Mobile Security

A tool for dynamic analysis of mobile applications in a controlled environment.

A command-line tool for downloading Android APK files from the Appland platform via npm installation.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.

CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.

Realtime privacy monitoring service for smartphones that analyzes how apps handle private information.

NSA's cybersecurity advisories and guidance on evolving threats and mitigations.

Runtime mobile exploration toolkit powered by Frida for assessing mobile app security without jailbreak.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.

Comprehensive manual for mobile app security testing and reverse engineering with technical processes for verifying controls.

iOS application for testing iOS penetration testing skills in a legal environment.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.

A digital forensics tool that extracts and exports location database contents from iOS and macOS devices in KML or CSV formats.

A forensic toolkit for analyzing Android and iOS devices to detect potential spyware infections and security compromises using indicators of compromise.

Web-based tool for browsing mobile applications sandbox and previewing SQLite databases.

Argus-SAF is a static analysis framework for security vetting Android applications.

An Android-based self-defense application against forensic imaging tools like Cellebrite UFED.

A behavior-based malware detection system for Android platforms that uses crowdsourcing to detect anomalies and malware in applications.

CFGScanDroid is a Java utility that compares control flow graph signatures to Android method control flow graphs for malicious application detection.

A lightweight library for device identification and fingerprinting, written in Kotlin and 100% crash-free.

ConDroid is a concolic execution framework for Android applications that automates dynamic analysis by driving execution to specific code locations without manual interaction.

A collection of security reports and resources documenting various Android application vulnerabilities including hardcoded credentials, insecure deeplinks, and code execution flaws.