Awesome
Awesome Android Security
Theory
- Android Kernel Exploitation
- Hacking Android Apps with Frida
- Android Frida Scripts
- Real-time Kernel Protection (RKP)
- Android Developer Fundamentals
- Android Security Lecture : Professor 허준영 lecture material
- Android Pentesting Checklist
- OWASP Mobile Security Testing Guide (MSTG)
- OWASP Mobile Application Security Verification Standard (MASVS)
- Frida Cheatsheet and Code Snippets for Android
- Frida HandBook
- Android App Security Checklist
- Android Vulnerabilities : Oversecured's Android Vulnerability List
- Interception of Android implicit intents
- Common mistakes when using permissions in Android
Report
2018
2019
2020
- [Report] Flaws in ‘Find My Mobile’ exposed Samsung phones to hack
- [Report] Project Zero : MMS Exploit
- [Report] Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
- [Speaker] Beyond Root
- [Report] Arbitrary code execution on Facebook for Android through download feature
- [Report] Samsung S20 - RCE via Samsung Galaxy Store App
- [Report] Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
- [Report] Exploiting CVE-2020-0041 - Part 2: Escalating to root
- [Report] Breaking TEE Security Part 1: TEEs, TrustZone and TEEGRIS
- [Report] Breaking TEE Security Part 2: Exploiting Trusted Applications (TAs)
- [Report] Breaking TEE Security Part 3: Escalating Privileges
2021
- [Report] In-the-Wild Series: Android Exploits
- [Report] Data Driven Security Hardening in Android
- [Report] An apparently benign app distribution scheme which has all it takes to turn (very) ugly
- [Report] Android Kernel Privilege Escalation (CVE-2020-11239)
- [PoC Code] Exploit for Qualcomm CVE-2020-11239
- [Report] Two weeks of securing Samsung devices
- [Report] Why dynamic code loading could be dangerous for your apps: a Google example
- [Report] Exploiting memory corruption vulnerabilities on Android
- [Report] Common mistakes when using permissions in Android
- [Report] Android security checklist: WebView
- [Report] Use cryptography in mobile apps the right way
- [Report] Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- [Report] Exploring intent-based Android security vulnerabilities on Google Play (Part 1/3)
- [Report] Hunting intent-based Android security vulnerabilities with Snyk Code (Part 2/3)
- [Report] Mitigating and remediating intent-based Android security vulnerabilities (Part 3/3)
2022
- [Report] RCE IN ADOBE ACROBAT READER FOR ANDROID (CVE-2021-40724)
- [Report] The Dirty Pipe Vulnerability (CVE-2022-0847)
- [PoC Code] DirtyPipe for Android
- PoC Video
- [Report] SSD Advisory – Galaxy Store Applications Installation/Launching without User Interaction
- [Report] Auth Bypass in com.google.android.googlequicksearchbox
- [Report] Accidental $70k Google Pixel Lock Screen Bypass
- [PoC Video] Pixel 6 Full Lockscreen Bypass POC
- [Bug Report] Complete Lock Screen Bypass on Google Pixel devices
- [Bug Patch] aosp-mirror/platform_frameworks_base
- [Report] Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
2023
- [Report] Pwning the all Google phone with a non-Google bug
- [PoC Code] Exploit for CVE-2022-38181
- [PoC Code] Exploit for CVE-2022-20186
- [Report] Protecting Android clipboard content from unintended exposure
- [Report] The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
- [Report] ARM TrustZone: pivoting to the secure world
Paper
2015
- [Paper] Fuzzing Android: a recipe for uncovering vulnerabilities inside system components in Android
2017
2016
- [Paper] STAB Fuzzing: A Study of Android's Binder IPC and Linux/Android Fuzzing
- [Paper] 안드로이드 장치 드라이버에 대한 효과적 취약점 탐지 기법
2019
2020
- [Paper] 악성 안드로이드 앱 탐지를 위한 개선된 특성 선택 모델
- [Paper] 안드로이드 애플리케이션 환경에서 CFI 우회 공격기법 연구
- [Paper] An Empirical Study of Android Security Bulletins in Different Vendors
- [Paper] Research on Note-Taking Apps with Security Features
- [Paper] Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users
2021
- [Paper] FraudDetective: 안드로이드 모바일 광고 사기 탐지 및 사기 발생의 인과관계 분석
- [Paper] 안드로이드 저장소 취약점을 이용한 악성 행위 분석 및 신뢰실행환경 기반의 방어 기법
- [Paper] 사용자 맞춤형 서버리스 안드로이드 악성코드 분석을 위한 전이학습 기반 적응형 탐지 기법
2022
- [Paper] DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
- [Paper] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
- [PoC Code] Keybuster
- [Paper] ARM 캐시 일관성 인터페이스를 이용한 안드로이드OS 의 스크린 잠금 기능 부채널 공격
- [Paper] GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
- [Paper] SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android
- [Paper] insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers
- [Paper] FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- [Paper] Large-scale Security Measurements on the Android Firmware Ecosystem
- [Paper] GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line
- [Paper] VirtualPatch: fixing Android security vulnerabilities with app-level virtualization
- [Paper] Implication of animation on Android security
- [Paper] Android Native Library Fuzzing
- [Paper] Implementasi Static Analysis Dan Background Process Untuk Mendeteksi Malware Pada Aplikasi Android Dengan Mobile Security Framework
- [Paper] CREDENTIAL ANALYSIS FOR SECURITY CONFIGURATION ON CUSTOM ANDROID ROM
2023
- [Paper] Assessing the security of inter-app communications in android through reinforcement learning
