1. SSL Pinning
    1. Missing SSL Pinning
    2. SSL Pinning Bypass
      1. Frida
      2. Objection
      3. Code Manipulation
  2. Root Detection
    1. Missing Root Detection
    2. Root Detection Bypass
      1. Frida
      2. Code Manipulation
      3. Magisk Hide
  3. Emulator Detection
    1. Missing Emulator Detection
    2. Emulator Detection Bypass
      1. Frida
      2. Code Manipulation
  4. Sensitive Information in ADB Logcat
    1. Logcat
    2. Search for sensitive information
    3. If the application is using Encrypted Request, Logcat may contain Unencrypted Requests
  5. Sensitive Information in Local Storage
    1. SharedPrefs
    2. Database
    3. Other Files
  6. Sensitive Information in Application Memory
    1. Fridump.py
  7. Weak Signing Algorithm
    1. Check if the APK is signed with a weak algorithm such as "SHA1withRSA"
  8. Exploiting Android Components
    1. Activities
      1. Activity Hijacking
      2. Denial of Service
      3. Authentication Bypass by Calling After Authentication Activity
      4. Exported Activities
    2. Webviews
      1. Cross-Site Scripting
      2. Local File Inclusion
    3. Intent Filters
      1. Intent Spoofing/Sniffing
    4. Broadcast Receivers
      1. Exported Broadcast Receivers
    5. Content Providers
      1. SQL Injection
      2. Access Permission Issues
  9. Code Obfuscation
    1. Missing Code Obfuscation
    2. Partial Code Obfuscation
  10. Sensitive Information Hardcoded
    1. Search for Keys, Secrets, Password, etc.
    2. Tools: JADX, APKLEAKS, MobSF
  11. Insecure Coding Practices
    1. Javascript Enabled for Webviews
    2. Use of Insecure Random Number Generator
    3. Use of Insecure Functions
    4. Use of Weak Cryptography such as MD5
    5. Presence of other Coding Weakness
  12. Insecure Deeplinks
  13. Missing Integrity Checks
    1. Decompile the application, perform some code changes, Recompile and Sign the application. Check if the application works successfully after modification or not
  14. Insecure Android Permissions
    1. Clear Text Traffic
    2. Debug Mode Enabled
    3. Backup Enabled
    4. Unnecessary Permissions
  15. Background Screen Caching
    1. Check if the screenshots are taken when the application is sent to background
  16. Taskbar Snooping
    1. Check if the sensitive data is not masked when performing app switching
  17. Third Party Keyboard Enabled
    1. Check if the Third Party Keyboard Usage is allowed, specially for the sensitive fields
  18. Copy/Paste Allowed on Sensitive Fields
    1. Check if the sensitive fields such as Credit Card, Password, etc. allows Copy/Paste
  19. Android Lock/Biometric Bypass
    1. Frida
    2. Objection
    3. Runtime Hooking/Code Level Modification
  20. Insecure Firebase Database
    1. Append ".json" at the end of Firebase Instance to see if "read" permissions are enabled.
    2. Also try replacing "firebaseio.com" with "appspot.com" with "/.json" appended at the end may allow you to access appspot instance as well.
  21. Dynamic Analysis Issues
    1. Test for all the test cases that are applicable on the APIs
    2. Broken Access Controls & Authorization Checks
    3. Broken Authentication
    4. Server-Side Injections
    5. Sensitive Data Exposure
    6. Server Security Misconfiguration
    7. Fuzzing
  22. Debug Certifcate
    1. Check if the Application is using Debug Certificate
  23. Guides & References
    1. https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
    2. https://book.hacktricks.xyz/mobile-apps-pentesting/android-checklist
    3. https://owasp.org/www-project-mobile-security-testing-guide/
    4. https://github.com/B3nac/Android-Reports-and-Resources
    5. https://github.com/wtsxDev/android-security-list
    6. https://mobile-security.gitbook.io/mobile-security-testing-guide/
    7. https://github.com/saeidshirazi/awesome-android-security
    8. https://github.com/ashishb/android-security-awesome
  24. Vulnerable & Test Applications
    1. DIVA Android
    2. InsecureBank v2
    3. Uncrackable Mobile Apps
    4. VyAPI
    5. DVHMA
    6. WaTF Bank
    7. Injured Android
    8. Sieve mwrlabs
    9. Vuldroid
    10. Oversecured Vulnerable Android App
  25. Important Tools
    1. MobSF Mobile Security Framework
    2. Yaazhini
    3. Frida
    4. Objection
    5. Runtime Security Framework (RMS)
    6. House
    7. APKTool
    8. JADX
    9. JD-GUI
    10. APKLeaks
    11. Fridump
    12. Drozer
  26. Note: Multiple methods are available for bypassing various restrictions and attacks are not limited to the below mentioned, however, this is a category of attacks that is widely observed.
  27. Mindmap By: Harsh Bothra @harshbothra_