Mobile App Security for Android Security

ImmuniWeb MobileSuite is a mobile application penetration testing platform that combines AI-powered automation with manual security testing to assess mobile apps and their backend infrastructure for security vulnerabilities and compliance requirements.

A comprehensive Android application analysis tool that provides device management, logcat analysis, file examination, and integration with security frameworks like MobSF and JD-GUI.

APKLeaks is a command-line tool that scans Android APK files to identify embedded URIs, endpoints, and secrets for security assessment purposes.

An unofficial Python API that enables programmatic searching, browsing, and downloading of Android apps from Google Play Store.

A deliberately vulnerable Android application containing multiple security flaws designed for educational purposes and security training.

A security checklist based on OWASP standards that provides comprehensive guidelines for designing, testing, and releasing secure Android applications.

An open-source dynamic analysis framework that intercepts and monitors API calls in Android applications using the Android Substrate framework.

AppMon is a Frida-based automated framework for monitoring and tampering with system API calls across macOS, iOS, and Android applications.

RiskInDroid is a machine learning-based tool that performs quantitative risk analysis of Android applications by reverse engineering bytecode and analyzing permission usage to generate numeric risk scores.

A security policy enforcement framework for Android applications that uses bytecode rewriting and in-place reference monitoring to inject security controls into APK files.

Docker file for building Androguard dependencies with an optional interactive shell environment.

AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.

An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

A command-line tool for downloading Android APK files from the Appland platform via npm installation.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.

Runtime mobile exploration toolkit powered by Frida for assessing mobile app security without jailbreak.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

Redexer is a reengineering tool that parses, analyzes, and modifies Android DEX files for binary manipulation and permission analysis.

ReFlutter is a reverse engineering framework that uses patched Flutter libraries to enable dynamic analysis and traffic monitoring of Flutter mobile applications on Android and iOS platforms.

A command-line Android APK vulnerability analyzer written in Rust that decompresses and scans APK files using rule-based detection to identify security issues.