- [Paper] Android Malware Detection Based on Program Genes
- [Paper] ImageDroid: Using Deep Learning to Efficiently Detect Android Malware and Automatically Mark Malicious Features
- [Paper] MVDroid: an android malicious VPN detector using neural networks
- [Paper] Security and Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking System
Speaker
2017
2019
- [Speaker] KNOX Kernel Mitigation Bypasses
- [Speaker] Android Security Internals
- [Speaker] Fuzzing OP -TEE with AFL
2020
- [Speaker] Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
- [Speaker] Samsung Security Tech Forum 2020
- [Speaker] Qualcomm Compute DSP for Fun and Profit
- [Speaker] PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
2021
- [Speaker] Exploring & Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
- [Speaker] Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
- [Speaker] Breaking Secure Bootloaders
- [Speaker] Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
[Speaker] Blowing the Cover of Android Binary FuzzingUnable to connect- [Speaker] Samsung Security Tech Forum 2021
- [Speaker] Emulating Samsung's Baseband for Security Testing
- [Speaker] Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication
- [Speaker] Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones
- [Speaker] HOOKA: Deep Dive Into ARTAndroid Runtime For Dynamic Binary Analysis
2022
- [Speaker] A Deep Dive into Privacy Dashboard of Top Android Vendors
- [Speaker] Hand in Your Pocket Without You Noticing: Current State of Mobile Wallet Security
- [Speaker] Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
- [Speaker] DroidGuard: A Deep Dive into SafetyNet
- [Speaker] Android static taint analysis 기법과 발전 방향
- [Speaker] Android 12에서 Dynamic Taint Analysis 기법을 이용한 Kakao talk의 복호화
- [Video] Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?
- [Speaker] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
- [Speaker] Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
- [Speaker] Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip
- Presentation Slides
- [Tool] Titan M tools
- [Speaker] Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
2023
- [Presentation Slides] Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13
- [Presentation Slides] Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
- [Presentation Slides] Revisiting Stealthy Sensitive Information Collection from Android Apps
- [Presentation Slides] The Art of Rooting Android devices by GPU MMU features
- [Video] Android 13 LPE
- [Video] Attacking NPUs of Multiple Platforms
Tools
Static / Dynamic Analysis
- JEB Decompiler : Powerful Integrated Analysis Tools
- IDA Pro : Powerful Integrated Analysis Tools
- Mobile Security Framework (MobSF) : Online Service Integrated Analysis Tools
- Frida : Dynamic Instrumentation Toolkit
- Apktool : APK Files Reverse Engineering
- Bytecode Viewer : Java Reverse Engineering
- JD-GUI : Java Decompiler
- JADX : DEX to Java Decompiler
- RMS-Runtime-Mobile-Security : Manipulate Android and iOS Apps at Runtime
- APKLeaks : Scanning APK File for URIs, Endpoints & Secrets
- Apkingo : APK Details Exploration Tool
- APKLab : APK Integration Tool in VSCode
Online Analysis
- Oversecured : Paid Use
- Virustotal : Free Use
Forensisc Analysis
- MAGNET Forensisc : Powerful Integrated Analysis Tools
- Autopsy : End-To-End Open Source Digital Forensics Platform
- Wireshark : Network Protocol Analyzer
Fuzzer
- Android-afl : Android-enabled Version of AFL
- LibFuzzer : A Library For Coverage-Guided Fuzz Testing
- Droid : Android Application Fuzzing Framework
- Droid-ff : Android File Fuzzing Framework
- DoApp : A Smart Android Fuzzer For The Future
- DIFUZER : Fuzzer for Linux Kernel Drivers
- LTEFuzz : LTE Network Exception Handling Testing, KAIST
Root
Malware
- Quark Engine : An Obfuscation-Neglect Android Malware Scoring System
- AhMyth Android Rat : Sample Malware Production Tool
- TheFatRat : An Exploiting Tool which Compiles a Malware
Virtual / Build / Source
- Android Open Source Project (AOSP) : QEMU(Quick Emulator) Hypervisor
- Android Studio : Android Virtual Device (AVD) Manager
- Android x86 : Android Virtual Emulator
- Nox Player : Android Virtual Emulator
- Samsung Open Source : Kernel, Platform Open Source
- SamFw : [Web] Android Firmware
- Frija : [Software] Android Firmware
Etc
- Scrcpy : ADB Based Android Screen Sharing Tool
- GDB : APK Library Analysis Tools
- PEDA-ARM : ARM Architecture GDB PEDA Plug-in
- Termux : Android Terminal Emulator and Linux Environment App
- [Plugin] PRoot Distro : A Bash script wrapper for utility proot
- Diffuse : APK, AAB, AAR, and JAR Diffing Tool
Other
BugBounty
CVE / SVE
Blog / Site / Git
- Oversecured Blog : Technology Blog
- ESTsecurity Blog : [KOR] Issue Blog
- BlackHat : International Security Conference
- Bug Bounty Hunting Search Engine
- Awesome-Android-Security #1
- Awesome-Android-Security #2
- Awesome-Android-Security #3
- Awesome Google VRP Writeups
- Android Malware 2021
- TEE Basics & General : TEE Resources
- Mobile CTF challenges
- SamMobile : Community Site
- XDA Developers : Community Site
- Cyber Security RSS : Security Issue Collection Site