Skip to content

Android

Notes, techniques, and tooling for Android application penetration testing.

Sections

Section Description
Installation / Setup Environment setup, emulators, ADB, and essential tooling
App Structure APK anatomy, Manifest, DEX, resources, and components
Storage SharedPreferences, databases, files, WebView data, and secrets at rest
Reversing Decompiling APKs, static analysis, jadx, apktool
Smali Reading and patching Smali bytecode
Man in the Middle Intercepting Android traffic with Burp, certificate pinning bypass
Frida Dynamic instrumentation, hooking, bypassing root/SSL detection