Mobile App Security

Platform for building SuperApps with miniapp containers and dev ecosystems

Mobile app security testing platform for Android and iOS apps

Mobile security testing platform for Android and iOS apps with SAST and DAST

AI-enhanced mobile app security scanner for Android & iOS with SAST/DAST

ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

A Scriptable Android Debugger for reverse engineers and developers.

Needle is a discontinued open source modular framework for iOS application security assessments that was compatible with iOS 9 and iOS 10 before being replaced by Objection.

A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

Automates the process of preparing Android APK files for HTTPS inspection

APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.

A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.

A collection of Android Applications with malware analysis results

App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.

A tool for extracting static and dynamic features from Android APKs.

Tools for working with Android .dex and Java .class files, including dex-reader/writer, d2j-dex2jar, and smali/baksmali.

A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.

RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.

Node library for calling Google Play APIs with Nexus device behavior.

Andromeda makes reverse engineering of Android applications faster and easier.

Original SmaliHook Java source for Android cracking and reversing.

A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.