OWASP, static analysis and dynamic analysis, vulnerabilities, safe development, etc. have been discussed throughout the contents. Smartphones are not free of attacks. OWASP defines a top 10 risk in applications for mobile devices ( https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 ).
It is requested
From the contents studied and after reading the previous statement, you should analyze three Android applications (.apk) in search of vulnerabilities.
For this you can use tools such as MobSF (Mobile Security Framework), Drozer, etc.
The type of analysis can be static.
Analysis must contain:
– The files of applications analyzed.
– Reason for the analysis – why you have chosen these particular applications.
– List of vulnerabilities (if any) detected classified according to the OWASP classification.
– Peculiarities or facts to highlight of each of them.
Good quality and readable screenshots of the analysis process using tools is a must.
Attached is a file with basic material security of mobile platforms, specifically Android.