android-security-awesome

A collection of Android security-related resources.

Tools

Academic/Research/Publications/Books

Exploits/Vulnerabilities/Bugs

ToolsOnline Analyzers

AndroTotal

Appknox - not free

Virustotal - max 128MB

Fraunhofer App-ray - not free

NowSecure Lab Automated - Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes. Not free

App Detonator - Detonate APK binary to provide source code level details, including app author, signature, build, and manifest information. 3 Analysis/day free quota.

Pithus - Open-Source APK analyzer. Still in Beta and limited to static analysis for the moment. It is possible to hunt malware with Yara rules. More here.

Oversecured - Enterprise vulnerability scanner for Android and iOS apps; it offers app owners and developers the ability to secure each new version of a mobile app by integrating Oversecured into the development process. Not free.

AppSweep by Guardsquare - Free, fast Android application security testing for developers

Koodous - Performs static/dynamic malware analysis over a vast repository of Android samples and checks them against public and private Yara rules.

Immuniweb. Does an "OWASP Mobile Top 10 Test", "Mobile App Privacy Check", and an application permissions test. The free tier is 4 tests per day, including report after registration

ANY.RUN - An interactive cloud-based malware analysis platform with support for Android application analysis. Limited free plan available.

~~BitBaan~~

~~AVC UnDroid~~

~~AMAaaS - Free Android Malware Analysis Service. A bare-metal service features static and dynamic analysis for Android applications. A product of MalwarePot~~.

~~AppCritique - Upload your Android APKs and receive comprehensive free security assessments~~

~~NVISO ApkScan - sunsetting on Oct 31, 2019~~

~~Mobile Malware Sandbox~~

~~IBM Security AppScan Mobile Analyzer - not free~~

~~Visual Threat - no longer an Android app analyzer~~

~~Tracedroid~~

~~habo - 10/day~~

~~CopperDroid~~

~~SandDroid~~

~~Stowaway~~

~~Anubis~~

~~Mobile app insight~~

~~Mobile-Sandbox~~

~~Ijiami~~

~~Comdroid~~

~~Android Sandbox~~

~~Foresafe~~

~~Dexter~~

~~MobiSec Eacus~~

~~Fireeye- max 60MB 15/day~~

~~approver - Approver is a fully automated security analysis and risk assessment platform for Android and iOS apps. Not free.~~

android-security-awesome

GitHub contributors

A collection of Android security-related resources.

Tools
Academic/Research/Publications/Books
Exploits/Vulnerabilities/Bugs

Tools

Online Analyzers

AndroTotal
Appknox - not free
Virustotal - max 128MB
Fraunhofer App-ray - not free
NowSecure Lab Automated - Enterprise tool for mobile app security testing both Android and iOS mobile apps. Lab Automated features dynamic and static analysis on real devices in the cloud to return results in minutes. Not free
App Detonator - Detonate APK binary to provide source code level details, including app author, signature, build, and manifest information. 3 Analysis/day free quota.
Pithus - Open-Source APK analyzer. Still in Beta and limited to static analysis for the moment. It is possible to hunt malware with Yara rules. More here.
Oversecured - Enterprise vulnerability scanner for Android and iOS apps; it offers app owners and developers the ability to secure each new version of a mobile app by integrating Oversecured into the development process. Not free.
AppSweep by Guardsquare - Free, fast Android application security testing for developers
Koodous - Performs static/dynamic malware analysis over a vast repository of Android samples and checks them against public and private Yara rules.
Immuniweb. Does an "OWASP Mobile Top 10 Test", "Mobile App Privacy Check", and an application permissions test. The free tier is 4 tests per day, including report after registration
ANY.RUN - An interactive cloud-based malware analysis platform with support for Android application analysis. Limited free plan available.
~~BitBaan~~
~~AVC UnDroid~~
~~AMAaaS - Free Android Malware Analysis Service. A bare-metal service features static and dynamic analysis for Android applications. A product of MalwarePot~~.
~~AppCritique - Upload your Android APKs and receive comprehensive free security assessments~~
~~NVISO ApkScan - sunsetting on Oct 31, 2019~~
~~Mobile Malware Sandbox~~
~~IBM Security AppScan Mobile Analyzer - not free~~
~~Visual Threat - no longer an Android app analyzer~~
~~Tracedroid~~
~~habo - 10/day~~
~~CopperDroid~~
~~SandDroid~~
~~Stowaway~~
~~Anubis~~
~~Mobile app insight~~
~~Mobile-Sandbox~~
~~Ijiami~~
~~Comdroid~~
~~Android Sandbox~~
~~Foresafe~~
~~Dexter~~
~~MobiSec Eacus~~
~~Fireeye- max 60MB 15/day~~
~~approver - Approver is a fully automated security analysis and risk assessment platform for Android and iOS apps. Not free.~~