> For the complete documentation index, see [llms.txt](https://angelica.gitbook.io/hacktricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://angelica.gitbook.io/hacktricks/mobile-pentesting/android-checklist.md).
# Android APK Checklist
{% hint style="success" %}
Learn & practice AWS Hacking:
[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: 
[**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
### [Learn Android fundamentals](/hacktricks/mobile-pentesting/android-app-pentesting.md#2-android-application-fundamentals)
* [ ] [Basics](/hacktricks/mobile-pentesting/android-app-pentesting.md#fundamentals-review)
* [ ] [Dalvik & Smali](/hacktricks/mobile-pentesting/android-app-pentesting.md#dalvik--smali)
* [ ] [Entry points](/hacktricks/mobile-pentesting/android-app-pentesting.md#application-entry-points)
* [ ] [Activities](/hacktricks/mobile-pentesting/android-app-pentesting.md#launcher-activity)
* [ ] [URL Schemes](/hacktricks/mobile-pentesting/android-app-pentesting.md#url-schemes)
* [ ] [Content Providers](/hacktricks/mobile-pentesting/android-app-pentesting.md#services)
* [ ] [Services](/hacktricks/mobile-pentesting/android-app-pentesting.md#services-1)
* [ ] [Broadcast Receivers](/hacktricks/mobile-pentesting/android-app-pentesting.md#broadcast-receivers)
* [ ] [Intents](/hacktricks/mobile-pentesting/android-app-pentesting.md#intents)
* [ ] [Intent Filter](/hacktricks/mobile-pentesting/android-app-pentesting.md#intent-filter)
* [ ] [Other components](/hacktricks/mobile-pentesting/android-app-pentesting.md#other-app-components)
* [ ] [How to use ADB](/hacktricks/mobile-pentesting/android-app-pentesting.md#adb-android-debug-bridge)
* [ ] [How to modify Smali](/hacktricks/mobile-pentesting/android-app-pentesting.md#smali)
### [Static Analysis](/hacktricks/mobile-pentesting/android-app-pentesting.md#static-analysis)
* [ ] Check for the use of [obfuscation](#some-obfuscation-deobfuscation-information), checks for noting if the mobile was rooted, if an emulator is being used and anti-tampering checks. [Read this for more info](/hacktricks/mobile-pentesting/android-app-pentesting.md#other-checks).
* [ ] Sensitive applications (like bank apps) should check if the mobile is rooted and should actuate in consequence.
* [ ] Search for [interesting strings](/hacktricks/mobile-pentesting/android-app-pentesting.md#looking-for-interesting-info) (passwords, URLs, API, encryption, backdoors, tokens, Bluetooth uuids...).
* [ ] Special attention to [firebase ](/hacktricks/mobile-pentesting/android-app-pentesting.md#firebase)APIs.
* [ ] [Read the manifest:](/hacktricks/mobile-pentesting/android-app-pentesting.md#basic-understanding-of-the-application-manifest-xml)
* [ ] Check if the application is in debug mode and try to "exploit" it
* [ ] Check if the APK allows backups
* [ ] Exported Activities
* [ ] Content Providers
* [ ] Exposed services
* [ ] Broadcast Receivers
* [ ] URL Schemes
* [ ] Is the application s[aving data insecurely internally or externally](/hacktricks/mobile-pentesting/android-app-pentesting.md#insecure-data-storage)?
* [ ] Is there any [password hard coded or saved in disk](/hacktricks/mobile-pentesting/android-app-pentesting.md#poorkeymanagementprocesses)? Is the app [using insecurely crypto algorithms](/hacktricks/mobile-pentesting/android-app-pentesting.md#useofinsecureandordeprecatedalgorithms)?
* [ ] All the libraries compiled using the PIE flag?
* [ ] Don't forget that there is a bunch of[ static Android Analyzers](/hacktricks/mobile-pentesting/android-app-pentesting.md#automatic-analysis) that can help you a lot during this phase.
### [Dynamic Analysis](/hacktricks/mobile-pentesting/android-app-pentesting.md#dynamic-analysis)
* [ ] Prepare the environment ([online](/hacktricks/mobile-pentesting/android-app-pentesting.md#online-dynamic-analysis), [local VM or physical](/hacktricks/mobile-pentesting/android-app-pentesting.md#local-dynamic-analysis))
* [ ] Is there any [unintended data leakage](/hacktricks/mobile-pentesting/android-app-pentesting.md#unintended-data-leakage) (logging, copy/paste, crash logs)?
* [ ] [Confidential information being saved in SQLite dbs](/hacktricks/mobile-pentesting/android-app-pentesting.md#sqlite-dbs)?
* [ ] [Exploitable exposed Activities](/hacktricks/mobile-pentesting/android-app-pentesting.md#exploiting-exported-activities-authorisation-bypass)?
* [ ] [Exploitable Content Providers](/hacktricks/mobile-pentesting/android-app-pentesting.md#exploiting-content-providers-accessing-and-manipulating-sensitive-information)?
* [ ] [Exploitable exposed Services](/hacktricks/mobile-pentesting/android-app-pentesting.md#exploiting-services)?
* [ ] [Exploitable Broadcast Receivers](/hacktricks/mobile-pentesting/android-app-pentesting.md#exploiting-broadcast-receivers)?
* [ ] Is the application [transmitting information in clear text/using weak algorithms](/hacktricks/mobile-pentesting/android-app-pentesting.md#insufficient-transport-layer-protection)? is a MitM possible?
* [ ] [Inspect HTTP/HTTPS traffic](/hacktricks/mobile-pentesting/android-app-pentesting.md#inspecting-http-traffic)
* [ ] This one is really important, because if you can capture the HTTP traffic you can search for common Web vulnerabilities (Hacktricks has a lot of information about Web vulns).
* [ ] Check for possible [Android Client Side Injections](/hacktricks/mobile-pentesting/android-app-pentesting.md#android-client-side-injections-and-others) (probably some static code analysis will help here)
* [ ] [Frida](/hacktricks/mobile-pentesting/android-app-pentesting.md#frida): Just Frida, use it to obtain interesting dynamic data from the application (maybe some passwords...)
### Some obfuscation/Deobfuscation information
* [ ] [Read here](/hacktricks/mobile-pentesting/android-app-pentesting.md#obfuscating-deobfuscating-code)
{% hint style="success" %}
Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\
Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
Support HackTricks
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
{% endhint %}
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://angelica.gitbook.io/hacktricks/mobile-pentesting/android-checklist.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.