pdf

penTest HackFest AndroidCodeInspection.pdf
Pentest Hackfest Androidcodeinspection

Guide to static and dynamic analysis of Android applications.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the main topic of the Android Code Inspection presentation?
    A: Static and dynamic analysis of Android applications for security vulnerabilities.
  • Q: What tool is recommended for decompiling Android APKs?
    A: JADX (or dex2jar + JD-GUI).
  • Q: What is the 'AndroidManifest.xml' file?
    A: A critical file that defines the app's structure, permissions, and components.
  • Q: What is 'Exported Activity' vulnerability?
    A: An activity that can be launched by other apps, potentially bypassing security checks.
  • Q: What is 'Hardcoded Secrets' analysis?
    A: Searching the code for API keys, passwords, or cryptographic keys.
  • Q: What tool is used for 'Dynamic Instrumentation'?
    A: Frida or Xposed Framework.
  • Q: What is 'Certificate Pinning' bypass?
    A: A technique to force an app to accept a proxy's certificate for traffic interception.
  • Q: What is 'Insecure Data Storage'?
    A: Storing sensitive data (like credentials) in plaintext in SharedPreferences or SQLite databases.
  • Q: What is 'Drozer'?
    A: A comprehensive security assessment framework for Android.
  • Q: What is the risk of 'WebView' vulnerabilities?
    A: They can allow Cross-Site Scripting (XSS) or access to local files from a web page.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.