Skip to content

Latest commit

 

History

History
34 lines (23 loc) · 1.09 KB

README.md

File metadata and controls

34 lines (23 loc) · 1.09 KB
Raw

Android Application Penetration Testing Cheatsheet / Checklist

Checklist

SSL Pinning

  • Missing SSL Pinning
  • Bypassing SSL Pinning (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Root Detection

  • Missing Root Detection
  • Bypassing Root Detection (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Emulator Detection

  • Missing Emulator Detection
  • Bypassing Emulator Detection (Frida)
  • Code Manipulation (Changing the flags/or some parts of the code to make internal logic flaw)

Insertion of Sensitive Information into Log File

  • Check adb logcat logs for sensitive information/data
  • Bypass logging requests (Frida)
  • Unencrypted/plaintext request/data in logs

Insecure Storage of Sensitive Information

  • Sensitive information in Shared Preferences
  • Sensitive information in temporary files
  • Sensitive information in LocalStorage database
  • Sensitive information in other places