Android Security Testing Guide

This article provides a step‑by‑step guide for performing security testing on Android applications.

1. APKTool decompilation : Download APKTool, place the target fileName.apk in the same directory, and run apktool d testapp.apk to extract the AndroidManifest.xml and related resources.

2. AndroidManifest.xml checks : Examine the manifest for exposed components:

Activities with android:exported="true" can be launched via adb shell am start –n activityName and may be vulnerable if they require authentication.

Content providers marked as exported ( android:exported="true" ) are accessible to any app; query them with adb shell and content‑query –uri <uri> .

Broadcast receivers that accept untrusted broadcasts can be abused to trigger privileged actions.

3. Drozer framework testing :

List installed packages: dz> run app.package.list -f sieve

Get basic app info: dz> run app.package.info -a com.mwr.example.sieve

Assess attack surface: dz> run app.package.attacksurface com.mwr.example.sieve

Check exposed activities, services, providers, and receivers with commands such as dz> run app.activity.info -a com.xxx.sample and dz> run app.activity.start --component com.xxx.sample com.xxx.sample.exampleActivity .

ContentProvider exposure: enumerate accessible URIs ( dz> run scanner.provider.finduris -a com.xxxx.sample ) and query data ( run app.provider.query content://com.xxxx.sample.xxxx/xxxx/ ); test for SQL injection using queries with malformed selections.

File‑traversal checks: dz> run scanner.provider.traversal -a com.xxxx.sample (no vulnerable providers indicates no traversal).

Service exposure: list exported services with run app.service.info -a com.xxxx.sample and, if found, interact using app.service.send , app.service.start , app.service.stop , etc.

The article includes illustrative screenshots of the testing process and encourages readers to follow the associated public account for further learning.