation information

Last updated 4 months ago

Previousmobile-apps-pentesting NextAndroid Applications Pentesting

Last updated 3 years ago

Was this helpful?

Check for the use of , checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. .
Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
Search for (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
- Special attention to APIs.
- Check if the application is in debug mode and try to "exploit" it
- Check if the APK allows backups
- Exported Activities
- Content Providers
- Exposed services
- Broadcast Receivers
- URL Schemes
All the libraries compiled using the PIE flag?
Don't forget that there is a bunch of that can help you a lot during this phase.
Prepare the environment (, )
Is there any (logging, copy/paste, crash logs)?
- This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
Check for possible (probably some static code analysis will help here)
: Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)

Some obfuscation/Deobfuscation information

If you want to know about my latest modifications/additions or you have any suggestion for HackTricks or PEASS, join the , or follow me on Twitter . If you want to share some tricks with the community you can also submit pull requests to that will be reflected in this book. Don't forget to give ⭐ on the github to motivate me to continue developing this book.

Last updated 4 months ago