Mobile Security

DroidRA is an instrumentation-based Android security analysis tool that improves the accuracy of reflective call analysis through composite constant propagation techniques.

A collection of mobile security resources with tools, white papers, ebooks, and webinars.

AndroBugs Framework is an Android vulnerability analysis system that scans mobile applications for security vulnerabilities, missing best practices, and dangerous shell commands.

Linux Virtual Machine for Mobile Application Pentesting and Mobile Malware Analysis with various tools and resources.

idb is a tool that simplifies iOS penetration testing and security research tasks, available in both command line and GUI versions.

A modular Python tool that obfuscates Android applications by manipulating decompiled smali code, resources, and manifest files without requiring source code access.

An Emacs major mode that provides syntax highlighting and enhanced readability for smali code files used in Android malware analysis.

Introspy-Android is a dynamic analysis framework that hooks Android APIs at runtime to monitor application behavior and identify security vulnerabilities on rooted devices.

APKiD is a tool that identifies compilers, packers, obfuscators, and other weird stuff in APK files.

An open-source tool for detecting and analyzing Android apps' vulnerabilities and security issues.

A tool for dynamic analysis of mobile applications in a controlled environment.

A command-line tool for downloading Android APK files from the Appland platform via npm installation.

FSquaDRA detects repackaged Android applications by computing Jaccard similarity over file digests within APK packages using pre-computed signing digests for improved performance.

Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.

CuckooDroid extends Cuckoo Sandbox to provide automated dynamic analysis of Android applications in a controlled sandbox environment.

Realtime privacy monitoring service for smartphones that analyzes how apps handle private information.

NSA's cybersecurity advisories and guidance on evolving threats and mitigations.

Runtime mobile exploration toolkit powered by Frida for assessing mobile app security without jailbreak.

A web-based Android application dynamic analysis tool that provides real-time Frida instrumentation capabilities through a Flask interface with modular JavaScript hooking support.

House: A runtime mobile application analysis toolkit with a Web GUI, powered by Frida, written in Python.

A command-line tool for extracting data from iOS mobile device backups created by iTunes on macOS systems.

Comprehensive manual for mobile app security testing and reverse engineering with technical processes for verifying controls.

iOS application for testing iOS penetration testing skills in a legal environment.

Mobile Audit is a Docker-based SAST and malware analysis tool that performs comprehensive security analysis of Android APK files, including vulnerability detection, certificate verification, and Virus Total integration.