Awesome Android Security 
Theory
- Android Kernel Exploitation
- Hacking Android Apps with Frida
- Android Frida Scripts
- Real-time Kernel Protection (RKP)
- Android Developer Fundamentals
- Android Security Lecture : Professor ํ์ค์ lecture material
- Android Pentesting Checklist
- OWASP Mobile Security Testing Guide (MSTG)
- OWASP Mobile Application Security Verification Standard (MASVS)
- Frida Cheatsheet and Code Snippets for Android
- Frida HandBook
- Android App Security Checklist
- Android Vulnerabilities : Oversecured's Android Vulnerability List
- Interception of Android implicit intents
- Common mistakes when using permissions in Android
Report
2018
2019
[Report] Samsung Galaxy Apps Store RCE via MITMUnable to connect- [Report] Reverse-engineering Samsung S10 TEEGRIS TrustZone OS
2020
- [Report] Flaws in โFind My Mobileโ exposed Samsung phones to hack
- [Report] Project Zero : MMS Exploit
- [Report] Breaking Samsung firmware, or turning your S8/S9/S10 into a DIY โProxmarkโ
- [Speaker] Beyond Root
- [Report] Arbitrary code execution on Facebook for Android through download feature
- [Report] Samsung S20 - RCE via Samsung Galaxy Store App
- [Report] Exploiting CVE-2020-0041 - Part 1: Escaping the Chrome Sandbox
- [Report] Exploiting CVE-2020-0041 - Part 2: Escalating to root
- [Report] Breaking TEE Security Part 1: TEEs, TrustZone and TEEGRIS
- [Report] Breaking TEE Security Part 2: Exploiting Trusted Applications (TAs)
- [Report] Breaking TEE Security Part 3: Escalating Privileges
2021
- [Report] In-the-Wild Series: Android Exploits
- [Report] Data Driven Security Hardening in Android
- [Report] An apparently benign app distribution scheme which has all it takes to turn (very) ugly
- [Report] Android Kernel Privilege Escalation (CVE-2020-11239)
- [PoC Code] Exploit for Qualcomm CVE-2020-11239
- [Report] Two weeks of securing Samsung devices
- [Report] Why dynamic code loading could be dangerous for your apps: a Google example
- [Report] Exploiting memory corruption vulnerabilities on Android
- [Report] Common mistakes when using permissions in Android
- [Report] Android security checklist: WebView
- [Report] Use cryptography in mobile apps the right way
- [Report] Google Photos : Theft of Database & Arbitrary Files Android Vulnerability
- [Report] Exploring intent-based Android security vulnerabilities on Google Play (Part 1/3)
- [Report] Hunting intent-based Android security vulnerabilities with Snyk Code (Part 2/3)
- [Report] Mitigating and remediating intent-based Android security vulnerabilities (Part 3/3)
2022
- [Report] RCE IN ADOBE ACROBAT READER FOR ANDROID (CVE-2021-40724)
- [Report] The Dirty Pipe Vulnerability (CVE-2022-0847)
- [PoC Code] DirtyPipe for Android
- PoC Video
- [Report] SSD Advisory โ Galaxy Store Applications Installation/Launching without User Interaction
- [Report] Auth Bypass in com.google.android.googlequicksearchbox
- [Report] Accidental $70k Google Pixel Lock Screen Bypass
- [PoC Video] Pixel 6 Full Lockscreen Bypass POC
- [Bug Report] Complete Lock Screen Bypass on Google Pixel devices
- [Bug Patch] aosp-mirror/platform_frameworks_base
- [Report] Lock Screen Bypass Exploit of Android Devices (CVE-2022โ20006)
2023
- [Report] Pwning the all Google phone with a non-Google bug
- [PoC Code] Exploit for CVE-2022-38181
- [PoC Code] Exploit for CVE-2022-20186
- [Report] Protecting Android clipboard content from unintended exposure
- [Report] The Fuzzing Guide to the Galaxy: An Attempt with Android System Services
- [Report] ARM TrustZone: pivoting to the secure world
Paper
2015
- [Paper] Fuzzing Android: a recipe for uncovering vulnerabilities inside system components in Android
2016
- [Paper] STAB Fuzzing: A Study of Android's Binder IPC and Linux/Android Fuzzing
- [Paper] ์๋๋ก์ด๋ ์ฅ์น ๋๋ผ์ด๋ฒ์ ๋ํ ํจ๊ณผ์ ์ทจ์ฝ์ ํ์ง ๊ธฐ๋ฒ
