Static Pentesting of Android Application

Abstract

Mobile application use has become increasingly common, particularly android is the most well known working framework being utilized. The portable application is getting developed in all areas like social insurance, individual consideration, Gaming, Business, and so forth, and these applications need the client to give their own information, wherein the client's information are stored on the Mobile gadget, or it is transmitted through the Network as API's. If there are any security, misconfigurations present may lead the hacker to attack the mobile device or the API’s which helps to gain access on the user’s data. Hence, the mobile devices are becoming more prone to security threats. Consequently, the portable applications must ensure to be secure before they are conveyed in the market, and it is the duty of the application proprietor to perform Pentesting on the application to provide security to the client’s information. Pentesting of any android or iOS applications can be performed in two ways, static and dynamic Pentesting. Static Pentesting helps in understating the security threats at the local storage and on the manifest file by reverse engineering the application’s APK or IPA file, whereas dynamic Pentesting helps in finding security threats in the real-time exchange of data through the network. In this paper, the Static Pentesting methodology that can be used for android application Pentesting is described with the use of open-source Pentesting tools and a sample android application. The static Pentesting of any application encourages the engineer to comprehend the security misconfigurations, which ought to be dodged at the development stage of the application itself. This guarantees the security of the client's information at the device level.