Android App Security Auditing

Fri, June 12 - Sun, June 14, 2015 Sam Bowne

Entire Class Page · Home Page


Students will set up an environment that makes it easy to test Android apps for common security flaws such as insecure data transmission, insecure file storage, and data exposure in logs and memory dumps.

We will use Android Studio, Burp, VirtualBox, Genymotion, and the Google Play Store. Students need to have laptops. Macs and Linux machines work best, but Windows can also be used.

Reference Book

"Hacking Exposed Mobile: Security Secrets & Solutions", by Bergman, Stanfield, Rouse, Scambray, Geethakumar, Deshmukh, Matsumoto, Steven and Price, McGraw-Hill Osborne Media; 1 edition (July 9, 2013) ISBN-10: 0071817018 Buy from Amazon


Android Security Auditing (pptx)
Vulnerable Android Financial Apps

Project 1: Complete Android Auditing System

Do One of These

Ubuntu Prep for Android Security Auditing
Mac or Windows Prep for Android Security Auditing

Do All of These

Making a Signed App with Android Studio
Genymotion and Google Play for Android Security Audits
Observing the TD Ameritrade Log
Trojaning the Charles Schwab App


Genymotion & Burp Prep for Android Security Auditing

Project 2: SSL Auditing Proxy

Making an SSL Auditing Proxy with a Mac, Burp, and pf
Comparing Secure and Insecure iOS Apps (not public yet)

More Projects

More Projects
Last Updated: 6-14-15 6:42 am