Android AppSec (Kotlin) (Beta) Apk
Apk Infos
| Version | 1.2 |
| Rating | 4.6/5, based on 10 votes |
| Size | 19.3 MB |
| Requires Android | Android 4.1+ (Jelly Bean) |
| Author's Notes | This app help developers make their apps more secure. |
About Android AppSec (Kotlin) (Beta) APK
Table Of Contents
Description
Android AppSec (Kotlin) app will help you to practice for Android Security points. We do it for the right reasons - to help developers make their apps more secure. The best way to verify that your app follows secure mobile development best practices is to perform security assessments of the app, which can include automated mobile app security testing, fuzzing, manual penetration testing, and more. This application represents some of the knowledge we share with the infosec community. We are trying to build a vulnerable application based on OWASP Mobile Security Testing Guide.In this application we are covering below points:
1 HTTP Traffic
1.1 HTTP Traffic
1.2 HTTPS Traffic
2 Public Key Pinning
2.1-4 Certificate Pinning Bypass
3 Non-HTTP Traffic
3.1 TCP Traffic
3.2 UDP Traffic
4 WebSocket Traffic
4.1 Web Socket (WS)
4.2 Web Socket Secure (WSS)
5 Root Detection
5.1 Root Management Apps
5.2 Potentially Dangerous Apps
5.3 Root Cloaking Apps
5.4 Test Keys
5.5 Dangerous Props
5.6 BusyBox Binary
5.7 Su Binary
5.8 Su Exists
5.9 RW System
5.10 SafetyNet
5.11 Using running processes
6 Emulator detection
6.1 Virtual Phone Number
6.2 Device IDs
6.3 Hardware Specifications
6.4 QEmu Detection
6.5 File Based Checking
6.6 IP Based Checking
6.7 Package Name
6.8 Debug Flag
6.9 Network Operator Name
7 Anti-Debugging detection
8 Insecure Data Storage
8.1 SQLite Databases (Unencrypted)
8.2 SQLite Databases (Encrypted)
8.3 Realm Databases (Unencrypted)
8.4 Realm Databases (Encrypted)
8.5 Firebase Real-time Databases
8.6 Shared Preferences
8.7 Internal Storage
8.8 External Storage
8.9 KeyStore
8.10 KeyChain
8.11 Keyboard Cache
8.12 User Interface
8.13 App Backup
8.14 Screenshots
8.15 Memory
8.16 User Dictionary Cache
8.17 Paste Board
8.18 Activity data
9 Logs
9.1 Informational
9.2 Error
9.3 Warnings
9.4 Debug
9.5 Verbose
9.6 WTF
10 Content Providers
10.1 SQL Injection
10.2 File System Expose
11 Encryption
11.1 Message Authentication Codes
11.2 Message Digest
11.3 Signatures
11.4 Custom Implementations
11.5 Caesar Cipher
11.6 Weak Key Generation
11.7 Weak Random Number
11.8 Weaker Padding
12 Symmetric Encryption
12.1 DES
12.2 3DES
12.3 RC4
12.4 Blowfish
12.5 AES
12.6 Predictable Initialization Vector
13 Asymmetric Encryption
13.1 RSA
14 Hashing
14.1 MD4
14.2 MD5
14.3 SHA1
15 Authentication
15.1 Biometric
15.2 Confirm Credentials
15.3 2FA - OTP Leakage
15.4 2FA - Response Manipulation
15.5 2FA - Status Code Manipulation
15.6 2FA - OTP Brute-Force
15.7 2FA - OTP Brute-Force 2
15.8 2FA - Integrity Validation
15.9 Application lock
16 Binary Protection
16.1 Library (NDK)
16.2 Packers
16.3 Obfuscator
17 Device ID
17.1 SSAID/ANDROID_ID
17.2 Device Wi-Fi MAC
17.3 GPS Location
17.4 IMEI/ESN
17.5 MEID
17.6 IMSI
18 Web Application
18.1 HTML5 Controls
18.2 Bruteforce
18.3 Login Bypass - Cookies Manipulation
18.4 Encoding - Hashing
18.5 JavaScript - Info leak
18.6 Server Fingerprint
18.7 Client Side Validation Bypass
18.8 User Password Enumeration
18.9 OTP Bruteforce
18.10 JWT Misconfiguration
18.11 Guessable Session ID
18.12 REST API HTTP Methods
18.13 SSRF
18.14 XXE
18.15 Unrestricted File Upload
18.16-17 LFI-RFI
18.18 Deserialization
18.19 XPATH Injection
18.20 Metafiles - Info Leakage
18.21 RIA Cross Domain Policy
18.22 Default Credentials
18.23 OS Command Injection
18.24 S3 bucket misconfiguration
18.25 Path Traversal
18.26 Captcha Bypass
18.27 IP whitelisting Bypass
18.28 SSTI
18.29 Review comment and Metadata
18.30 Code Injection
18.31 Old Backup Files
18.32 Insecure Direct Object Reference
19 Miscellaneous
19.1 Deeplink
19.2 QR Code
19.3-7 Backdoor 1-5
It will be great if you can support and share your thoughts with us to improve this application.
Latest updates
What's new in version 1.2
* Anti-Debugging DetectionisDebugger Connected task added
* Insecure Data Storage
Memory task added
Clipboard task added
* Content Provider
File System Expose task added
How to install Android AppSec (Kotlin) (Beta) APK on Android phone or tablet?
Download Android AppSec (Kotlin) (Beta) APK file from ApkClean, then follow these steps:
Update Phone Settings
- Go to your phone Settings page
- Tap Security or Applications (varies with device)
- Check the Unknown Sources box
- Confirm with OK
Go to Downloads
- Open Downloads on your device by going to My Files or Files
- Tap the APK file you downloaded (com.hpandro.androidsecurity-v1.2-ApkClean.apk)
- Tap Install when prompted, the APK file you downloaded will be installed on your device.
Older Versions
| 1.2 (25) | 19.3 MB |
Questions & Answers
Q: What is an APK File?
A: Just like Windows (PC) systems use an .exe file for installing software, Android does the same. An APK file is the file format used for installing software on the Android operating system.
Q: If I install an APK from this website, will I be able to update the app from the Play Store?
A: Yes, absolutely. The Play Store installs APKs it downloads from Google's servers, and sideloading from a site like ApkClean.net goes through a very similar process, except you're the one performing the downloading and initiating the installation (sideloading).
As soon as the Play Store finds a version of the app newer than the one you've sideloaded, it will commence an update.
Q: Why ApkClean.net can guarantee APK 100% safe?
A: Whenever someone wants to download an APK file from ApkClean.net, we'll check the corresponding APK file on Google Play and allow user download it directly (of course, we'll cache it on our server). If the APK file does not exist on Google Play, we'll search it in our cache.
Q: What are Android App permissions?
A: Apps require access to certain systems within your device. When you install an application, you are notified of all of the permissions required to run that application.
Don't hesitate to contact us if you have any questions or concerns.
(*) is required
