Static Analysis

Static analysis is a technique used to evaluate the security of an application by examining its source code without executing it.

Types of Vulnerabilities that Static Analysis Can Detect

Type

Description

Insecure Storage

Data stored in locations that other apps or users can access.

Hard-Coded Sensitive Information

Sensitive information such as passwords and API keys embedded directly into the code.

Insecure Communication

Unencrypted or poorly encrypted communication that can be intercepted and read.

Insufficient Cryptography

The use of weak or deprecated encryption algorithms.

Insecure Permissions

Requesting more permissions than necessary, giving the app access to sensitive data.

APK Downloading

APK can be extracted from multiple resources.
- Google Playstore
- Manufecturer App Stores (Samsung Galaxy Store etc)
- Third Party App Stores (APKPure etc)

APK Extraction from Phone

APK Export can be used to extract apk from phone
We can also extract APK using adb.

# Find package name of your app
adb shell pm list packages | grep myapp

# Get path of the apk
adb shell pm path <package name>

# Pull the apk
adb pull /data/app/<package name>/base.apk .

Disassembling the APK

We can use APKTool to disassemble the APK.

apktool d <apk>

PreviousSetup NextDynamic Analysis

Last updated 21 days ago

hashtagTypes of Vulnerabilities that Static Analysis Can Detect

hashtagAPK Downloading

hashtagAPK Extraction from Phone

hashtagDisassembling the APK

Types of Vulnerabilities that Static Analysis Can Detect

APK Downloading

APK Extraction from Phone

Disassembling the APK