Thursday, 14 February 2013

Free Android sec tools, resources and smartphonesdumbapps release

UPDATE: April 2nd - Added new pinning article thanks @an_animal!
UPDATE: Feb 14th - Added (draft, initial) forensics section, Added pinning links, thanks @an_animal for most pinning resources!

Android Security is like IPv6: It will catch you sooner or later :). It is becoming more common for Web Applications to involve a Mobile Application component.  The purpose of this post is to try to get the average infosec person (or competent developer) up to speed asap.

Free Tools
NOTE: You need the Java source to do source code searches for insecure practices. jd-gui is just the best tool for this, unfortunately it's a GUI tool so you'll have to manually open the .jar file and then click on File / Save all Sources it to save all the .java files to disk:
Vulnerable Apps
Useful Presentations
On SSL validation and pinning

Further reading

P.S. If there is something useful I missed above, please let me know and I will update this blog post. Thank you in advance.