This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Mobile Security Project - Android

From OWASP
Jump to: navigation, search

This project is focused on the Android mobile platform and is part of the OWASP Mobile Security Project

References

Here are a number of references related to Android Security

Official documentation

Android Security Team

Published Research and presentations

Tools

  • Android Development
  • Android Security Review
    • Smart Phones Dumb Apps Presentation about how to unpack, disassemble/decompile, and analyze Android applications. Also has a link to some Perl code to automate parts of this process.
    • Dex2Jar : "...Android mobile device runs applications which have been converted into a compact Dalvik Executable (.dex) format. Dex2Jar converts .dex files to Java .class files..."
    • ApkTool : "...It is a tool for reengineering 3rd party, closed, binary Android apps. It can decode resources to nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also it makes working with app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc..."
    • JD-GUI and JD-Eclipse, DJ and JAD (mirror) : Java Decompilers
    • AXMLPrinter2 - Utility that decodes the Android XML files, such as Manifest.xml ().
    • OWASP O2 Platform can be used to review the Android Java source code (create object model of compiled java code, search source-code files, model config files)
    • Commercial tools (like Fortify, IBM AppScan Source) can parse Java files (the question is "Do they have Android Specific rules")
    • iSec Partners have a number of Android related tools at https://www.isecpartners.com/mobile_application_tools.html

Media Coverage

(note: go here to edit this references page)

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Mobile Security Project – Android (home page)
Purpose: The rapid growth of mobile computing has made the need for secure mobile development absolutely essential. This project is the result of the split of the Mobile Security Project into the Android platform.
License: N/A
who is working on this project?
Project Leader(s):
  • Mike Zusman @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases