Advanced Penetration Testing Of Obfuscated Android Applications

Abstract

Android applications are susceptible to security vulnerabilities just like any other application. To minimize the risk and detect any potential vulnerabilities, penetration tests are conducted. However, many clients are not willing or are not capable to provide unobfuscated version of the application with security defenses disabled. It is up to the testers to bypass all these restrictions and properly test the application. Bypassing all the restrictions takes considerable ammount of time, thus making the test more expensive. This paper describes methodology for dealing with obfuscation as quickly as possible without creating unnecessary code or introducing additional tools.