Guidelines for Android Pen Testing. This collection includes tools for Static analysis, Dynamic Analysis, Network Traffic Analyzer, and Anti-viruses as well as checklists for security assessment.
We recommend to utilize this tool.
- A complete assessment of application security
- It is based on Python (Django framework).
- Download from Mobile-Security-Framework-MobSF
- Open source
- Do not require root access
- It provides a user-friendly report
Dynamic security assessment for Android.
- Check vulnerability in components
- Create exploit for existing vulnerability
- It comes with an agent app you need to install it on the mobile and so, the drozer interacts with it using adb.
- Download from drozer
- Open source
- Does not require root access
- Sniff (monitor) connections established by device
- Installed on Android OS
- Download from F-Droid
- Open source
- Do not require root access
- Easy launching
- Display trafic per app: so, you can check your desire app's traffic
- Display all traffic outgoing your device
- either browser, applications, websocket, and so forth
- Shallow learning curve
- Unable to decrypt the SSL traffic
Genymotion
BlueStacks Android emulator
Android Studio's emulator
Mobile Security Testing Guide (MSTG). Github page