A curated list of resources to study Android security for a beginner

1. Week 1
2. Week 2
3. Week 3
4. Week 4
5. Week 5
6. Week 6
7. Extra Stuff
8. Tools

• Decompile an APK file: ApkToolReverse engineering and disassembling tool

• Understanding the directory structure codepath

  howtodoinjava

• Working of android(Internal) Addictivetips

  Android

  Book

• Setup basic android hacking lab Medium Blog

• View Source code > Unzip app.apk -o app > open exampe dir and do "d2j-dex2jar classes.dex" > Decompile the generated .classes file with Java decompiler

• Permissions (use apktools and open AndroidManifest.xml) Android Developer

• Understanding Android OS Android Application security

• Android Application fundamentals Android application security

• Introduction to adb, apktool, dex2jar and jd-gui Android application security

• Intentionally vulnerable apps for practice DIVAOWASP goatdroidAndroid insecure bank

• Insecure data storage Vuln

• Absence of binary protection Vuln

• Insufficient protection of communication channel VulnMobilesecurity.gitbook.io

• Developer Backdoor Hard coded credentials :D.

• Testing Authenticatio mechanism. Vuln

• [Vuln] Weak Cryptography. Mobile-security.gitbook.ioManifestsecurity

• Infufficient Transport Layer Protection Mobile-security.gitbook.ioManifestsecurity

• Unintented Data leakage Manifestsecurity

• Appsec Wiki
• Manifest Security
• Android security Awesome
• OWASP mobile testing guide
• Android sec reference
• Android Lab
• Android's official vulnerability disclosure
• Exploits from Exploit-DB

• Quark
• Frida
• Radare2 - Reversing
• Virus Total
• APKAnalyzer
• Apktool
• Android Framework for Exploitation
• Dwarf - RE
• Ghidra
• Gdb