2020-01-02 18:43:39 +00:00
# awesome-mobile-security 
2020-01-02 17:06:26 +00:00
A curated list of Mobile Security materials and resources.
2020-01-02 18:43:39 +00:00
Maintained by [@vaib25vicky ](https://twitter.com/vaib25vicky ) with contributions from the security and developer communities.
## Contributing
[Please refer to the contributing guide for details ](CONTRIBUTING.md ).
2020-01-02 18:48:03 +00:00
## Android
2020-01-03 11:20:12 +00:00
### General
2020-01-02 18:48:03 +00:00
2020-01-03 11:20:12 +00:00
* [An Android Hacking Primer ](https://medium.com/swlh/an-android-hacking-primer-3390fef4e6a0 )
* [Secure an Android Device ](https://source.android.com/security )
* [Security tips ](https://developer.android.com/training/articles/security-tips )
* [OWASP Mobile Security Testing Guide ](https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide )
* [Security Testing for Android Cross Platform Application ](https://3xpl01tc0d3r.blogspot.com/2019/09/security-testing-for-android-app-part1.html )
* [Dive deep into Android Application Security ](https://blog.0daylabs.com/2019/09/18/deep-dive-into-Android-security/ )
* [Pentesting Android Apps Using Frida ](https://www.notsosecure.com/pentesting-android-apps-using-frida/ )
* [Mobile Security Testing Guide ](https://mobile-security.gitbook.io/mobile-security-testing-guide/ )
* [Mobile Application Penetration Testing Cheat Sheet ](https://github.com/sh4hin/MobileApp-Pentest-Cheatsheet )
* [Android Applications Reversing 101 ](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit )
* [Android Security Guidelines ](https://developer.box.com/en/guides/security/ )
* [Amandroid – ](http://pag.arguslab.org/argus-saf/ )
* [Androwarn – ](https://github.com/maaaaz/androwarn/ )
* [APK Analyzer – ](https://github.com/sonyxperiadev/ApkAnalyser )
* [APK Inspector – ](https://github.com/honeynet/apkinspector/ )
* [Android WebView Vulnerabilities ](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/ )
* [OWASP Mobile Top 10 ](https://www.owasp.org/index.php/OWASP_Mobile_Top_10 )
2020-01-02 19:46:17 +00:00
2020-01-03 11:31:48 +00:00
### Books
2020-01-02 19:46:17 +00:00
2020-01-03 11:20:12 +00:00
* [SEI CERT Android Secure Coding Standard ](https://www.securecoding.cert.org/confluence/display/android/Android+Secure+Coding+Standard )
* [Android Security Internals ](https://www.oreilly.com/library/view/android-security-internals/9781457185496/ )
2020-01-03 11:49:20 +00:00
* [Android Cookbook ](https://androidcookbook.com/ )
* [Android Hacker's Handbook ](https://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X )
* [Android Security Cookbook ](https://www.packtpub.com/in/application-development/android-security-cookbook )
* [The Mobile Application Hacker's Handbook ](https://www.amazon.in/Mobile-Application-Hackers-Handbook-ebook/dp/B00TSA6KLG )
* [Android Malware and Analysis ](https://www.oreilly.com/library/view/android-malware-and/9781482252200/ )
* [Android Security: Attacks and Defenses ](https://www.crcpress.com/Android-Security-Attacks-and-Defenses/Misra-Dubey/p/book/9780367380182 )
2020-01-02 18:48:03 +00:00
2020-01-03 11:31:48 +00:00
### Courses
2020-01-02 19:46:17 +00:00
2020-01-03 11:20:12 +00:00
* [Learning-Android-Security ](https://www.lynda.com/Android-tutorials/Learning-Android-Security/689762-2.html )
* [Mobile Application Security and Penetration Testing ](https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/ )
2020-01-03 11:49:20 +00:00
* [Advanced Android Development ](https://developer.android.com/courses/advanced-training/overview )
* [Learn the art of mobile app development ](https://www.edx.org/professional-certificate/harvardx-computer-science-and-mobile-apps )
2020-01-02 18:48:03 +00:00
2020-01-03 11:31:48 +00:00
### Tools
2020-01-02 18:48:03 +00:00
2020-01-03 11:31:48 +00:00
#### Static Analysis
* [Amandroid – ](http://pag.arguslab.org/argus-saf )
* [Androwarn – ](https://github.com/maaaaz/androwarn/ )
* [APK Analyzer – ](https://github.com/sonyxperiadev/ApkAnalyser )