2019
2020
- [Paper] ์ ์ฑ ์๋๋ก์ด๋ ์ฑ ํ์ง๋ฅผ ์ํ ๊ฐ์ ๋ ํน์ฑ ์ ํ ๋ชจ๋ธ
- [Paper] ์๋๋ก์ด๋ ์ ํ๋ฆฌ์ผ์ด์ ํ๊ฒฝ์์ CFI ์ฐํ ๊ณต๊ฒฉ๊ธฐ๋ฒ ์ฐ๊ตฌ
- [Paper] An Empirical Study of Android Security Bulletins in Different Vendors
- [Paper] Research on Note-Taking Apps with Security Features
- [Paper] Deploying Android Security Updates: an Extensive Study Involving Manufacturers, Carriers, and End Users
2021
- [Paper] FraudDetective๏ผ ์๋๋ก์ด๋ ๋ชจ๋ฐ์ผ ๊ด๊ณ ์ฌ๊ธฐ ํ์ง ๋ฐ ์ฌ๊ธฐ ๋ฐ์์ ์ธ๊ณผ๊ด๊ณ ๋ถ์
- [Paper] ์๋๋ก์ด๋ ์ ์ฅ์ ์ทจ์ฝ์ ์ ์ด์ฉํ ์ ์ฑ ํ์ ๋ถ์ ๋ฐ ์ ๋ขฐ์คํํ๊ฒฝ ๊ธฐ๋ฐ์ ๋ฐฉ์ด ๊ธฐ๋ฒ
- [Paper] ์ฌ์ฉ์ ๋ง์ถคํ ์๋ฒ๋ฆฌ์ค ์๋๋ก์ด๋ ์ ์ฑ์ฝ๋ ๋ถ์์ ์ํ ์ ์ดํ์ต ๊ธฐ๋ฐ ์ ์ํ ํ์ง ๊ธฐ๋ฒ
2022
- [Paper] DoLTEst: In-depth Downlink Negative Testing Framework for LTE Devices
- [Paper] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
- [PoC Code] Keybuster
- [Paper] ARM ์บ์ ์ผ๊ด์ฑ ์ธํฐํ์ด์ค๋ฅผ ์ด์ฉํ ์๋๋ก์ด๋OS ์ ์คํฌ๋ฆฐ ์ ๊ธ ๊ธฐ๋ฅ ๋ถ์ฑ๋ ๊ณต๊ฒฉ
- [Paper] GhostTouch: Targeted Attacks on Touchscreens without Physical Touch
- [Paper] SAUSAGE: Security Analysis of Unix domain Socket usAGE in Android
- [Paper] insecure:// Vulnerability Analysis of URI Scheme Handling in Android Mobile Browsers
- [Paper] FIRMWIRE: Transparent Dynamic Analysis for Cellular Baseband Firmware
- [Paper] Large-scale Security Measurements on the Android Firmware Ecosystem
- [Paper] GhostTalk: Interactive Attack on Smartphone Voice System Through Power Line
- [Paper] VirtualPatch: fixing Android security vulnerabilities with app-level virtualization
- [Paper] Implication of animation on Android security
- [Paper] Android Native Library Fuzzing
- [Paper] Implementasi Static Analysis Dan Background Process Untuk Mendeteksi Malware Pada Aplikasi Android Dengan Mobile Security Framework
- [Paper] CREDENTIAL ANALYSIS FOR SECURITY CONFIGURATION ON CUSTOM ANDROID ROM
2023
- [Paper] Assessing the security of inter-app communications in android through reinforcement learning
- [Paper] Android Malware Detection Based on Program Genes
- [Paper] ImageDroid: Using Deep Learning to Efficiently Detect Android Malware and Automatically Mark Malicious Features
- [Paper] MVDroid: an android malicious VPN detector using neural networks
Speaker
2017
2019
- [Speaker] KNOX Kernel Mitigation Bypasses
- [Speaker] Android Security Internals
- [Speaker] Fuzzing OP -TEE with AFL
2020
- [Speaker] Breaking Samsung's Root of Trust - Exploiting Samsung Secure Boot
- [Speaker] Samsung Security Tech Forum 2020
- [Speaker] Qualcomm Compute DSP for Fun and Profit
- [Speaker] PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
2021
- [Speaker] Exploring & Exploiting Zero-Click Remote Interfaces of Modern Huawei Smartphones
- [Speaker] Typhoon Mangkhut: One-click Remote Universal Root Formed with Two Vulnerabilities
- [Speaker] Breaking Secure Bootloaders
- [Speaker] Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
[Speaker] Blowing the Cover of Android Binary FuzzingUnable to connect- [Speaker] Samsung Security Tech Forum 2021
- [Speaker] Emulating Samsung's Baseband for Security Testing
- [Speaker] Stealthily Access Your Android Phones: Bypass the Bluetooth Authentication
- [Speaker] Over the Air Baseband Exploit: Gaining Remote Code Execution on 5G Smartphones
- [Speaker] HOOKA: Deep Dive Into ARTAndroid Runtime For Dynamic Binary Analysis
2022
- [Speaker] A Deep Dive into Privacy Dashboard of Top Android Vendors
- [Speaker] Hand in Your Pocket Without You Noticing: Current State of Mobile Wallet Security
- [Speaker] Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
- [Speaker] DroidGuard: A Deep Dive into SafetyNet
- [Speaker] Android static taint analysis ๊ธฐ๋ฒ๊ณผ ๋ฐ์ ๋ฐฉํฅ
- [Speaker] Android 12์์ Dynamic Taint Analysis ๊ธฐ๋ฒ์ ์ด์ฉํ Kakao talk์ ๋ณตํธํ
- [Video] Hacking a Samsung Galaxy for $6,000,000 in Bitcoin!?
