User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Android Security

A collection of android security related resources

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: Dec. 4, 2021, 3:05 p.m.

Thank you ashishb & contributors
View Topic on GitHub:
ashishb/android-security-awesome

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Online Analyzers

Static Analysis Tools

Yet another static code analyzer for malicious Android applications

372
153
1y 10m
LGPL-3.0
952
253
8y 8m
n/a

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

755
248
8y 9m
n/a

Smali Control Flow Graph's

121
54
7y 5m
n/a

Static Code Analysis for Smali files

292
80
2y 63d
n/a

Control Flow Graph Scanning for Android

44
9
6y 6m
GPL-2.0

Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)

93
28
6y 7m
MIT

Symbolic/concolic execution of Android apps

45
16
5y 9m
n/a

Taming Reflection to Support Whole-Program Analysis of Android Apps

40
28
1y 9m
LGPL-2.1

A tool for quantitative risk analysis of Android applications based on machine learning techniques

62
23
1y 34d
MIT

Secure, Unified, Powerful and Extensible Rust Android Analyzer

365
57
1y 78d
GPL-3.0

Android and Java bytecode viewer

6.9K
858
11m
Apache-2.0

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

744
133
7m
MIT

Joint Advanced Defect assEsment for android applications

312
114
4y 7m
GPL-3.0

Android Malware (Analysis | Scoring) System

716
109
32d
GPL-3.0

One-Step APK Decompilation With Multiple Backends

174
27
10m
n/a

Scanning APK file for URIs, endpoints & secrets.

2.64K
281
45d
Apache-2.0

Django application that performs SAST and Malware Analysis for Android APKs

105
33
38d
GPL-3.0

App Vulnerability Scanners

Tool to look for several security related Android application vulnerabilities

2.59K
594
6m
n/a

AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.

920
315
2y 7m
GPL-3.0

An on-path blackbox network traffic security testing tool

2.76K
431
10m
Apache-2.0

Dynamic Analysis Tools

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

947
257
1y 4m
n/a

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

1.03K
176
6m
MIT

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

9.98K
2.35K
33d
GPL-3.0

Dynamic analysis of Android apps

610
211
1y 7m
n/a

The Leading Security Assessment Framework for Android.

2.65K
667
36d
n/a

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

2.23K
481
1y 73d
Apache-2.0

Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.

388
115
5y 118d
GPL-3.0

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.

184
41
2y 11m
MIT

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

667
172
9m
GPL-3.0

CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.

522
132
1y 27d
n/a

Tool used for dumping memory from Android devices

54
11
6y 5m
MIT

A Fork of Auditd geared specifically for running on the Android platform. Includes system applications, AOSP patches, and kernel patches to maximize the audit experience.

43
12
8y 7m
GPL-2.0

Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor

36
17
6y 10m
GPL-3.0

Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators

171
65
7y 86d
GPL-2.0

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications

18
8
1y 9m
n/a

linux version (rewrite in Python)

27
19
6y 6m
n/a

Yet Another Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis

84
18
5y 7m
n/a

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

517
167
2y 4m
LGPL-3.0

Android Malware Sandbox

197
32
75d
Apache-2.0

A framework for automated extraction of static and dynamic features from Android applications

226
47
6m
n/a

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

1.55K
249
72d
GPL-3.0

Python API Monitor for Android apps

22
6
8m
MIT

The tool is used to analyze the content of the android application in local storage.

