Awesome Android Security

Theory

• Android Kernel Exploitation
• Hacking Android Apps with Frida
• Android Frida Scripts
• Real-time Kernel Protection (RKP)
• Breaking TEE Security
• Android Developer Fundamentals
• Android Security Lecture : Professor 허준영 lecture material
• Android Pentesting Checklist
• OWASP Mobile Security Testing Guide (MSTG)
• OWASP Mobile Application Security Verification Standard (MASVS)
• Frida Cheatsheet and Code Snippets for Android

Report

2018

• [Report] Writing the worlds worst Android fuzzer

2019

• [Report] Samsung Galaxy Apps Store RCE via MITM Unable to connect

2020

• [Report] Flaws in ‘Find My Mobile’ exposed Samsung phones to hack
• [Report] Project Zero : MMS Exploit
• [Report] Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
  • [Speaker] Beyond Root
• [Report] Arbitrary code execution on Facebook for Android through download feature
• [Report] Samsung S20 - RCE via Samsung Galaxy Store App
• [Report] Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
• [Report] Exploiting CVE-2020-0041 - Part 2: Escalating to root

2021

• [Report] In-the-Wild Series: Android Exploits
• [Report] Data Driven Security Hardening in Android
• [Report] An apparently benign app distribution scheme which has all it takes to turn (very) ugly
• [Report] Android Kernel Privilege Escalation (CVE-2020-11239)
  • [PoC] Exploit for Qualcomm CVE-2020-11239
• [Report] Two weeks of securing Samsung devices
• [Report] Why dynamic code loading could be dangerous for your apps: a Google example
• [Report] Exploiting memory corruption vulnerabilities on Android
• [Report] Common mistakes when using permissions in Android
• [Report] Android security checklist: WebView
• [Report] Use cryptography in mobile apps the right way

2022

• [Report] RCE IN ADOBE ACROBAT READER FOR ANDROID (CVE-2021-40724)
• [Report] The Dirty Pipe Vulnerability (CVE-2022-0847)
  • [PoC] DirtyPipe for Android
  • Video

Paper

2015

• [Paper] Fuzzing Android: a recipe for uncovering vulnerabilities inside system components in Android

2016

• [Paper] STAB Fuzzing: A Study of Android's Binder IPC and Linux/Android Fuzzing
• [Paper] 안드로이드 장치 드라이버에 대한 효과적 취약점 탐지 기법

2019

• [Paper] Dynamic Security Analysis of the LTE Control Plane)

2020

• [Paper] 악성 안드로이드 앱 탐지를 위한 개선된 특성 선택 모델
• [Paper] 안드로이드 애플리케이션 환경에서 CFI 우회 공격기법 연구
• [Paper] An Empirical Study of Android Security Bulletins in Different Vendors
• [Paper] Research on Note-Taking Apps with Security Features
• [Paper] Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users

2021

• [Paper] FraudDetective： 안드로이드 모바일 광고 사기 탐지 및 사기 발생의 인과관계 분석
• [Paper] 안드로이드 저장소 취약점을 이용한 악성 행위 분석 및 신뢰실행환경 기반의 방어 기법
• [Paper] 사용자 맞춤형 서버리스 안드로이드 악성코드 분석을 위한 전이학습 기반 적응형 탐지 기법

2022

• [Paper] DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
  • [Report] KAIST 연구진, 이동통신 단말 보안 테스트 기술로 구현 오류 22건 발견
• [Paper] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
  • [PoC] Keybuster

Speaker

2017

• [Speaker] A Whole New Efficient Fuzzing Strategy for Stagefright

2019

• [Speaker] KNOX Kernel Mitigation Bypasses
• [Speaker] Android Security Internals
  • Presentation Slides
• [Speaker] Fuzzing OP -TEE with AFL

2020

• [Speaker] Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
• [Speaker] Samsung Security Tech Forum 2020
• [Speaker] Qualcomm Compute DSP for Fun and Profit
• [Speaker] PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
  • Presentation Slides
  • Paper

