Hacking and Pentesting Android Apps - Lite Edition
What you'll learn
- Learn the fundamentals of Android Application Security
- Learn the fundamentals of Penetration Testing Android Apps
- Learn how to identify the most common Android Application Vulnerabilities
- Learn to set up an Android App penetration testing lab
- Learn how insecure data storage issues can occur in Android Apps
- Learn how SQL Injection can occur in Mobile Apps
- Learn how to exploit leaky content providers
- Learn how intent filters are abused by attackers
- Learn how web views can be vulnerable
- Learn how to find hardcoded strings in APK files
- Learn how to find hardcoded strings in native libraries
- Learn how Android apps can leak sensitive data
Requirements
- This course starts from very basics and thus no prior experience is required
Description
Welcome to your first step into the world of mobile app security!
This entry-level course is designed specifically for those new to mobile application security, with a focus on the Android platform. Whether you're a student, developer, QA engineer, or aspiring ethical hacker, this course offers a hands-on and practical introduction to identifying and understanding real-world vulnerabilities in Android applications.
We use DIVA (Damn Insecure and Vulnerable App) — a publicly available, intentionally vulnerable Android app — as our core training environment. Through guided walkthroughs and interactive exercises, you will learn how to discover and exploit common Android app security issues in a controlled and ethical setting.
What You'll Learn
You’ll gain foundational knowledge and practical skills in identifying and analyzing vulnerabilities such as:
Insecure Data Storage (e.g., unencrypted SharedPreferences and databases)
Hardcoded Sensitive Data (e.g., API keys, passwords in source code)
Insecure Logging (e.g., leaking secrets to Logcat)
Exported Application Components (e.g., Activities, Services, and Broadcast Receivers accessible by other apps)
Input Validation Issues (e.g., SQL Injection in mobile apps)
Insecure Communication (e.g., unencrypted network traffic)
Hands-On Training
You won’t just read or watch — you’ll practice:
Using tools like ADB, JADX, Apktool
Analyzing APK files and decompiling Android apps
Performing static code analysis
Exploring how attackers can exploit app weaknesses
Bonus: Interactive Quiz Included
To help reinforce your learning, we’ve included a quiz based on the exercises from the course. This will help you:
Assess your understanding of Android vulnerabilities
Prepare for further mobile app security certifications
Engage in team discussions
Prerequisites
Basic knowledge of Android apps (how to install, use APKs)
Familiarity with the command line is helpful but not mandatory
No prior security experience needed!
Who this course is for:
- IT Professionals developing Android Apps
- Penetration Testers
- Ethical Hackers
- Anyone interested in Android App security
- Beginner cyber security enthusiasts curious about mobile app security
Featured review
Instructor
- 4.3 Instructor Rating
- 5,053 Reviews
- 43,142 Students
- 15 Courses
Srinivas is an Infosec professional with interest in teaching information security concepts. He is an OSCP and OSCE. He has extensive experience in penetration testing web, network and mobile apps. The aim of these courses is giving the best quality infosec courses at an affordable price. All of these courses contain hands on labs and very detailed explanations.