102
20
11m
MIT

Reverse Engineering

smali/baksmali

5.16K
974
71d
n/a

Smali/Baksmali mode for Emacs

31
11
2y 10m
GPL-3.0

Android Debugging Library

578
213
5y 4m
GPL-3.0

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.73K
911
38d
Apache-2.0

Android Framework for Exploitation, is a framework for exploiting android based devices

169
88
6y 70d
GPL-3.0

Bypass signature and permission checks for IPCs

72
33
7y 11m
GPL-2.0

Make any application debuggable

119
40
7y 11m
GPL-2.0

Tools to work with android .dex and java .class files

9.07K
1.72K
31d
Apache-2.0
2.63K
515
2y 29d
Apache-2.0

Android small footprint inspection tool

95
37
7y 42d
MIT

Security profiling for blackbox Android

440
149
7y 10m
GPL-2.0

A standalone Java Decompiler GUI

10.53K
1.95K
6m
GPL-3.0

Java decompiler, assembler, and disassembler

1.45K
176
7m
GPL-3.0

Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

2.32K
494
32d
n/a

The Redexer binary instrumentation framework for Dalvik bytecode

139
33
6m
n/a

Android virtual machine and deobfuscator

3.84K
408
6m
n/a

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

12.56K
950
16d
GPL-3.0

UNIX-like reverse engineering framework and command-line toolset

15.2K
2.56K
30d
LGPL-3.0

Dex to Java decompiler

27.58K
3.4K
36d
Apache-2.0

Full featured multi arch/os debugger built on top of PyQt5 and frida

999
150
8m
GPL-3.0

Andromeda - Interactive Reverse Engineering Tool for Android Applications

643
74
1y 8m
Apache-2.0

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

1.32K
145
63d
MIT

[WIP] Simple mobile applications sandbox file browser tool. Powered with frida.re.

84
14
1y 7d
MIT

An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques

586
173
99d
MIT

ARMANDroid - anti-repackaging tool for Android apps

3
0
11m
n/a

MVT (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise.

6.09K
511
30d
n/a

Fuzz Testing

An Android port of radamsa fuzzer

59
20
1y 11m
MIT

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

2.37K
472
32d
Apache-2.0

An Android port of the melkor ELF fuzzer

56
13
7y 107d
GPL-3.0

Media Fuzzing Framework for Android

311
114
5y 8m
GPL-2.0

A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process

32
6
7y 93d
MIT

App Repackaging Detectors

Fast detection of repackaged Android applications based on the comparison of resource files included into the package.

63
23
4y 96d
n/a

Market Crawlers

Play with Google Play API :)

504
201
2y 9m
n/a

Google Play Unofficial Python API - This project was a PoC and is not maintained anymore. Please feel free to fork it and improve it in any way.

840
386
4y 6m
n/a

Get details and download apps from https://play.google.com by emulating an Android (Nexus 5X) device by default. For a rust version of this library check out https://github.com/dweinstein/rs-google-play

260
79
7m
MIT

aptoide app store APK download

19
6
6y 4m
n/a

appland client

14
3
6y 4m
n/a

A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)

824
148
33d
MIT

Misc Tools

Bash completion for "adb" from the Google Android SDK

221
57
5y 4m
n/a

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

25.07K
3.11K
31d
MIT

docker file for use with androguard python android app analysis tool

33
15
2y 37d
n/a

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

990
284
2y 4m
n/a

Documentation:

1.24K
256
7m
Apache-2.0

Bluetooth experimentation framework for Broadcom and Cypress chips.

442
55
44d
n/a

Android Mobile Device Hardening

106
15
109d
GPL-3.0

Vulnerable Applications for practice

DIVA Android - Damn Insecure and vulnerable App for Android

671
208
1y 64d
GPL-3.0

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

32
6
77d
MIT

This project is no longer maintained OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads

220
93
7y 4m
n/a

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

905
330
113d
MIT

An Intentionally designed Vulnerable Android Application built in Kotlin.

75
14
49d
MIT

Oversecured Vulnerable Android App

259
45
6m
BSD-2-Clause

Research Papers

Books

Others

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

8.15K
1.74K
31d
CC-BY-SA-4.0

A W.I.P Android Security Ref

737
117
33d
n/a

Android App Security Checklist

637
168
36d
n/a

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

2.99K
1.02K
94d
n/a

List

Malware

Bounty Programs

How to report Security issues

A big list of Android Hackerone disclosed reports and other resources.

821
222
35d
n/a