# Android ### [Learn Android fundamentals](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#2-android-application-fundamentals) * [Basics](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#fundamentals-review) * [Dalvik & Smali](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#dalvik--smali) * [Entry points](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#application-entry-points) * [Activities](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#launcher-activity) * [URL Schemes](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#url-schemes) * [Content Providers](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#services) * [Services](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#services-1) * [Broadcast Receivers](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#broadcast-receivers) * [Intents](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#intents) * [Intent Filter](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#intent-filter) * [Other components](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#other-app-components) * [How to use ADB](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#adb-android-debug-bridge) * [How to modify Smali](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#smali) ### [Static Analysis](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#static-analysis) * Check for the use of [obfuscation](https://book.hacktricks.xyz/mobile-pentesting/android-checklist#some-obfuscation-deobfuscation-information), checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. [Read this for more info](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#other-checks). * Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence. * Search for [interesting strings](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#looking-for-interesting-info) (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...). * Special attention to [firebase](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#firebase) APIs. * [Read the manifest:](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#basic-understanding-of-the-application-manifest-xml) * Check if the application is in debug mode and try to "exploit" it * Check if the APK allows backups * Exported Activities * Content Providers * Exposed services * Broadcast Receivers * URL Schemes * Is the application s[aving data insecurely internally or externally](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#insecure-data-storage)? * Is there any [password hard coded or saved in disk](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#poorkeymanagementprocesses)? Is the app [using insecurely crypto algorithms](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#useofinsecureandordeprecatedalgorithms)? * All the libraries compiled using the PIE flag? * Don't forget that there is a bunch of [static Android Analyzers](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#automatic-analysis) that can help you a lot during this phase. ### [Dynamic Analysis](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#dynamic-analysis) * Prepare the environment ([online](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#online-dynamic-analysis), [local VM or physical](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#local-dynamic-analysis)) * Is there any [unintended data leakage](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#unintended-data-leakage) (logging, copy/paste, crash logs)? * [Confidential information being saved in SQLite dbs](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#sqlite-dbs)? * [Exploitable exposed Activities](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#exploiting-exported-activities-authorisation-bypass)? * [Exploitable Content Providers](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#exploiting-content-providers-accessing-and-manipulating-sensitive-information)? * [Exploitable exposed Services](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#exploiting-services)? * [Exploitable Broadcast Receivers](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#exploiting-broadcast-receivers)? * Is the application [transmitting information in clear text/using weak algorithms](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#insufficient-transport-layer-protection)? is a MitM possible? * [Inspect HTTP/HTTPS traffic](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#inspecting-http-traffic) * This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns). * Check for possible [Android Client Side Injections](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#android-client-side-injections-and-others) (probably some static code analysis will help here) * [Frida](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...) ### Some obfuscation/Deobfuscation information * [Read here](https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting#obfuscating-deobfuscating-code) [SSL Unpinning for Android applications](https://book.konstantinsecurity.com/readme/pentest/android/ssl-unpinning-for-android-applications)