User Experience on mobile might not be great yet, but I'm working on it.

Your first time on this page? Allow me to give some explanations.

Awesome Android Security

A collection of android security related resources

Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.

Last Update: June 26, 2022, 10:04 p.m.

Thank you ashishb & contributors
View Topic on GitHub:
ashishb/android-security-awesome

Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.

Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.

Online Analyzers

Static Analysis Tools

Yet another static code analyzer for malicious Android applications

372
153
2y 5m
LGPL-3.0
952
253
9y 106d
n/a

APKinspector is a powerful GUI tool for analysts to analyze the Android applications.

755
248
9y 4m
n/a

Smali Control Flow Graph's

121
54
7y 11m
n/a

Static Code Analysis for Smali files

292
80
2y 8m
n/a

Control Flow Graph Scanning for Android

44
9
7y 34d
GPL-2.0

Simple framework to extract "actionable" data from Android malware (C&Cs, phone numbers etc.)

93
28
7y 53d
MIT

Symbolic/concolic execution of Android apps

45
16
6y 112d
n/a

Taming Reflection to Support Whole-Program Analysis of Android Apps

40
28
2y 4m
LGPL-2.1

A tool for quantitative risk analysis of Android applications based on machine learning techniques

62
23
1y 7m
MIT

Secure, Unified, Powerful and Extensible Rust Android Analyzer

365
57
1y 9m
GPL-3.0

Android and Java bytecode viewer

6.9K
858
1y 6m
Apache-2.0

StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications.

744
133
1y 61d
MIT

Joint Advanced Defect assEsment for android applications

312
114
5y 77d
GPL-3.0

Android Malware (Analysis | Scoring) System

716
109
7m
GPL-3.0

One-Step APK Decompilation With Multiple Backends

174
27
1y 5m
n/a

Scanning APK file for URIs, endpoints & secrets.

2.64K
281
8m
Apache-2.0

Django application that performs SAST and Malware Analysis for Android APKs

105
33
8m
GPL-3.0

App Vulnerability Scanners

Tool to look for several security related Android application vulnerabilities

2.59K
594
1y 26d
n/a

AndroBugs Framework is an efficient Android vulnerability scanner that helps developers or hackers find potential security vulnerabilities in Android applications. No need to install on Windows.

920
315
3y 65d
GPL-3.0

An on-path blackbox network traffic security testing tool

2.76K
431
1y 5m
Apache-2.0

Dynamic Analysis Tools

A Virtual Machine For Assessing Android applications, Reverse Engineering and Malware Analysis

976
266
1y 11m
n/a

A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

1.03K
176
1y 24d
MIT

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

9.98K
2.35K
7m
GPL-3.0

Dynamic analysis of Android apps

610
211
2y 51d
n/a

The Leading Security Assessment Framework for Android.

2.65K
667
8m
n/a

Android Package Inspector - dynamic analysis with api hooks, start unexported activities and more. (Xposed Module)

2.23K
481
1y 9m
Apache-2.0

Hooker is an opensource project for dynamic analyses of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application.

388
115
5y 10m
GPL-3.0

A SDK for the creation of analysis tools without obtaining app source code in order to profile runtime performance, examine code coverage, and track high-risk behaviors of a given app on Android 5.0 and above.

184
41
3y 6m
MIT

DECAF (short for Dynamic Executable Code Analysis Framework) is a binary analysis platform based on QEMU. This is also the home of the DroidScope dynamic Android malware analysis platform. DroidScope is now an extension to DECAF.

667
172
1y 4m
GPL-3.0

CuckooDroid - Automated Android Malware Analysis with Cuckoo Sandbox.

522
132
1y 7m
n/a

Tool used for dumping memory from Android devices

54
11
7y 17d
MIT

A Fork of Auditd geared specifically for running on the Android platform. Includes system applications, AOSP patches, and kernel patches to maximize the audit experience.

43
12
9y 51d
GPL-2.0

Practical security policy enforcement for Android apps via bytecode rewriting and in-place reference monitor

36
17
7y 5m
GPL-3.0

Android Loadable Kernel Modules - mostly used for reversing and debugging on controlled systems/emulators

171
65
7y 9m
GPL-2.0

StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications

18
8
2y 4m
n/a

linux version (rewrite in Python)

27
19
7y 47d
n/a

Yet Another Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis

84
18
6y 64d
n/a

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a toolkit that puts together commonly used mobile application reverse engineering and analysis tools to assist in testing mobile applications against the OWASP mobile security threats.

517
167
2y 11m
LGPL-3.0

Android Malware Sandbox

197
32
9m
Apache-2.0

A framework for automated extraction of static and dynamic features from Android applications

226
47
1y 26d
n/a

Runtime Mobile Security (RMS) 📱🔥 - is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime

1.55K
249
9m
GPL-3.0

Python API Monitor for Android apps

22
6
1y 106d
MIT

The tool is used to analyze the content of the android application in local storage.

102
20
1y 6m
MIT

Reverse Engineering

smali/baksmali

5.16K
974
9m
n/a

Smali/Baksmali mode for Emacs

31
11
3y 5m
GPL-3.0

Android Debugging Library

578
213
5y 11m
GPL-3.0

Reverse engineering, Malware and goodware analysis of Android applications ... and more (ninja !)

