ποΈ Decode & Decompile APK
For a lot of the static and dynamic analysis of the mobile app, reviewing the source and/or SMALI files could be very beneficial. In this section we will decode and decompile the apk file. While we will typically be provided the APK file by the app team, there are some instances where you will need to install the app from the Google Play Store. In these cases, we can still obtain the APK file after the app is installed.
ποΈ AndroidManifest Analysis
Now that we have seen how to decode/decompile the application, letβs dive in and start looking for sensitive data, exported activities, and other items to help define our attack surface.
ποΈ Binary Protections
Java and Kotlin are strictly typed programming languages, and in most cases are immune to stack overflow vulnerabilities. The exception is when the application includes library files that are written in C/C++, which then opens the overflow window. These files should be checked for proper stack canaries.
ποΈ Hard-Coded Data / APK File
An Android app can be configured in many different places. Typically, these are kept in SQLite Databases, JSON, or XML files. The main configuration file will be the AndroidManifest.xml file which will define all permissions, intents, services, etc.
ποΈ Hard-Coded Data / On-Device
An Android app can be configured in many different places. Typically, these are kept in SQLite Databases, JSON, or XML files. The main configuration file will be the AndroidManifest.xml file which will define all permissions, intents, services, etc.
ποΈ Third-Party Libraries & Frameworks
Java and Kotlin are the primary programming languages for Android. However, libraries that are included with the applications could be written in C/C++. These libraries should be evaluated for public CVEs, as well as examined for sensitive information leakage.
ποΈ Endpoint Discovery and URLs
As part of the information gathering phase, search the decoded/decompiled output for all endpoint URLs & APIs.
ποΈ Mobile Security Framework for Android
Links: