An Open Source Android Applications Penetration Testing Lab

Sawan Bhan, Nisha TN

Today, the majority of people have become completely dependent on mobileapplications. These applications could be a gateway to sensitive data that attract more hackers. The Android penetration testing process helps to address security weaknesses or vulnerabilities in the Android platform. In this paper, we present different penetration tests (or pentests) for Android-based mobile applications in a very comprehensive manner. First, we explain how to set up a pentesting environment, including hardware/software requirements, USB debugging, and configuring a proxy.Next, weperform some of the most popular pen testing tools such as AFLogical, Dex2jar, JD-GUI, Apktool and Drozer by using Santoku Linux distribution. Finally, we conduct an Android repackaging attack on selected apps byusing Santoku Linux distribution and then demonstrate the attack on our Android VM. This work attempts to give developers and security professionals a step-by-step guide for Android mobile application pen testing.