Android Application Penetration Testing Raja Nagori

Static Analysis

• Extension is .xml • You’ll get basic information about the application • SDK version Android manifest file • Permission • Activities • Content Providers • Intent

• Doesn’t have any extension unfortunately • It defines what data and hardware component can be need at the runtime • Camera Permission • Internet • Access external storage • Bluetooth • ETC.

• It also do not have any extension too • UI element of the application or different screen in the application. (take example of Gpay) • First screen will show you Gpay Logo. Activities • Second will ask you the Fingerprint. • Third will display all the payment you did in past. NOTE: 1. Here INTENT is changing from one screen to other. 2. If you see exported=“True”

• Usually find in resources/strings.xml • Threat Vector Finding Hardcoded Strings • Login Bypass • URL’s Exposed • API Keys Exposed • Firebase URL’s

See you on next chapter of this series