ANDROID, SECURITY

Android Application Hacking Resources

January 13, 2020

These are links that I found interesting as I was (and still am) learning about Android application security and I’m putting it here in case it can help someone else!

Last update: 2020-02-12

Aggregators, news feeds, twitter threads, etc.

Come back to those every now and then to see if they have new content!

• “android” HackerOne Hacktivity
• Twitter thread with tons of great links
• Android-Reports-and-Resources GitHub repository
• awesome-mobile-security GitHub repository
• #AndroidHackingMonth (HackerOne’s Android Hacking Month in February 2020)

Talks

• Maddie Stone - Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps
• Baptiste Robert aka fs0c131ty - L’histoire de la découverte d’une backdoor signée OnePlus (It’s in French)
• Ben Actis - Advanced Android Bug Bounty skills
• Yekaterina Tsipenyul O’Neil & Erika Chin - Seven Ways to Hang Yourself with Google Android (From 2011 but still interesting to this day)
• Dawn Isabel - Fun with Frida on Mobile (It’s for iOS but the same ideas can be used on Android)
• Sebastian Porst & Google Play - Overview of common Android app vulnerabilities

Write-ups and blog articles

• Bug Bounty Hunting Tips #2 —Target their mobile apps (Android Edition)
• Quarkslab’s “diffing” blog posts (They have an unreleased android diffing engine, we can’t use it but the next best thing is reading about it!)
• Configuring Burp Suite With Android Nougat

Social media accounts

Telegram

• fs0c131y
• Android Security & Malware

Twitter

• Maddie Stone
• Mobile Security
• fs0c131y Twitter
• Yanick Fratantonio
• Max ‘Libra’ Kersten
• Kyle

Courses

• MOBISEC
• Android App Reverse Engineering 101 by Maddie Stone

Frida

• Bypass Certificate Pinning

Drozer

• Getting started guide