maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update android-checklist.md

Browse Source
This commit is contained in:
SirBroccoli 2025-08-10 14:35:53 +02:00 committed by GitHub
parent 0f5849369b
commit ca8bc4e345
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mobile-pentesting/android-checklist.md
View File

@ -37,9 +37,6 @@
- [ ] Is there any [password hard coded or saved in disk](android-app-pentesting/index.html#poorkeymanagementprocesses)? Is the app [using insecurely crypto algorithms](android-app-pentesting/index.html#useofinsecureandordeprecatedalgorithms)? - [ ] Is there any [password hard coded or saved in disk](android-app-pentesting/index.html#poorkeymanagementprocesses)? Is the app [using insecurely crypto algorithms](android-app-pentesting/index.html#useofinsecureandordeprecatedalgorithms)?
- [ ] All the libraries compiled using the PIE flag? - [ ] All the libraries compiled using the PIE flag?
- [ ] Don't forget that there is a bunch of[ static Android Analyzers](android-app-pentesting/index.html#automatic-analysis) that can help you a lot during this phase. - [ ] Don't forget that there is a bunch of[ static Android Analyzers](android-app-pentesting/index.html#automatic-analysis) that can help you a lot during this phase.
#### 2023-2025 specific checks
- [ ] `android:exported` **mandatory on Android 12+** misconfigured exported components can lead to external intent invocation. - [ ] `android:exported` **mandatory on Android 12+** misconfigured exported components can lead to external intent invocation.
- [ ] Review **Network Security Config** (`networkSecurityConfig` XML) for `cleartextTrafficPermitted="true"` or domain-specific overrides. - [ ] Review **Network Security Config** (`networkSecurityConfig` XML) for `cleartextTrafficPermitted="true"` or domain-specific overrides.
- [ ] Look for calls to **Play Integrity / SafetyNet / DeviceCheck** determine whether custom attestation can be hooked/bypassed. - [ ] Look for calls to **Play Integrity / SafetyNet / DeviceCheck** determine whether custom attestation can be hooked/bypassed.
@ -64,9 +61,6 @@
- [ ] This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns). - [ ] This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
- [ ] Check for possible [Android Client Side Injections](android-app-pentesting/index.html#android-client-side-injections-and-others) (probably some static code analysis will help here) - [ ] Check for possible [Android Client Side Injections](android-app-pentesting/index.html#android-client-side-injections-and-others) (probably some static code analysis will help here)
- [ ] [Frida](android-app-pentesting/index.html#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...) - [ ] [Frida](android-app-pentesting/index.html#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
#### 2023-2025 attack surface additions
- [ ] Test for **Tapjacking / Animation-driven attacks (TapTrap 2025)** even on Android 15+ (no overlay permission required). - [ ] Test for **Tapjacking / Animation-driven attacks (TapTrap 2025)** even on Android 15+ (no overlay permission required).
- [ ] Attempt **overlay / SYSTEM_ALERT_WINDOW clickjacking** and **Accessibility Service abuse** for privilege escalation. - [ ] Attempt **overlay / SYSTEM_ALERT_WINDOW clickjacking** and **Accessibility Service abuse** for privilege escalation.
- [ ] Check if `adb backup` / `bmgr backupnow` can still dump app data (apps that forgot to disable `allowBackup`). - [ ] Check if `adb backup` / `bmgr backupnow` can still dump app data (apps that forgot to disable `allowBackup`).