Foundations of Hacking and Pentesting Android Apps

Explore insecure logging on Android, where logcat entries can reveal sensitive data like credit card numbers and API keys, and learn to detect and prevent these vulnerabilities.

Identify hardcoding vulnerabilities in Android apps by analyzing plain-text passwords in code and extracting strings from shared libraries to expose sensitive data.

Learn to set up a rooted Android emulator in Android Studio, enable root via ADB shell, and access data folders to assess insecure data storage and potential vulnerabilities.

Explore insecure data storage in Android apps by examining shared preferences, SQLite databases, and temp files, showing how rooted access can reveal user credentials and sensitive data.

Explore input validation vulnerabilities in Android apps, including sql injection via raw queries, insecure file access via url loading, and buffer overflow risks from shared libraries.

Install drozer by configuring Python and pip, install dependencies, and set up a tunnel to connect your device for automated testing of Android apps for content provider sql injections.

Explore how to detect an Android app's attack surface by using information gathering commands to enumerate packages, inspect the manifest, and scan for exploitable components like activities, providers, and services.

learn to identify improper access control from exported activities, inspect the android manifest for exported components, and test with commands to launch sensitive activities like api credentials.