Android Testing Cheat Sheet



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- Last revision (mm/dd/yy): // = Introduction = DRAFT MODE - This Cheat Sheet is a Work in Progress
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

This cheat sheet provides a checklist of tasks to be performed to do a penetration test of an Android application. It follows the OWASP Mobile Top 10 Risks list.

Testing Methodology
At the device level, there are 2 ways in which the application shall be tested.
 * 1) With Android device running in a factory default or normal mode
 * 2) With Android device running in a rooted mode

At the application level, there are 2 ways in which it shall be tested
 * 1) Application running on the device (to take benefits of touch related features)
 * 2) Application running on the emulator (to ease the task of testing using wider screen of desktop or laptop)

Application Mapping
Map the application for possible security vectors = OWASP Step-by-step Approach = (For each of the standards below, there shall be multiple steps for the tester to follow])
 * 1) What is the application genre ? (Game, business, productivity etc)
 * 2) Does the application connect to backend web services?
 * 3) Is the application purely native or incorporates readymade frameworks?
 * 4) Does the application store data on the device?
 * 5) What all features of the device are used by the application? (camera, gyroscope, contacts etc)

M10 - Lack of Binary Protection
= Authors and Primary Editors =

Jim Manico

Jonathan Carter

Prashant Pathak

Milan Singh Thakur

Other Cheatsheets

 * }