Use APKPure App
Get Android AppSec (Kotlin) (Beta) old version APK for Android
This app help developers make their apps more secure.
Android AppSec (Kotlin) app will help you to practice for Android Security points. We do it for the right reasons - to help developers make their apps more secure. The best way to verify that your app follows secure mobile development best practices is to perform security assessments of the app, which can include automated mobile app security testing, fuzzing, manual penetration testing, and more. This application represents some of the knowledge we share with the infosec community. We are trying to build a vulnerable application based on OWASP Mobile Security Testing Guide.
In this application we are covering below points:
1 HTTP Traffic
1.1 HTTP Traffic
1.2 HTTPS Traffic
2 Public Key Pinning
2.1-4 Certificate Pinning Bypass
3 Non-HTTP Traffic
3.1 TCP Traffic
3.2 UDP Traffic
4 WebSocket Traffic
4.1 Web Socket (WS)
4.2 Web Socket Secure (WSS)
5 Root Detection
5.1 Root Management Apps
5.2 Potentially Dangerous Apps
5.3 Root Cloaking Apps
5.4 Test Keys
5.5 Dangerous Props
5.6 BusyBox Binary
5.7 Su Binary
5.8 Su Exists
5.9 RW System
5.10 SafetyNet
5.11 Using running processes
6 Emulator detection
6.1 Virtual Phone Number
6.2 Device IDs
6.3 Hardware Specifications
6.4 QEmu Detection
6.5 File Based Checking
6.6 IP Based Checking
6.7 Package Name
6.8 Debug Flag
6.9 Network Operator Name
7 Anti-Debugging detection
8 Insecure Data Storage
8.1 SQLite Databases (Unencrypted)
8.2 SQLite Databases (Encrypted)
8.3 Realm Databases (Unencrypted)
8.4 Realm Databases (Encrypted)
8.5 Firebase Real-time Databases
8.6 Shared Preferences
8.7 Internal Storage
8.8 External Storage
8.9 KeyStore
8.10 KeyChain
8.11 Keyboard Cache
8.12 User Interface
8.13 App Backup
8.14 Screenshots
8.15 Memory
8.16 User Dictionary Cache
8.17 Paste Board
8.18 Activity data
9 Logs
9.1 Informational
9.2 Error
9.3 Warnings
9.4 Debug
9.5 Verbose
9.6 WTF
10 Content Providers
10.1 SQL Injection
10.2 File System Expose
11 Encryption
11.1 Message Authentication Codes
11.2 Message Digest
11.3 Signatures
11.4 Custom Implementations
11.5 Caesar Cipher
11.6 Weak Key Generation
11.7 Weak Random Number
11.8 Weaker Padding
12 Symmetric Encryption
12.1 DES
12.2 3DES
12.3 RC4
12.4 Blowfish
12.5 AES
12.6 Predictable Initialization Vector
13 Asymmetric Encryption
13.1 RSA
14 Hashing
14.1 MD4
14.2 MD5
14.3 SHA1
15 Authentication
15.1 Biometric
15.2 Confirm Credentials
15.3 2FA - OTP Leakage
15.4 2FA - Response Manipulation
15.5 2FA - Status Code Manipulation
15.6 2FA - OTP Brute-Force
15.7 2FA - OTP Brute-Force 2
15.8 2FA - Integrity Validation
15.9 Application lock
16 Binary Protection
16.1 Library (NDK)
16.2 Packers
16.3 Obfuscator
17 Device ID
17.1 SSAID/ANDROID_ID
17.2 Device Wi-Fi MAC
17.3 GPS Location
17.4 IMEI/ESN
17.5 MEID
17.6 IMSI
18 Web Application
18.1 HTML5 Controls
18.2 Bruteforce
18.3 Login Bypass - Cookies Manipulation
18.4 Encoding - Hashing
18.5 JavaScript - Info leak
18.6 Server Fingerprint
18.7 Client Side Validation Bypass
18.8 User Password Enumeration
18.9 OTP Bruteforce
18.10 JWT Misconfiguration
18.11 Guessable Session ID
18.12 REST API HTTP Methods
18.13 SSRF
18.14 XXE
18.15 Unrestricted File Upload
18.16-17 LFI-RFI
18.18 Deserialization
18.19 XPATH Injection
18.20 Metafiles - Info Leakage
18.21 RIA Cross Domain Policy
18.22 Default Credentials
18.23 OS Command Injection
18.24 S3 bucket misconfiguration
18.25 Path Traversal
18.26 Captcha Bypass
18.27 IP whitelisting Bypass
18.28 SSTI
18.29 Review comment and Metadata
18.30 Code Injection
18.31 Old Backup Files
18.32 Insecure Direct Object Reference
19 Miscellaneous
19.1 Deeplink
19.2 QR Code
19.3-7 Backdoor 1-5
It will be great if you can support and share your thoughts with us to improve this application.
Last updated on Sep 6, 2021
1. Code level changes for all task classes (Easy to understand code base for beginners during reversing)
2. Emoji added based on task progress ex. construction for the upcoming task
3. Enable 3 tasks in Emulator detection techniques
i . Device ID based detection id
ii. QEMU based device detection iPhone
iii. Emulator detection based on package name package
Uploaded by
Jahwar Barwary
Requires Android
Android 4.1+
Category
Report
Android AppSec (Kotlin) (Beta)
1.2 by hpAndro
Sep 6, 2021