awesome-android-security
awesome-android-security copied to clipboard
Published
20 hours ago •
NetKingJ
NetKingJ
A Collection of Android (Samsung) Security Research References
Awesome Android Security 
Theory
- Android Kernel Exploitation
- Hacking Android Apps with Frida
- Android Frida Scripts
- Real-time Kernel Protection (RKP)
- Breaking TEE Security
- Android Developer Fundamentals
- Android Security Lecture : Professor 허준영 lecture material
- Android Pentesting Checklist
- OWASP Mobile Security Testing Guide (MSTG)
- OWASP Mobile Application Security Verification Standard (MASVS)
- Frida Cheatsheet and Code Snippets for Android
- Frida HandBook
Report
2018
2019
- ~~[Report] Samsung Galaxy Apps Store RCE via MITM~~ Unable to connect
2020
- [Report] Flaws in ‘Find My Mobile’ exposed Samsung phones to hack
- [Report] Project Zero : MMS Exploit
- [Report] Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY “Proxmark”
- [Speaker] Beyond Root
- [Report] Arbitrary code execution on Facebook for Android through download feature
- [Report] Samsung S20 - RCE via Samsung Galaxy Store App
- [Report] Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
- [Report] Exploiting CVE-2020-0041 - Part 2: Escalating to root
2021
- [Report] In-the-Wild Series: Android Exploits
- [Report] Data Driven Security Hardening in Android
- [Report] An apparently benign app distribution scheme which has all it takes to turn (very) ugly
- [Report] Android Kernel Privilege Escalation (CVE-2020-11239)
- [Report] Two weeks of securing Samsung devices
- [Report] Why dynamic code loading could be dangerous for your apps: a Google example
- [Report] Exploiting memory corruption vulnerabilities on Android
- [Report] Common mistakes when using permissions in Android
- [Report] Android security checklist: WebView
- [Report] Use cryptography in mobile apps the right way
2022
- [Report] RCE IN ADOBE ACROBAT READER FOR ANDROID (CVE-2021-40724)
- [Report] The Dirty Pipe Vulnerability (CVE-2022-0847)
- [PoC] DirtyPipe for Android
- Video
Paper
2015
- [Paper] Fuzzing Android: a recipe for uncovering vulnerabilities inside system components in Android
2016
- [Paper] STAB Fuzzing: A Study of Android's Binder IPC and Linux/Android Fuzzing
- [Paper] 안드로이드 장치 드라이버에 대한 효과적 취약점 탐지 기법
2019
2020
- [Paper] 악성 안드로이드 앱 탐지를 위한 개선된 특성 선택 모델
- [Paper] 안드로이드 애플리케이션 환경에서 CFI 우회 공격기법 연구
- [Paper] An Empirical Study of Android Security Bulletins in Different Vendors
- [Paper] Research on Note-Taking Apps with Security Features
- [Paper] Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users
2021
- [Paper] FraudDetective: 안드로이드 모바일 광고 사기 탐지 및 사기 발생의 인과관계 분석
- [Paper] 안드로이드 저장소 취약점을 이용한 악성 행위 분석 및 신뢰실행환경 기반의 방어 기법
- [Paper] 사용자 맞춤형 서버리스 안드로이드 악성코드 분석을 위한 전이학습 기반 적응형 탐지 기법
2022
- [Paper] DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
- [Paper] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
- [PoC] Keybuster
- [Paper] ARM 캐시 일관성 인터페이스를 이용한 안드로이드OS 의 스크린 잠금 기능 부채널 공격
- [Paper] GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
- [Paper] SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android
- [Paper] insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers
- [Paper] FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- [Paper] Large-scale Security Measurements on the Android Firmware Ecosystem
- [Paper] GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line
Speaker
2017
2019
- [Speaker] KNOX Kernel Mitigation Bypasses
- [Speaker] Android Security Internals
- [Speaker] Fuzzing OP -TEE with AFL
2020
- [Speaker] Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
- [Speaker] Samsung Security Tech Forum 2020
- [Speaker] Qualcomm Compute DSP for Fun and Profit
- [Speaker] PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
2021
- [Speaker] Exploring & Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
