Most Important Android Application Penetration Testing Checklist


Android Penetration Testing

Android is a mobile operating system developed by Google, based on a modified version of the Linux kernel and other open source software and designed primarily for touchscreen mobile devices such as smartphones and tablets. In addition, Google has further developed Android TV for televisions, Android Auto for cars, and Wear OS for wrist watches, each with a specialized user interface. Variants of Android are also used on game consoles, digital cameras, PCs and other electronics.

Android Penetration Testing is a process of testing and finding security issues in an android application. It involves decompiling, real-time analyzing and testing android application for security point of view.





Android Application Penetration Testing Checklist


Android is the biggest organized base of any mobile platform and developing fast—every day. Besides, Android is rising as the most extended operating system in this viewpoint because of different reasons.

However, as far as security, no data related to the new vulnerabilities that could prompt to a weak programming on this stage is being revealed, realizing that this stage has an outstanding attack surface.





Application Local Storage Flaws


Android gives a few alternatives to you to spare persevering application information. The storage you pick relies on upon your particular needs.

For example, regardless of whether the information should be private to your application or open to different applications (and the client) and how much space your data requires.


  • Sensible data found in logs and cache.
  • Putting away Sensitive Data on Shared Storage (presented to all applications with no restrictions).
  • Content Providers SQL Injection and Access Permissions.
  • Check if sensitive data stays there even after log out.
  • Privacy and Metadata Leaks.





IPC Security(Inter-process communication)


The Android IPC mechanisms allow you to verify the identity of the application connecting to your IPC and set security policy for each IPC mechanism.


  • Device Denial of Service attacks.
  • Permissions & Digital Signature Data Sharing Issues.
  • An illegitimate application could get access to sensitive data.
  • Uncovered Components and Cross-Application Authorization.





Business logic vulnerability

Vulnerabilities with components more centered around on design rather codification are incorporated. Both execution trick and the capacity of the application to work in a startling way influencing its work process are incorporated.


  • Check for server side validation.
  • Admin/user account compromise.
  • Check for root detection method/bypass it.
  • Bruteforce authentication.





Penetration Testing Android Server side checks


  • Check for client side injection (XSS).
  • Username enumeration.
  • SQL injection
  • Malicious file upload.
  • Check for all HTTP methods (PUT, DELETE etc. Use burp intruder using HTTP verb tampering).
  • Check for session management (cookie flaws, session overriding, session fixation etc.).
  • CAPTCHA implementation flaws & bypass.
  • Run nikto, dirb websever scanner.


SQL injection




Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Diploma in Network Security Training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Source Web Development

Source Code Review

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: