From the day of mobile operating systems coming
into being like Android, an increasing number of developers are trying to use
Android applications to give their customers or users ease operation for great
user experience and greater revenue generation. In the Android or iOS market, a
lot of application provides users with vulnerability scanner and security
detection features letting you test and scan your mobiles to see if your Mobile
App has any security flaws and fix it timely.
Mobile usage is growing so Mobile Apps. There
are more than 2 billion apps in Apple App Store & 2.2 million in Google
Play Store. And also there are multiple types of vulnerabilities and some of
the dangerous are:
Ÿ
Leaking personal user sensitive data;
Ÿ
Communication over the network with no
encryption;
Ÿ
Having world readable/writable file;
Ÿ
Arbitrary code execution;
Ÿ
Lock apps from spies.
1. Appvigil. You can find the security
loophole in your mobile app with Appvigil and get in-depth vulnerability report
in minutes. With Appvigil, you can get not just a safety hazard details but
also the patch recommendation so you can fix it immediately. You don’t need to
install any software as everything is done at Appvigil cloud.
Once you upload APK or IPA file, it performs
static and dynamic analysis on your app (Android/iOS) including OWASP Mobile
Top 10 vulnerabilities.
2. SandDroid performs static and dynamic
analysis and gives you a comprehensive report. You can upload APK or zip file
with a maximum of 50 MB. SandDroid is developed by Botnet research team &
Xi’an Jiao tong University. It currently performs checks on the following:
Ÿ
File size/hash, SDK version;
Ÿ
Network data, component, code feature,
sensitive API, IP distribution analysis;
Ÿ
Data leakage, SMS, phone call monitor;
Ÿ
Risk behavior and score;
Ÿ
Take a look at some scan report to get an
idea.
3. APKInspector. The goal of this project is
to aide analysts and reverse engineers to visualize compiled Android packages
and their corresponding DEX code. APKInspector provides both analysis functions
and graphic features for the users to gain deep insight into the malicious
apps:
Ÿ
CFG;
Ÿ
Call Graph;
Ÿ
Static Instrumentation;
Ÿ
Permission Analysis;
Ÿ
Dalvik codes;
Ÿ
Smali codes;
Ÿ
Java codes;
Ÿ
APK Information.
4. Private Zone is developed to offer dynamic
analysis of your Android applications. It helps users to analyze and assess
security risks in their android application and also suggests measures for
reducing those risks. Moreover, it provides security risk assessment for your
android app at early stage where the cost of damage is less as compared to that
at the production stage. Apart from the scanner feature, it also has the app lock feature to allow you lock and
hide anything you do not want to expose.
5. Drozer (formerly Mercury) is the leading
security testing framework for Android. Drozer allows you to search for
security vulnerabilities in apps and devices by assuming the role of an app and
interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying
OS.
It provides tools to help you use, share and
understand public Android exploits. It helps you to deploy a drozer Agent to a
device through exploitation or social engineering. Using weasel (MWR’s advanced
exploitation payload) drozer is able to maximize the permissions available to
it by installing a full agent, injecting a limited agent into a running
process, or connecting a reverse shell to act as a Remote Access Tool (RAT).
没有评论:
发表评论