Displaying 1 to 19 from 19 results

apkleaks - Scanning APK file for URIs, endpoints & secrets.

  •    Python

Scanning APK file for URIs, endpoints & secrets. APKLeaks using jadx disassembler to decompile APK file. If it doesn't exist in your environment, it'll ask you to download.

Mobile-Security-Framework-MobSF - Mobile Security Framework is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static analysis, dynamic analysis, malware analysis and web API testing

  •    Python

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless. Your generous donations will keep us motivated.

cwac-security - CWAC-Security: Helping You Help Your Users Defend Their Data

  •    Java

This project contains utility code related to Android security measures. NOTE: the TrustManagerBuilder implementation in this project is deprecated, replaced by a similar class in the CWAC-NetSecurity library.

apk-medit - memory search and patch tool on debuggable apk without root & ndk

  •    Go

Apk-medit is a memory search and patch tool for debuggable apk without root & ndk. It was created for mobile game security testing. Many mobile games have rooting detection, but apk-medit does not require root privileges, so memory modification can be done without bypassing the rooting detection. Memory modification is the easiest way to cheat in games, it is one of the items to be checked in the security test. There are also cheat tools that can be used casually like GameGuardian. However, there were no tools available for non-root device and CUI. So I made it as a security testing tool. The version that targets iOS apps is aktsk/ipa-medit.

cwac-netsecurity - CWAC-NetSecurity: Simplifying Secure Internet Access

  •    Java

This library contains a backport of the Android 7.0 network security configuration subsystem. In Android 7.0, this subsystem makes it easier for developers to tie their app to particular certificate authorities or certificates, support self-signed certificates, and handle other advanced SSL certificate scenarios. This backport allows the same XML configuration to be used, going back to API Level 17 (Android 4.2). This library also offers a TrustManagerBuilder and related classes to make it easier for developers to integrate the network security configuration backport, particularly for OkHttp3 and HttpURLConnection.

r2d2 - An encryption decryption library for android

  •    Java

R2D2 Android uses Android Keystore to store passwords and other sensitive information for different API versions in an encrypted form. The android KeyStore handles the tasks like random key generation and securely storing them. It acts like a secure container. Now depending on the API version, the sensitive information is handled accordingly.

android-security - An app showcase of some techniques to improve Android app security

  •    Java

A sandbox app with some tools and code to help you to better secure your Android apps.

android-webauthn-authenticator - A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification

  •    Java

This library is meant to serve as an example implementation of the WebAuthn authenticator model. While the specification is currently in Candidate Recommendation, this library conforms as much as possible to the guidelines and implementation procedures outlined by the document. This implementation currently requires Android API level 28 (Android 9.0) due to the use of the BiometricPrompt.

android_permission_evolution - Analysis of the evolution of Android permissions


Analysis of the evolution of Android permissions. This repository contains the results presented in the paper "Small Changes, Big Changes: An Updated View on the Android Permission System". Since the appearance of Android, its permission system was central to many studies of Android security. For a long time, the previous description of the architecture provided by Enck et al. the seminal work "Understanding Android Security" was immutably used in various research papers. The introduction of highly anticipated runtime permissions in Android 6.0 forced us to reconsider this model.

BBoxTester - Tool to measure code coverage of Android applications when their source code is not available

  •    Python

BBoxTester is a framework able to generate code coverage reports and produce uniform coverage metrics in testing of the Android applications when the source code of them is not available. This work has been done at the University of Trento.

FSquaDRA - Fast detection of repackaged Android applications based on the comparison of resource files included into the package

  •    Java

FSquaDRA is a tool for detection of repackaged Android applications. The approach is based on the idea that repackaged applications want to maintain "look and feel" of the originals. Our tool computes Jaccard similarity over the set of digests of files included into Android package file. We use the digests precomputed during the application signing, thus, significantly improving the speed of apk comparison.

StaDynA - StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications


StaDynA is a system supporting security app analysis in the presence of dynamic code update features (dynamic class loading and reflection). Our tool combines static and dynamic analysis of Android applications in order to reveal the hidden/updated behavior and extend static analysis results with this information.

AMDH - Android Mobile Device Hardening

  •    Python

Android Mobile Device Hardening written with python3. AMDH was created to help automate scanning installed applications on Android devices, detect some known malware and also to protect privacy.

apkutil - a useful utility for android app security testing

  •    Python

apkutil is a useful utility for mobile security testing. This tool makes it easy to resign the APK, check for potentially sensitive files and AndroidManifest.xml in the APK. It is a wrapper for apktool and apksigner, aapt commands. I've only checked it works on macOS. iOS version is here.

aprox - android proxy setting tool

  •    Python

In the security test for android apps, we can specify a local proxy server or local DNS server from the Wifi settings and use a proxy tool to check request and response. Since it is troublesome to configure this from the GUI, we created this tool so that it can be configured from the CUI. Subcommands are assigned with alias, which is useful.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.