- [Speaker] Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
- [Speaker] Breaking Secure Bootloaders
- [Speaker] Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
- ~~[Speaker] Blowing the Cover of Android Binary Fuzzing~~ Unable to connect
- [Speaker] Samsung Security Tech Forum 2021
- [Speaker] Emulating Samsung's Baseband for Security Testing
- [Speaker] Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication
- [Speaker] Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones
- [Speaker] HOOKA: Deep Dive Into ARTAndroid Runtime For Dynamic Binary Analysis
2022
- [Speaker] A Deep Dive into Privacy Dashboard of Top Android Vendors
- [Speaker] Hand in Your Pocket Without You Noticing: Current State of Mobile Wallet Security
- [Speaker] Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
- [Speaker] DroidGuard: A Deep Dive into SafetyNet
- [Speaker] Android static taint analysis 기법과 발전 방향
- [Speaker] Android 12에서 Dynamic Taint Analysis 기법을 이용한 Kakao talk의 복호화
Tools
Static / Dynamic Analysis
- JEB Decompiler : Powerful Integrated Analysis Tools
- IDA Pro : Powerful Integrated Analysis Tools
- APKLab : APK Integration Tool in VSCode
- Mobile Security Framework (MobSF) : Online Service
- Apktool : APK Files Reverse Engineering
- Bytecode Viewer : Java Reverse Engineering
- JD-GUI : Java Decompiler
- JADX : DEX to Java Decompiler
- RMS-Runtime-Mobile-Security : Manipulate Android and iOS Apps at Runtime
- APKLeaks : Scanning APK File for URIs, Endpoints & Secrets
- Apkingo : APK Details Exploration Tool
Online Analysis
- Oversecured : Paid Use
- Virustotal : Free Use
Forensisc Analysis
- MAGNET Forensisc : Powerful Integrated Analysis Tools
- Autopsy : End-To-End Open Source Digital Forensics Platform
- Wireshark : Network Protocol Analyzer
Fuzzer
- Android-afl : Android-enabled Version of AFL
- LibFuzzer : A Library For Coverage-Guided Fuzz Testing
- Droid : Android Application Fuzzing Framework
- Droid-ff : Android File Fuzzing Framework
- DoApp : A Smart Android Fuzzer For The Future
- DIFUZER : Fuzzer for Linux Kernel Drivers
- LTEFuzz : LTE Network Exception Handling Testing, KAIST
Root
Malware
- Quark Engine : An Obfuscation-Neglect Android Malware Scoring System
- AhMyth Android Rat : Sample Malware Production Tool
- TheFatRat : An Exploiting Tool which Compiles a Malware
Virtual / Build / Source
- Android Open Source Project (AOSP) : QEMU(Quick Emulator) Hypervisor
- Android Studio : Android Virtual Device (AVD) Manager
- Android x86 : Android Virtual Emulator
- Nox Player : Android Virtual Emulator
- Samsung Open Source : Kernel, Platform Open Source
- SamFw : [Web] Android Firmware
- Frija : [Software] Android Firmware
Etc
- Scrcpy : ADB Based Android Screen Sharing Tool
- GDB : APK Library Analysis Tools
- PEDA-ARM : ARM Architecture GDB PEDA Plug-in
- Termux : Android Terminal Emulator and Linux Environment App
- Diffuse : APK, AAB, AAR, and JAR Diffing Tool
Other
BugBounty
CVE / SVE
Blog / Site / Git
- Oversecured Blog : Technology Blog
- ESTsecurity Blog : [KOR] Issue Blog
- BlackHat : International Security Conference
- Bug Bounty Hunting Search Engine
- Awesome-Android-Security #1
- Awesome-Android-Security #2
- Awesome-Android-Security #3
- Android Malware 2021
- TEE Basics & General : TEE Resources
- Mobile CTF challenges
- SamMobile : Community Site
- XDA Developers : Community Site
- Cyber Security RSS : Security Issue Collection Site
SNS
Samsung Mobile Security Statistics
* Please note that the statistics are not accurate.
Backers
Thank you to all our supporters! 🙏
* Please, consider supporting my work as a lot of effort takes place to generate this list! Thanks a lot.
⬆ back to top
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
If you have any question about this opinionated list, do not hesitate to contact me @NetKingJ on Facebook or open an issue on GitHub.
NetKingJ