Mobile Security

ax/apk.sh: apk.sh makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

[Detecting Android Content Provider APIs with Semgrep Rules Tech Blog](https://shivasurya.me/security/android/android-security/2022/11/28/android-content-provider-semgrep-detection.html)

Common mistakes when using permissions in Android

[My fav 7 methods for Bypassing Android Root detection by Kishor balan Oct, 2022 Medium](https://kishorbalan.medium.com/my-fav-7-methods-for-bypassing-android-root-detection-f8afb0ddfaf3)

Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys

A Course on Android Malware Analysis: Day 1 of 3 - YouTube

majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.

Android Hacking-Exploiting Content Providers

[Announcing KataOS and Sparrow Google Open Source Blog](https://opensource.googleblog.com/2022/10/announcing-kataos-and-sparrow.html?utm_medium=email)

How to Proxy Xamarin Mobile Apps :: 0ldMate’s Page — 0ldMate’s Blog

https://www.canva.com/design/DAFN6i0Z7b4/TW_hNUIkBAdnJc3zmyIRSA/view

Romain Thomas

[Non-aware Proxy apps with Wireguard Joan Bono](https://joanbono.github.io/PoC/Non-aware_Proxyguard.html)

A Basic Guide to iOS Testing in 2022 | Bugcrowd AUTHOR

B3nac/Android-Reports-and-Resources: A big list of Android Hackerone disclosed reports and other resources.

shivsahni/FireBaseScanner: The scripts helps security analsts to identify misconfigured firebase instances.

[The Mobile Attack Surface Mercari Engineering](https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/)

tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

[Matrix - Mobile MITRE ATT&CK®](https://attack.mitre.org/matrices/mobile/)

How to Reverse Engineer and Patch an iOS Application for Beginners: Part I

The Bridge between Web Applications and Mobile Platforms is Still Broken

[Android security checklist: theft of arbitrary files Oversecured Blog](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/?utm_medium=email&utm_campaign=bug_bytes_171_new_android_web_views_attacks_arbitrary_file_theft_on_android_scanning_for_pii_in_images&utm_term=2022-05-25)

https://twitter.com/OversecuredInc

Common mistakes when using permissions in Android