Your first time on this page? Allow me to give some explanations.
Awesome Android Security
A collection of android security related resources
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you ashishb & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
Static Analysis Tools
Yet another static code analyzer for malicious Android applications
APKinspector is a powerful GUI tool for analysts to analyze the Android applications.
Smali Control Flow Graph's
Static Code Analysis for Smali files
Control Flow Graph Scanning for Android
Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)
Symbolic/concolic execution of Android apps
Taming Reflection to Support Whole-Program Analysis of Android Apps
A tool for quantitative risk analysis of Android applications based on machine learning techniques
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Analyze any Android/Java based app or game
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.
Joint Advanced Defect assEsment for android applications
Android Malware (Analysis | Scoring System)
One-Step APK Decompilation With Multiple Backends
Scanning APK file for URIs, endpoints & secrets.
Django application that performs SAST and Malware Analysis for Android APKs
App Vulnerability Scanners
Tool to look for several security related Android application vulnerabilities
AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.
An on-path blackbox network traffic security testing tool
copyright: - A mobile app vulnerability scanner, designed for security researchers and bug bounty hackers. It also allows integrations into the DevOps process for businesses.
Dynamic Analysis Tools
A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis
A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Dynamic analysis of Android apps
The Leading Security Assessment Framework for Android.
Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)
Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.
A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.
DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.
CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.
Tool used for dumping memory from Android devices
A Fork of Auditd geared specifically for running on the Android platform. Includes system applications, AOSP patches, and kernel patches to maximize the audit experience.
Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor
Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators
StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications
linux version (rewrite in Python)
Yet Another Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis
MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.
Android Malware Sandbox
A framework for automated extraction of static and dynamic features from Android applications
Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
Python API Monitor for Android apps
The tool is used to analyze the content of the android application in local storage.
Smali/Baksmali mode for Emacs
Android Debugging Library
Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)
Android Framework for Exploitation, is a framework for exploiting android based devices
Bypass signature and permission checks for IPCs
Make any application debuggable
Tools to work with android .dex and java .class files
Android small footprint inspection tool
Security profiling for blackbox Android
A standalone Java Decompiler GUI
Java decompiler, assembler, and disassembler
Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)
The Redexer binary instrumentation framework for Dalvik bytecode
Android virtual machine and deobfuscator
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
UNIX-like reverse engineering framework and command-line toolset
Dex to Java decompiler
Full featured multi arch/os debugger built on top of PyQt5 and frida
Andromeda - Interactive Reverse Engineering Tool for Android Applications
🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection
An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques
ARMANDroid - anti-repackaging tool for Android apps
MVT (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise.
An Android port of radamsa fuzzer
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
An Android port of the melkor ELF fuzzer
Media Fuzzing Framework for Android
A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process
App Repackaging Detectors
Fast detection of repackaged Android applications based on the comparison of resource files included into the package.
Play with Google Play API :)
Google Play Unofficial Python API - This project was a PoC and is not maintained anymore. Please feel free to fork it and improve it in any way.
Get details and download apps from https://play.google.com by emulating an Android (Nexus 5X) device by default. For a rust version of this library check out https://github.com/dweinstein/rs-google-play
aptoide app store APK download
A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)
Bash completion for "adb" from the Google Android SDK
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
docker file for use with androguard python android app analysis tool
Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.
Bluetooth experimentation framework for Broadcom and Cypress chips.
Android Mobile Device Hardening
Vulnerable Applications for practice
DIVA Android - Damn Insecure and vulnerable App for Android
Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
This project is no longer maintained OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
An Intentionally designed Vulnerable Android Application built in Kotlin.
The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.
A W.I.P Android Security Ref
Android App Security Checklist
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Collection of android malware samples