2021

• [Speaker] Exploring & Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
  • Presentation Slides
  • Paper
• [Speaker] Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
  • Presentation Slides
• [Speaker] Breaking Secure Bootloaders
  • Presentation Slides
• [Speaker] Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
  • Presentation Slides
• [Speaker] Blowing the Cover of Android Binary Fuzzing Unable to connect
  • [Speaker] 3rd Real World CTF: Blowing the cover of android binary fuzzing
• [Speaker] Samsung Security Tech Forum 2021
• [Speaker] Emulating Samsung's Baseband for Security Testing
  • Presentation Slides
• [Speaker] Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication
  • Presentation Slides
• [Speaker] Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones
  • Presentation Slides
  • Paper

2022

• [Speaker] A Deep Dive into Privacy Dashboard of Top Android Vendors
  • Presentation Slides
• [Speaker] Hand in Your Pocket Without You Noticing: Current State of Mobile Wallet Security
• [Speaker] Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
  • Presentation Slides

Tools

Static / Dynamic Analysis

• JEB Decompiler : Powerful Integrated Analysis Tools
• IDA Pro : Powerful Integrated Analysis Tools
• APKLab : APK Integration Tool in VSCode
• Mobile Security Framework (MobSF) : Online Service
• Apktool : APK Files Reverse Engineering
• Bytecode Viewer : Java Reverse Engineering
• JD-GUI : Java Decompiler
• JADX : DEX to Java Decompiler
• RMS-Runtime-Mobile-Security : Manipulate Android and iOS Apps at Runtime
• APKLeaks : Scanning APK File for URIs, Endpoints & Secrets
• Apkingo : APK Details Exploration Tool

Online Analysis

• Oversecured : Paid Use
• Virustotal : Free Use

Forensisc Analysis

• MAGNET Forensisc : Powerful Integrated Analysis Tools
• Autopsy : End-To-End Open Source Digital Forensics Platform
• Wireshark : Network Protocol Analyzer

Fuzzer

• Android-afl : Android-enabled Version of AFL
• LibFuzzer : A Library For Coverage-Guided Fuzz Testing
• Droid : Android Application Fuzzing Framework
• Droid-ff : Android File Fuzzing Framework
• DoApp : A Smart Android Fuzzer For The Future
• DIFUZER : Fuzzer for Linux Kernel Drivers
• LTEFuzz : LTE Network Exception Handling Testing, KAIST

Root

• Magisk : Provide Root Access for Applications
• Odin : Samsung Root Software

Malware

• Quark Engine : An Obfuscation-Neglect Android Malware Scoring System
• AhMyth Android Rat : Sample Malware Production Tool
• TheFatRat : An Exploiting Tool which Compiles a Malware

Virtual / Build / Source

• Android Open Source Project (AOSP) : QEMU(Quick Emulator) Hypervisor
• Android Studio : Android Virtual Device (AVD) Manager
• Android x86 : Android Virtual Emulator
• Nox Player : Android Virtual Emulator
• Samsung Open Source : Kernel, Platform Open Source
• SamFw : [Web] Android Firmware
• Frija : [Software] Android Firmware

Etc

• Scrcpy : ADB Based Android Screen Sharing Tool
• GDB : APK Library Analysis Tools
• PEDA-ARM : ARM Architecture GDB PEDA Plug-in
• Termux : Android Terminal Emulator and Linux Environment App
• Diffuse : APK, AAB, AAR, and JAR Diffing Tool

Other

BugBounty

• Samsung Mobile Security
• Google Application Security
• BugCrowd

CVE / SVE

• Google(Android) CVE DataBase
• Samsung CVE DataBase
• Samsung SVE DataBase

Blog / Site / Git

• Oversecured Blog : Technology Blog
• ESTsecurity Blog : [KOR] Issue Blog
• BlackHat : International Security Conference
• Bug Bounty Hunting Search Engine
• Awesome-Android-Security #1
• Awesome-Android-Security #2
• Awesome-Android-Security #3
• Android Malware 2021
• TEE Basics & General : TEE Resources
• Mobile CTF challenges
• SamMobile : Community Site
• XDA Developers : Community Site
• Cyber Security RSS : Security Issue Collection Site

SNS

• Android Infosecurity
• ExploitWareLabs

Samsung Mobile Security Statistics

* Please note that the statistics are not accurate.

Backers

Thank you to all our supporters! 🙏

* Please, consider supporting my work as a lot of effort takes place to generate this list! Thanks a lot.

⬆ back to top

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

If you have any question about this opinionated list, do not hesitate to contact me @NetKingJ on Facebook or open an issue on GitHub.