Category
Resources
GitHub Stars
1706
Project Added On
May 25, 2025
Contributors
12
Table of Contents
Loading contents...
README.md
Awesome-Android-Security 
Table of Contents
- Blog
- How To’s
- Papers
- Books
- Trainings
- Tools
- Static Analysis Tools
- Dynamic Analysis Tools
- Online APK Analyzers
- Online APK Decompiler
- Forensic Analysis Tools
- Labs
- Talks
- Misc
- Bug Bounty & Writeups
- Cheat Sheet
- Checklist
- Bug Bounty Report
Blogs
- 1-click Exploit in South Korea’s biggest mobile chat app
- 20 Security Issues Found in Xiaomi Devices
- Bypass Instagram and Threads SSL pinning on Android
- Reverse Engineering Android game Coin Hunt World and its communication protocol to cheat the app
- Discovering vendor-specific vulnerabilities in Android
- Technical analysis of Alien android malware
- Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
- Analysis of Android banking Trojan MaliBot that is based on S.O.V.A banker
- Pending Intents: A Pentester’s view
- Android security checklist: theft of arbitrary files
- Protecting Android users from 0-Day attacks
- Reversing an Android sample which uses Flutter
- Step-by-step guide to reverse an APK protected with DexGuard using Jadx
- Use cryptography in mobile apps the right way
- Android security checklist: WebView
- Common mistakes when using permissions in Android
- Two weeks of securing Samsung devices: Part 2
- Why dynamic code loading could be dangerous for your apps: a Google example
- Two weeks of securing Samsung devices: Part 1
- How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps
- Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps
- Capture all android network traffic
- Reverse Engineering Clubhouse
- Escape the Chromium sandbox on Android Devices
- Android Penetration Testing: Frida
- Android: Gaining access to arbitrary* Content Providers
- Getting root on a 4G LTE mobile hotspot
- Exploiting new-era of Request forgery on mobile applications
- Deep Dive into an Obfuscation-as-a-Service for Android Malware
- Evernote: Universal-XSS, theft of all cookies from all sites, and more
- Interception of Android implicit intents
- AAPG - Android application penetration testing guide
- TikTok: three persistent arbitrary code executions and one theft of arbitrary files
- Persistent arbitrary code execution in Android’s Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
- Android: Access to app protected components
- Android: arbitrary code execution via third-party package contexts
- Android Pentesting Labs - Step by Step guide for beginners
- An Android Hacking Primer
- An Android Security tips
- OWASP Mobile Security Testing Guide
- Security Testing for Android Cross Platform Application
- Dive deep into Android Application Security
- Pentesting Android Apps Using Frida
- Mobile Security Testing Guide
- Android Applications Reversing 101
- Android Security Guidelines
- Android WebView Vulnerabilities
- OWASP Mobile Top 10
- Practical Android Phone Forensics
- Mobile Pentesting With Frida
- Zero to Hero - Mobile Application Testing - Android Platform
- Detecting Dynamic Loading in Android Applications
- Static Analysis for Android and iOS
- Dynamic Analysis for Android and iOS
- Exploring intent-based Android security vulnerabilities on Google Play (part 1/3)
- Hunting intent-based Android security vulnerabilities with Snyk Code (part 2/3)
- Mitigating and remediating intent-based Android security vulnerabilities (part 3/3)
- Strengthening Android Security: Mitigating Banking Trojan Threats
How To’s
- How to analyze mobile malware: a Cabassous/FluBot Case study
- How to Bypasses Iframe Sandboxing
- How To Configuring Burp Suite With Android Nougat
- How To Bypassing Xamarin Certificate Pinning
- How To Bypassing Android Anti-Emulation
- How To Secure an Android Device
- Android Root Detection Bypass Using Objection and Frida Scripts
- Root Detection Bypass By Manual Code Manipulation.
- Magisk Systemless Root - Detection and Remediation
- How to use FRIDA to bruteforce Secure Startup with FDE-encryption on a Samsung G935F running Android 8
Papers
- A systematic analysis of commercial Android packers
- [A Large-Scale Study on the Adoption of An
... Content truncated. Click "See More" to view the full README.
Tool Information
Author
saeidshirazi
Project Added On
May 25, 2025
License
Open Source
Tags
android-awesome
android-cookbook
android-malware
android-pentest
android-pentesting
android-security
Related Tools
RedTeaming_CheatSheet
Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
Stable
SecPayloads
Sec-Payloads, It's a collection of multiple types of lists used during security assessments & used for bug bounty hunting or penetration testing, collected in one place. List types include xss, sqli, sensitive data patterns, fuzzing payloads, web shells, and many more.
Stable
BugBountyBooks
A collection of PDF/books about the modern web application security and bug bounty.
Stable