![]() ![]() The first step is to obtain the list of applications that are installed on the phone with the following command: Tools such as Drozer and adb can reveal the location of the APK file on the phone. In order to fully perform the assessment the APK file is essential as well for static analysis of the files that are included in the APK like the manifest file and for reverse engineering the application to investigate further vulnerabilities. However this can cover only the dynamic analysis testing. Google Play Storeįor applications that are available publicly and are included already in the Google Play Store there are various websites that can provide APK files like apkleecher and apkdownloader.įor applications that are already installed on the Android phone the consultant can start the testing immediately by using Burp. If the client provides the APK file then everything is ready and the consultant he can start with the assessment. Application is already installed on the phone.Application is available on Google Play Store.The are three different scenarios of how to retrieve an APK file: client has requested a black box assessment) then it is up to the consultant to obtain this file. However if for whatever reason this is not possible (i.e. In the majority of the cases the client is responsible to provide this file especially in a situation where the actual application is not publicly available. APK file which is the actual application. The first step in every android security assessment is to have the.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |