Displaying 1 to 11 from 11 results

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

cwac-security - CWAC-Security: Helping You Help Your Users Defend Their Data

  •    Java

This project contains utility code related to Android security measures. NOTE: the TrustManagerBuilder implementation in this project is deprecated, replaced by a similar class in the CWAC-NetSecurity library.

cwac-netsecurity - CWAC-NetSecurity: Simplifying Secure Internet Access

  •    Java

This library contains a backport of the Android 7.0 network security configuration subsystem. In Android 7.0, this subsystem makes it easier for developers to tie their app to particular certificate authorities or certificates, support self-signed certificates, and handle other advanced SSL certificate scenarios. This backport allows the same XML configuration to be used, going back to API Level 17 (Android 4.2). This library also offers a TrustManagerBuilder and related classes to make it easier for developers to integrate the network security configuration backport, particularly for OkHttp3 and HttpURLConnection.

r2d2 - An encryption decryption library for android

  •    Java

R2D2 Android uses Android Keystore to store passwords and other sensitive information for different API versions in an encrypted form. The android KeyStore handles the tasks like random key generation and securely storing them. It acts like a secure container. Now depending on the API version, the sensitive information is handled accordingly.




android-security - An app showcase of some techniques to improve Android app security

  •    Java

A sandbox app with some tools and code to help you to better secure your Android apps.

android-webauthn-authenticator - A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification

  •    Java

This library is meant to serve as an example implementation of the WebAuthn authenticator model. While the specification is currently in Candidate Recommendation, this library conforms as much as possible to the guidelines and implementation procedures outlined by the document. This implementation currently requires Android API level 28 (Android 9.0) due to the use of the BiometricPrompt.

android_permission_evolution - Analysis of the evolution of Android permissions

  •    

Analysis of the evolution of Android permissions. This repository contains the results presented in the paper "Small Changes, Big Changes: An Updated View on the Android Permission System". Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the previous description of the architecture provided by Enck et al. the seminal work "Understanding Android Security" was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model.

BBoxTester - Tool to measure code coverage of Android applications when their source code is not available

  •    Python

BBoxTester is a framework able to generate code coverage reports and produce uniform coverage metrics in testing of the Android applications when the source code of them is not available. This work has been done at the University of Trento.


FSquaDRA - Fast detection of repackaged Android applications based on the comparison of resource files included into the package

  •    Java

FSquaDRA is a tool for detection of repackaged Android applications. The approach is based on the idea that repackaged applications want to maintain "look and feel" of the originals. Our tool computes Jaccard similarity over the set of digests of files included into Android package file. We use the digests precomputed during the application signing, thus, significantly improving the speed of apk comparison.

StaDynA - StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications

  •    

StaDynA is a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). Our tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.