* [APK Inspector – ](https://github.com/honeynet/apkinspector/ )
* [Droid Hunter – ](https://github.com/hahwul/droid-hunter )
* [Error Prone – ](https://github.com/google/error-prone )
* [Findbugs – ](http://findbugs.sourceforge.net/downloads.html )
* [Find Security Bugs – ](https://github.com/find-sec-bugs/find-sec-bugs/ )
* [Flow Droid – ](https://github.com/secure-software-engineering/FlowDroid )
* [Smali/Baksmali – ](https://github.com/JesusFreke/smali )
* [Smali-CFGs – ’ ](https://github.com/EugenioDelfa/Smali-CFGs )
* [SPARTA – ](https://www.cs.washington.edu/sparta )
* [Thresher – ](https://plv.colorado.edu/projects/thresher/ )
* [Vector Attack Scanner – ](https://github.com/Sukelluskello/VectorAttackScanner )
* [Gradle Static Analysis Plugin ](https://github.com/novoda/gradle-static-analysis-plugin )
* [Checkstyle – ](https://github.com/checkstyle/checkstyle )
* [PMD – ](https://github.com/pmd/pmd )
* [Soot – ](https://github.com/Sable/soot )
* [Android Quality Starter ](https://github.com/pwittchen/android-quality-starter )
* [QARK – ](https://github.com/linkedin/qark )
* [Infer – ](https://github.com/facebook/infer )
* [Android Check – ](https://github.com/noveogroup/android-check )
* [FindBugs-IDEA Static byte code analysis to look for bugs in Java code ](https://plugins.jetbrains.com/plugin/3847-findbugs-idea )
2020-01-02 19:46:17 +00:00
2020-01-03 11:31:48 +00:00
#### Dynamic Analysis
* [Android Hooker - Opensource project for dynamic analyses of Android applications ](https://github.com/AndroidHooker/hooker )
* [AppAudit - Online tool ( including an API) uses dynamic and static analysis ](http://appaudit.io/ )
* [AppAudit - A bare-metal analysis tool on Android devices ](https://github.com/ucsb-seclab/baredroid )
* [CuckooDroid - Extension of Cuckoo Sandbox the Open Source software ](https://github.com/idanr1986/cuckoo-droid )
* [DroidBox - Dynamic analysis of Android applications ](https://code.google.com/p/droidbox/ )
* [Droid-FF - Android File Fuzzing Framework ](https://github.com/antojoseph/droid-ff )
* [Drozer ](https://www.mwrinfosecurity.com/products/drozer/ )
* [Marvin - Analyzes Android applications and allows tracking of an app ](https://github.com/programa-stic/marvin-django )
* [Inspeckage ](https://github.com/ac-pm/Inspeckage )
* [PATDroid - Collection of tools and data structures for analyzing Android applications ](https://github.com/mingyuan-xia/PATDroid )
* [AndroL4b - Android security virtual machine based on ubuntu-mate ](https://github.com/sh4hin/Androl4b )
* [Radare2 - Unix-like reverse engineering framework and commandline tools ](https://github.com/radareorg/radare2 )
* [yteCodeViewer - Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger) ](https://bytecodeviewer.com/ )
* [Mobile-Security-Framework MobSF ](https://github.com/MobSF/Mobile-Security-Framework-MobSF )
* [CobraDroid - Custom build of the Android operating system geared specifically for application security ](https://thecobraden.com/projects/cobradroid/ )
2020-01-02 19:46:17 +00:00
2020-01-03 11:31:48 +00:00
#### Android Online APK Analyzers
* [Android Observatory APK Scan ](https://androidobservatory.org/upload )
* [Android APK Decompiler ](http://www.decompileandroid.com/ )
* [AndroTotal ](http://andrototal.org/ )
* [NVISO ApkScan ](https://apkscan.nviso.be/ )
* [VirusTotal ](https://www.virustotal.com/#/home/upload )
* [Scan Your APK ](https://scanyourapk.com/ )
* [AVC Undroid ](https://undroid.av-comparatives.org/index.php )
* [OPSWAT ](https://metadefender.opswat.com/#!/ )
* [ImmuniWeb Mobile App Scanner ](https://www.htbridge.com/mobile/ )
* [Ostor Lab ](https://www.ostorlab.co/scan/mobile/ )
* [Quixxi ](https://quixxisecurity.com/ )
* [TraceDroid ](http://tracedroid.few.vu.nl/submit.php )
* [Visual Threat ](http://www.visualthreat.com/UIupload.action )
* [App Critique ](https://appcritique.boozallen.com/ )
2020-01-02 19:46:17 +00:00
2020-01-03 11:31:48 +00:00
### Labs
2020-01-02 19:51:52 +00:00
2020-01-03 11:31:48 +00:00
* [DIVA (Damn insecure and vulnerable App) ](https://github.com/payatu/diva-android )
