Physical attacks
Mobile Apps Pentesting
Pentesting

Android Checklist

  • Read Strings files

  • Read files inside res/values

  • Read .db or .sqlite files

  • Understand the code and check if you can find decryption functions or any interesting algorithms

    • Maybe during dynamic analysis you can use Frida to inject code and extract important information

  • Check for passwords, tokens, URLs, Bluetooth related... (Automatic analysis tools should help a lot for this).

  • Check for common misconfigurations (Automatic analysis tools should help a lot for this).

    • This misconfigurations could be exploited during dynamic analysis using Drozer.

If needed:

Dynamic Analysis