awesome-mobile-security

A curated list of Mobile Security materials and resources.

Maintained by @vaib25vicky with contributions from the security and developer communities.

Contributing

Please refer to the contributing guide for details.

Android

• General

  • An Android Hacking Primer
  • Secure an Android Device
  • Security tips
  • OWASP Mobile Security Testing Guide
  • Security Testing for Android Cross Platform Application
  • Dive deep into Android Application Security
  • Pentesting Android Apps Using Frida
  • Mobile Security Testing Guide
  • Mobile Application Penetration Testing Cheat Sheet
  • Android Applications Reversing 101
  • Android Security Guidelines
  • Amandroid – A Static Analysis FrameworkA
  • Androwarn – Yet Another Static Code Analyzer
  • APK Analyzer – Static and Virtual Analysis Tool
  • APK Inspector – A Powerful GUI Tool
  • Android WebView Vulnerabilities
  • OWASP Mobile Top 10

• Books

  • SEI CERT Android Secure Coding Standard
  • Android Security Internals

• Courses

  • Learning-Android-Security
  • Mobile Application Security and Penetration Testing

• Tools

  • Static Analysis

    • Amandroid – A Static Analysis Framework
    • Androwarn – Yet Another Static Code Analyzer
    • APK Analyzer – Static and Virtual Analysis Tool
    • APK Inspector – A Powerful GUI Tool
    • Droid Hunter – Android application vulnerability analysis and Android pentest tool
    • Error Prone – Static Analysis Tool
    • Findbugs – Find Bugs in Java Programs
    • Find Security Bugs – A SpotBugs plugin for security audits of Java web applications.
    • Flow Droid – Static Data Flow Tracker
    • Smali/Baksmali – Assembler/Disassembler for the dex format
    • Smali-CFGs – Smali Control Flow Graph’s
    • SPARTA – Static Program Analysis for Reliable Trusted Apps
    • Thresher – To check heap reachability properties
    • Vector Attack Scanner – To search vulnerable points to attack
    • Gradle Static Analysis Plugin
    • Checkstyle – A tool for checking Java source code
    • PMD – An extensible multilanguage static code analyzer
    • Soot – A Java Optimization Framework
    • Android Quality Starter
    • QARK – Quick Android Review Kit
    • Infer – A Static Analysis tool for Java, C, C++ and Objective-C
    • Android Check – Static Code analysis plugin for Android Project
    • FindBugs-IDEA Static byte code analysis to look for bugs in Java code

  • Dynamic Analysis

    • Android Hooker - Opensource project for dynamic analyses of Android applications
    • AppAudit - Online tool ( including an API) uses dynamic and static analysis
    • AppAudit - A bare-metal analysis tool on Android devices
    • CuckooDroid - Extension of Cuckoo Sandbox the Open Source software
    • DroidBox - Dynamic analysis of Android applications
    • Droid-FF - Android File Fuzzing Framework
    • Drozer
    • Marvin - Analyzes Android applications and allows tracking of an app
    • Inspeckage
    • PATDroid - Collection of tools and data structures for analyzing Android applications
    • AndroL4b - Android security virtual machine based on ubuntu-mate
    • Radare2 - Unix-like reverse engineering framework and commandline tools
    • ByteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger)
    • Mobile-Security-Framework MobSF
    • CobraDroid - Custom build of the Android operating system geared specifically for application security

  • Android Online APK Analyzers

    • Android Observatory APK Scan
    • Android APK Decompiler
    • AndroTotal
    • NVISO ApkScan
    • VirusTotal
    • Scan Your APK
    • AVC Undroid
    • OPSWAT
    • ImmuniWeb Mobile App Scanner
    • Ostor Lab
    • Quixxi
    • TraceDroid
    • Visual Threat
    • App Critique

• Labs

• Misc.

  • Android-Reports-and-Resources
  • android-security-awesome

IOS

• General
  • Articles
  • Books
  • Classes
  • [Tools]