* [SecurityShepherd ](https://github.com/OWASP/SecurityShepherd )
* [Damn Vulnerable Hybrid Mobile App (DVHMA) ](https://github.com/logicalhacking/DVHMA )
* [OWASP-mstg ](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes )
* [VulnerableAndroidAppOracle ](https://github.com/dan7800/VulnerableAndroidAppOracle )
* [Android InsecureBankv2 ](https://github.com/dineshshetty/Android-InsecureBankv2 )
* [Purposefully Insecure and Vulnerable Android Application (PIIVA) ](https://github.com/htbridge/pivaa )
* [Sieve app ](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk )
* [DodoVulnerableBank ](https://github.com/CSPF-Founder/DodoVulnerableBank )
* [Digitalbank ](https://github.com/CyberScions/Digitalbank )
* [OWASP GoatDroid ](https://github.com/jackMannino/OWASP-GoatDroid-Project )
* [AppKnox Vulnerable Application ](https://github.com/appknox/vulnerable-application )
* [Vulnerable Android Application ](https://github.com/Lance0312/VulnApp )
* [MoshZuk ](https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apk )
* [Hackme Bank ](http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx )
* [Android Security Labs ](https://github.com/SecurityCompass/AndroidLabs )
* [Android-InsecureBankv2 ](https://github.com/dineshshetty/Android-InsecureBankv2 )
* [Android-security ](https://github.com/rafaeltoledo/android-security )
2020-01-03 11:20:12 +00:00
2020-01-03 11:31:48 +00:00
### Talks
2020-01-03 11:20:12 +00:00
2020-01-03 11:31:48 +00:00
* [One Step Ahead of Cheaters -- Instrumenting Android Emulators ](https://www.youtube.com/watch?v=L3AniAxp_G4 )
* [Vulnerable Out of the Box: An Evaluation of Android Carrier Devices ](https://www.youtube.com/watch?v=R2brQvQeTvM )
* [Rock appround the clock: Tracking malware developers by Android ](https://www.youtube.com/watch?v=wd5OU9NvxjU )
* [Chaosdata - Ghost in the Droid: Possessing Android Applications with ParaSpectre ](https://www.youtube.com/watch?v=ohjTWylMGEA )
* [Remotely Compromising Android and iOS via a Bug in Broadcom's Wi-Fi Chipsets ](https://www.youtube.com/watch?v=TDk2RId8LFo )
* [Honey, I Shrunk the Attack Surface – ](https://www.youtube.com/watch?v=EkL1sDMXRVk )
* [Hide Android Applications in Images ](https://www.youtube.com/watch?v=hajOlvLhYJY )
* [Scary Code in the Heart of Android ](https://www.youtube.com/watch?v=71YP65UANP0 )
* [Fuzzing Android: A Recipe For Uncovering Vulnerabilities Inside System Components In Android ](https://www.youtube.com/watch?v=q_HibdrbIxo )
* [Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library ](https://www.youtube.com/watch?v=s0Tqi7fuOSU )
* [Android FakeID Vulnerability Walkthrough ](https://www.youtube.com/watch?v=5eJYCucZ-Tc )
* [Unleashing D* on Android Kernel Drivers ](https://www.youtube.com/watch?v=1XavjjmfZAY )
* [The Smarts Behind Hacking Dumb Devices ](https://www.youtube.com/watch?v=yU1BrY1ZB2o )
* [Overview of common Android app vulnerabilities ](https://www.bugcrowd.com/resources/webinars/overview-of-common-android-app-vulnerabilities/ )
* [Android Dev Summit 2019 ](https://developer.android.com/dev-summit )
* [Android security architecture ](https://www.youtube.com/watch?v=3asW-nBU-JU )
2020-01-03 11:20:12 +00:00
2020-01-03 11:31:48 +00:00
### Misc.
2020-01-02 19:46:17 +00:00
2020-01-03 11:31:48 +00:00
* [Android-Reports-and-Resources ](https://github.com/B3nac/Android-Reports-and-Resources/blob/master/README.md )
* [android-security-awesome ](https://github.com/ashishb/android-security-awesome )
2020-01-03 11:49:20 +00:00
* [Android Penetration Testing Courses ](https://medium.com/mobile-penetration-testing/android-penetration-testing-courses-4effa36ac5ed )
2020-01-02 19:51:52 +00:00
2020-01-03 11:20:12 +00:00
2020-01-02 19:51:52 +00:00
## IOS
2020-01-03 11:31:48 +00:00
### General
2020-01-03 11:49:20 +00:00
### Books
### Courses
2020-01-03 11:31:48 +00:00
### Tools
### Labs
2020-01-03 11:49:20 +00:00
### Talks
2020-01-03 11:31:48 +00:00
### Misc.
2020-01-03 11:20:12 +00:00
2020-01-02 18:43:39 +00:00
