Mobile Pentesting

The Android APK file depends on 4 main components :-

  1. Activities : They dictate the UI and handle the user interaction to the smart phone screen

  2. Services : They handle background processing associated with an application

  3. Broadcast Receivers : They handle communication between Android OS and applications.

  4. Content Providers : They handle data and database management issues.

There are additional components which will be used in the construction of above mentioned entities, their logic, and wiring between them. These components are :-

  1. Fragments : Represents a portion of user interface in an Activity

  2. Views : UI elements that are drawn on-screen including buttons, lists forms etc

  3. Layouts : View hierarchies that control screen format and appearance of the views

  4. Intents : Messages wiring components together

  5. Resources : External elements, such as strings, constants and drawable pictures

  6. Manifest : Configuration file for the application

Every main component has it own functionality, which each one of them have different vulnerabilities.

All main components are configured in the manifest file AndroidManifest.xml

To read more about Android pentesting :

https://manifestsecurity.com/android-application-security/

https://book.hacktricks.xyz/mobile-pentesting/android-app-pentesting/android-applications-basics

To practice on mobile CTF challenges:

LogoGitHub - xtiankisutsa/awesome-mobile-CTF: This is a curated list of mobile based CTFs, write-ups and vulnerable apps. Most of them are android based due to the popularity of the platform.GitHub
LogoGitHub - TK757567/APK_LabsGitHub
PreviousAWS CognitoNextFrida

Last updated