Android APK Checklist

Use Trickest to easily build and automate workflows powered by the world's most advanced community tools.
Get Access Today:
Workflow-powered solution for Bug Bounty, Pentesting, SecOps | Trickest
Trickest
HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥​
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs​
Get the official PEASS & HackTricks swag​
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦​@carlospolopm.
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.
​Learn Android fundamentals​
​Basics​
​Dalvik & Smali​
​Entry points​
​Activities​
​URL Schemes​
​Content Providers​
​Services​
​Broadcast Receivers​
​Intents​
​Intent Filter​
​Other components​
​How to use ADB​
​How to modify Smali​
​Static Analysis​
Check for the use of obfuscation, checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. Read this for more info.
Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
Search for interesting strings (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
Special attention to firebase APIs.
​Read the manifest:​
Check if the application is in debug mode and try to "exploit" it
Check if the APK allows backups
Exported Activities
Content Providers
Exposed services
Broadcast Receivers
URL Schemes
Is the application saving data insecurely internally or externally?
Is there any password hard coded or saved in disk? Is the app using insecurely crypto algorithms?
All the libraries compiled using the PIE flag?
Don't forget that there is a bunch of static Android Analyzers that can help you a lot during this phase.
​Dynamic Analysis​
Prepare the environment (online, local VM or physical)
Is there any unintended data leakage (logging, copy/paste, crash logs)?
​Confidential information being saved in SQLite dbs?
​Exploitable exposed Activities?
​Exploitable Content Providers?
​Exploitable exposed Services?
​Exploitable Broadcast Receivers?
Is the application transmitting information in clear text/using weak algorithms? is a MitM possible?
​Inspect HTTP/HTTPS traffic​
This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
Check for possible Android Client Side Injections (probably some static code analysis will help here)
​Frida: Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
Some obfuscation/Deobfuscation information
​Read here​
HackTricks in 🐦 Twitter 🐦 - 🎙️ Twitch Wed - 18.30(UTC) 🎙️ - 🎥 Youtube 🎥​
Do you work in a cybersecurity company? Do you want to see your company advertised in HackTricks? or do you want to have access to the latest version of the PEASS or download HackTricks in PDF? Check the SUBSCRIPTION PLANS!
Discover The PEASS Family, our collection of exclusive NFTs​
Get the official PEASS & HackTricks swag​
Join the 💬 Discord group or the telegram group or follow me on Twitter 🐦​@carlospolopm.
Share your hacking tricks by submitting PRs to the hacktricks repo and hacktricks-cloud repo.

Use Trickest to easily build and automate workflows powered by the world's most advanced community tools.
Get Access Today:
Workflow-powered solution for Bug Bounty, Pentesting, SecOps | Trickest
Trickest

Last modified 18d ago

Android APK Checklist

​Learn Android fundamentals​

​Static Analysis​

​Dynamic Analysis​

Some obfuscation/Deobfuscation information

Learn Android fundamentals

Static Analysis

Dynamic Analysis