Pentest Mobile App

Purpose

Mobile apps are completely absent from Shannon (web-only) and all existing skills. Mobile apps often share backend APIs but introduce unique attack surfaces: local storage, pinning, intent handling, binary protections.

Prerequisites

Authorization Requirements

Written authorization

with mobile app testing scope

APK/IPA files

or access to app store downloads

Test devices

or emulators (rooted Android, jailbroken iOS preferred)

Backend API documentation

if available

Environment Setup

Frida for runtime instrumentation

Objection for quick mobile security testing

MobSF for automated static/dynamic analysis

jadx for Android decompilation, Hopper for iOS

Burp Suite configured as mobile proxy

Core Workflow

Static Analysis

Decompile APK/IPA, analyze for hardcoded secrets, insecure storage patterns, weak crypto, exported components, debug flags.

Insecure Data Storage

Check SharedPreferences/Keychain for sensitive data, SQLite DBs, log files, clipboard exposure, backup extraction.

Certificate Pinning Bypass

Use Frida/Objection to disable pinning, intercept HTTPS traffic, test HTTP fallback.

Auth & Session on Mobile

Token storage security, biometric bypass, session timeout, deep link auth bypass.

IPC Testing

Exported Activities/Services/BroadcastReceivers (Android), URL scheme hijacking (iOS), intent injection, custom URI handler abuse.

Binary Protections

Root/jailbreak detection bypass, anti-tampering bypass, code obfuscation assessment, runtime manipulation via Frida.

Mobile-Context API Testing

APIs trusting mobile client-side validation, device-ID spoofing, push notification token abuse. Tool Categories Category Tools Purpose Runtime Instrumentation Frida, Objection Hook functions, bypass protections Static Analysis MobSF, jadx, Hopper Decompile and analyze binaries Traffic Interception Burp Suite, mitmproxy HTTPS interception with pinning bypass Android Testing adb, drozer Component testing, IPC analysis iOS Testing Objection, cycript Runtime manipulation, keychain dump References references/tools.md - Tool function signatures and parameters references/workflows.md - Attack pattern definitions and test vectors