3.73K
911
8m
Apache-2.0

Android Framework for Exploitation, is a framework for exploiting android based devices

169
88
6y 9m
GPL-3.0

Bypass signature and permission checks for IPCs

72
33
8y 6m
GPL-2.0

Make any application debuggable

119
40
8y 6m
GPL-2.0

Tools to work with android .dex and java .class files

9.07K
1.72K
7m
Apache-2.0
2.63K
515
2y 7m
Apache-2.0

Android small footprint inspection tool

95
37
7y 8m
MIT

Security profiling for blackbox Android

440
149
8y 5m
GPL-2.0

A standalone Java Decompiler GUI

10.53K
1.95K
1y 42d
GPL-3.0

Java decompiler, assembler, and disassembler

1.45K
176
1y 52d
GPL-3.0

Unofficial mirror of FernFlower Java decompiler (All pulls should be submitted upstream)

2.32K
494
7m
n/a

The Redexer binary instrumentation framework for Dalvik bytecode

139
33
1y 38d
n/a

Android virtual machine and deobfuscator

3.84K
408
1y 35d
n/a

A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

12.73K
972
4m
GPL-3.0

UNIX-like reverse engineering framework and command-line toolset

15.2K
2.56K
7m
LGPL-3.0

Dex to Java decompiler

27.58K
3.4K
8m
Apache-2.0

Full featured multi arch/os debugger built on top of PyQt5 and frida

999
150
1y 89d
GPL-3.0

Andromeda - Interactive Reverse Engineering Tool for Android Applications

643
74
2y 105d
Apache-2.0

🤖 A CLI application that automatically prepares Android APK files for HTTPS inspection

1.32K
145
8m
MIT

[WIP] Simple mobile applications sandbox file browser tool. Powered with frida.re.

84
14
1y 7m
MIT

An automatic obfuscation tool for Android apps that works in a black-box fashion, supports advanced obfuscation features and has a modular architecture easily extensible with new techniques

586
173
10m
MIT

ARMANDroid - anti-repackaging tool for Android apps

3
0
1y 6m
n/a

MVT (Mobile Verification Toolkit) helps conducting forensics of mobile devices in order to find signs of a potential compromise.

6.09K
511
7m
n/a

Fuzz Testing

An Android port of radamsa fuzzer

59
20
2y 6m
MIT

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

2.37K
472
7m
Apache-2.0

An Android port of the melkor ELF fuzzer

56
13
7y 10m
GPL-3.0

Media Fuzzing Framework for Android

311
114
6y 88d
GPL-2.0

A fuzzing utility for Android that focuses on reporting and delivery portions of the fuzzing process

32
6
7y 9m
MIT

App Repackaging Detectors

Fast detection of repackaged Android applications based on the comparison of resource files included into the package.

63
23
4y 10m
n/a

Market Crawlers

Play with Google Play API :)

504
201
3y 4m
n/a

Google Play Unofficial Python API - This project was a PoC and is not maintained anymore. Please feel free to fork it and improve it in any way.

840
386
5y 35d
n/a

Get details and download apps from https://play.google.com by emulating an Android (Nexus 5X) device by default. For a rust version of this library check out https://github.com/dweinstein/rs-google-play

260
79
1y 52d
MIT

aptoide app store APK download

19
6
6y 11m
n/a

appland client

14
3
6y 11m
n/a

A command line tool to download Android applications directly from the Google Play Store by specifying their package name (an initial one-time configuration is required)

824
148
7m
MIT

Misc Tools

Bash completion for "adb" from the Google Android SDK

221
57
5y 11m
n/a

An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

25.07K
3.11K
7m
MIT

docker file for use with androguard python android app analysis tool

33
15
2y 8m
n/a

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

990
284
2y 11m
n/a

Documentation:

1.24K
256
1y 58d
Apache-2.0

Bluetooth experimentation framework for Broadcom and Cypress chips.

442
55
8m
n/a

Android Mobile Device Hardening

106
15
10m
GPL-3.0

Vulnerable Applications for practice

DIVA Android - Damn Insecure and vulnerable App for Android

671
208
1y 8m
GPL-3.0

Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code

32
6
9m
MIT

This project is no longer maintained OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Android platform. Download the built version here: https://github.com/jackMannino/OWASP-GoatDroid-Project/downloads

220
93
7y 11m
n/a

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

905
330
10m
MIT

An Intentionally designed Vulnerable Android Application built in Kotlin.

75
14
8m
MIT

Oversecured Vulnerable Android App

259
45
1y 27d
BSD-2-Clause

Research Papers

Books

Others

The Mobile Security Testing Guide (MSTG) is a comprehensive manual for mobile app security development, testing and reverse engineering.

8.15K
1.74K
7m
CC-BY-SA-4.0

A W.I.P Android Security Ref

737
117
7m
n/a

Android App Security Checklist

637
168
8m
n/a

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

2.99K
1.02K
9m
n/a

List

Malware

Bounty Programs

How to report Security issues

A big list of Android Hackerone disclosed reports and other resources.

821
222
8m
n/a