Skip to content



skylot/jadx: Dex to Java decompiler (

NationalSecurityAgency/ghidra: Ghidra is a software reverse engineering (SRE) framework (

Dynamic Analysis

sensepost/objection: ๐Ÿ“ฑ objection - runtime mobile exploration (

frida/frida: Clone this repo to build Frida (

FSecureLABS/drozer: The Leading Security Assessment Framework for Android. (

Packet Sniffers

emanuele-f/PCAPdroid: Capture the Android devices traffic and export it in PCAP format. No root privileges required. (

Misc Tools

Java Obfuscator and Android App Optimizer | ProGuard (

Realm: Realm is a mobile database: a replacement for SQLite & ORMs. SDKs for Swift, Objective-C, Java, Kotlin, C#, and JavaScript. (


Android Applications Pentesting - HackTricks

Free tutorials

Android App Reverse Engineering 101 | Learn to reverse engineer Android applications! (

How to use the Android Keystore to store passwords and other sensitive information - Android Authority

Introduction - Mobile Security Testing Guide (


xtiankisutsa/awesome-mobile-CTF: This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform. (


maddiestone - YouTube

Blog posts

Man-in-the-Disk: A New Attack Surface for Android Apps - Check Point Software

How to use the Android Keystore to store passwords and other sensitive information - Android Authority

Guide to Network Security Configuration in Android P | NowSecure

How Android Apps are Built and Run ยท dogriffiths/HeadFirstAndroid Wiki (

Platform Overview - Mobile Security Testing Guide (

rooting - How Magisk works? - Android Enthusiasts Stack Exchange

How Secure is your Android Keystore Authentication ? (

Host name verification failed for Host | by Sathya Bandara | Medium

Exploiting Exported activities in Android apps | mzfr's Blog

Bug Bounty Reports

B3nac/Android-Reports-and-Resources: A big list of Android Hackerone disclosed reports and other resources. (

Common Android app vulnerabilities (LevelUp).pdf - Google Drive

#161710 Possible to steal any protected files on Android (