Free Android sec tools, resources and smartphonesdumbapps release

UPDATE: April 2nd – Added new pinning article thanks @an_animal!
UPDATE: Feb 14th – Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources!

Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component.  The purpose of this post is to try to get the average infosec person (or competent developer) up to speed asap.

Free Tools

NOTE: You need the Java source to do source code searches for insecure practices. jd-gui is just the best tool for this, unfortunately it’s a GUI tool so you’ll have to manually open the .jar file and then click on File / Save all Sources it to save all the .java files to disk:

Vulnerable Apps

Useful Presentations

On SSL validation and pinning


Further reading

P.S. If there is something useful I missed above, please let me know and I will update this blog post. Thank you in advance.