- [Speaker] Trust Dies in Darkness: Shedding Light on Samsung's TrustZone Keymaster Design
- [Speaker] Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
- [Speaker] Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip
- Presentation Slides
- [Tool] Titan M tools
- [Speaker] Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
2023
- [Presentation Slides] Two Bugs With One PoC: Rooting Pixel 6 From Android 12 to Android 13
- [Presentation Slides] Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
- [Presentation Slides] Revisiting Stealthy Sensitive Information Collection from Android Apps
- [Presentation Slides] The Art of Rooting Android devices by GPU MMU features
- [Video] Android 13 LPE
Tools
Static / Dynamic Analysis
- JEB Decompiler : Powerful Integrated Analysis Tools
- IDA Pro : Powerful Integrated Analysis Tools
- Mobile Security Framework (MobSF) : Online Service Integrated Analysis Tools
- Frida : Dynamic Instrumentation Toolkit
- Apktool : APK Files Reverse Engineering
- Bytecode Viewer : Java Reverse Engineering
- JD-GUI : Java Decompiler
- JADX : DEX to Java Decompiler
- RMS-Runtime-Mobile-Security : Manipulate Android and iOS Apps at Runtime
- APKLeaks : Scanning APK File for URIs, Endpoints & Secrets
- Apkingo : APK Details Exploration Tool
- APKLab : APK Integration Tool in VSCode
Online Analysis
- Oversecured : Paid Use
- Virustotal : Free Use
Forensisc Analysis
- MAGNET Forensisc : Powerful Integrated Analysis Tools
- Autopsy : End-To-End Open Source Digital Forensics Platform
- Wireshark : Network Protocol Analyzer
Fuzzer
- Android-afl : Android-enabled Version of AFL
- LibFuzzer : A Library For Coverage-Guided Fuzz Testing
- Droid : Android Application Fuzzing Framework
- Droid-ff : Android File Fuzzing Framework
- DoApp : A Smart Android Fuzzer For The Future
- DIFUZER : Fuzzer for Linux Kernel Drivers
- LTEFuzz : LTE Network Exception Handling Testing, KAIST
Root
Malware
- Quark Engine : An Obfuscation-Neglect Android Malware Scoring System
- AhMyth Android Rat : Sample Malware Production Tool
- TheFatRat : An Exploiting Tool which Compiles a Malware
Virtual / Build / Source
- Android Open Source Project (AOSP) : QEMU(Quick Emulator) Hypervisor
- Android Studio : Android Virtual Device (AVD) Manager
- Android x86 : Android Virtual Emulator
- Nox Player : Android Virtual Emulator
- Samsung Open Source : Kernel, Platform Open Source
- SamFw : [Web] Android Firmware
- Frija : [Software] Android Firmware
Etc
- Scrcpy : ADB Based Android Screen Sharing Tool
- GDB : APK Library Analysis Tools
- PEDA-ARM : ARM Architecture GDB PEDA Plug-in
- Termux : Android Terminal Emulator and Linux Environment App
- [Plugin] PRoot Distro : A Bash script wrapper for utility proot
- Diffuse : APK, AAB, AAR, and JAR Diffing Tool
Other
BugBounty
CVE / SVE
Blog / Site / Git
- Oversecured Blog : Technology Blog
- ESTsecurity Blog : [KOR] Issue Blog
- BlackHat : International Security Conference
- Bug Bounty Hunting Search Engine
- Awesome-Android-Security #1
- Awesome-Android-Security #2
- Awesome-Android-Security #3
- Awesome Google VRP Writeups
- Android Malware 2021
- TEE Basics & General : TEE Resources
- Mobile CTF challenges
- SamMobile : Community Site
- XDA Developers : Community Site
- Cyber Security RSS : Security Issue Collection Site
SNS
Samsung Mobile Security Statistics
* Please note that the statistics are not accurate.
* Based on Samsung SVE DataBase.
Backers
Thank you to all our supporters! ๐
* Please, consider supporting my work as a lot of effort takes place to generate this list! Thanks a lot.
Contributing
Your contributions are always welcome! Please take a look at the contribution guidelines first.
If you have any question about this opinionated list, do not hesitate to contact me open an issue on GitHub.