Mobile Security

ax/ makes reverse engineering Android apps easier, automating some repetitive tasks like pulling, decoding, rebuilding and patching an APK.

[Detecting Android Content Provider APIs with Semgrep Rules Tech Blog](

Common mistakes when using permissions in Android

[My fav 7 methods for Bypassing Android Root detection by Kishor balan Oct, 2022 Medium](

Manipulating AES Traffic using a Chain of Proxies and Hardcoded Keys

A Course on Android Malware Analysis: Day 1 of 3 - YouTube

majd/ipatool: Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store

prateek147/DVIA-v2: Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 11. The current version is writen in Swift and has the following vulnerabilities.

Android Hacking-Exploiting Content Providers

[Announcing KataOS and Sparrow Google Open Source Blog](

How to Proxy Xamarin Mobile Apps :: 0ldMate’s Page — 0ldMate’s Blog

Romain Thomas

[Non-aware Proxy apps with Wireguard Joan Bono](

A Basic Guide to iOS Testing in 2022 | Bugcrowd AUTHOR

B3nac/Android-Reports-and-Resources: A big list of Android Hackerone disclosed reports and other resources.

shivsahni/FireBaseScanner: The scripts helps security analsts to identify misconfigured firebase instances.

[The Mobile Attack Surface Mercari Engineering](

tanprathan/MobileApp-Pentest-Cheatsheet: The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

[Matrix - Mobile MITRE ATT&CK®](

How to Reverse Engineer and Patch an iOS Application for Beginners: Part I

The Bridge between Web Applications and Mobile Platforms is Still Broken

[Android security checklist: theft of arbitrary files Oversecured Blog](

Common mistakes when using permissions in Android