Explore Android as a Security Test Platform

I have previously blogged about the mobile pentest toolkit zANTI. They have a new version out with a handy GUI. This I use for proof-of-concept in private just to help my friends and family to get a better security mindset, e.g., how vulnerable you are on an open WIFI network. But there are more tools out there…

blogg1

In addition I would recommend those who are interested in exploring security tools for Android, to check out this site from Infosec Institute. They have listed the most common security and hacking apps for Android. dSniff, Shark for Root and Droidsheep are some of them.

In addition, I would also like to mention a few other sexy tools for Android, which can be used for, e.g., to check app permissions.

F-secure App Permissions:

  • Easy to use app, which gives you an overview of all apps you have installed
  • It shows all permissions the apps have, e.g., to gather personal data etc.
  • A nice feature is how it classify which apps may cost you money, or which ones can use more battery capacity, read personal info, location info, can use your camera etc.

Dexplorer:

  • Does as the name implies, can be used to explore .dex files (compiled Android application code file)
  • Can help you check main features and functions of the installed app, giving you a view of Java packages and files, view android manifest etc.

Apk extractor:

  • Easy to use tool to extract apk-files from installed apps
  • Can be send by email
  • Apk files can then easily be used to decompile the App, e.g., using apktool, dex2jar and JDgui