# Android APK Checklist
从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS红队专家)!
* 您在**网络安全公司**工作吗? 想要在HackTricks中看到您的**公司广告**? 或者想要访问**PEASS的最新版本或下载HackTricks的PDF**? 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 发现我们的独家[NFT收藏品**PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或在**Twitter**上**关注**我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来**分享您的黑客技巧**。
**Try Hard Security Group**
{% embed url="" %}
***
### [学习Android基础知识](/mobile-pentesting/android-app-pentesting.md#2-android-application-fundamentals)
* [ ] [基础知识](/mobile-pentesting/android-app-pentesting.md#fundamentals-review)
* [ ] [Dalvik和Smali](/mobile-pentesting/android-app-pentesting.md#dalvik--smali)
* [ ] [入口点](/mobile-pentesting/android-app-pentesting.md#application-entry-points)
* [ ] [活动](/mobile-pentesting/android-app-pentesting.md#launcher-activity)
* [ ] [URL方案](/mobile-pentesting/android-app-pentesting.md#url-schemes)
* [ ] [内容提供者](/mobile-pentesting/android-app-pentesting.md#services)
* [ ] [服务](/mobile-pentesting/android-app-pentesting.md#services-1)
* [ ] [广播接收器](/mobile-pentesting/android-app-pentesting.md#broadcast-receivers)
* [ ] [意图](/mobile-pentesting/android-app-pentesting.md#intents)
* [ ] [意图过滤器](/mobile-pentesting/android-app-pentesting.md#intent-filter)
* [ ] [其他组件](/mobile-pentesting/android-app-pentesting.md#other-app-components)
* [ ] 如何使用ADB]\(android-app-pentesting/#adb-android-debug-bridge)
* [ ] 如何修改Smali]\(android-app-pentesting/#smali)
### [静态分析](/mobile-pentesting/android-app-pentesting.md#static-analysis)
* [ ] 检查是否使用[混淆](#some-obfuscation-deobfuscation-information),检查是否注意到手机是否已root,是否正在使用模拟器以及反篡改检查。[阅读此处获取更多信息](/mobile-pentesting/android-app-pentesting.md#other-checks)。
* [ ] 敏感应用程序(如银行应用)应检查手机是否已root,并应相应地采取行动。
* [ ] 搜索[有趣的字符串](/mobile-pentesting/android-app-pentesting.md#looking-for-interesting-info)(密码、URL、API、加密、后门、令牌、蓝牙uuid等)。
* [ ] 特别关注[firebase ](/mobile-pentesting/android-app-pentesting.md#firebase)API。
* [ ] [阅读清单:](/mobile-pentesting/android-app-pentesting.md#basic-understanding-of-the-application-manifest-xml)
* [ ] 检查应用是否处于调试模式,并尝试“利用”它
* [ ] 检查APK是否允许备份
* [ ] 导出的活动
* [ ] 内容提供者
* [ ] 暴露的服务
* [ ] 广播接收器
* [ ] URL方案
* [ ] 应用程序是否[在内部或外部不安全地保存数据](/mobile-pentesting/android-app-pentesting.md#insecure-data-storage)?
* [ ] 是否有[硬编码的密码或保存在磁盘上的密码](/mobile-pentesting/android-app-pentesting.md#poorkeymanagementprocesses)?应用程序是否[使用不安全的加密算法](/mobile-pentesting/android-app-pentesting.md#useofinsecureandordeprecatedalgorithms)?
* [ ] 所有使用PIE标志编译的库?
* [ ] 不要忘记有许多[静态Android分析工具](/mobile-pentesting/android-app-pentesting.md#automatic-analysis)可以在此阶段帮助您很多。
### [动态分析](/mobile-pentesting/android-app-pentesting.md#dynamic-analysis)
* [ ] 准备环境([在线](/mobile-pentesting/android-app-pentesting.md#online-dynamic-analysis),[本地虚拟机或物理](/mobile-pentesting/android-app-pentesting.md#local-dynamic-analysis))
* [ ] 是否存在[意外数据泄漏](/mobile-pentesting/android-app-pentesting.md#unintended-data-leakage)(日志记录、复制/粘贴、崩溃日志)?
* [ ] [保存在SQLite数据库中的机密信息](/mobile-pentesting/android-app-pentesting.md#sqlite-dbs)?
* [ ] [可利用的暴露活动](/mobile-pentesting/android-app-pentesting.md#exploiting-exported-activities-authorisation-bypass)?
* [ ] [可利用的内容提供者](/mobile-pentesting/android-app-pentesting.md#exploiting-content-providers-accessing-and-manipulating-sensitive-information)?
* [ ] [可利用的暴露服务](/mobile-pentesting/android-app-pentesting.md#exploiting-services)?
* [ ] [可利用的广播接收器](/mobile-pentesting/android-app-pentesting.md#exploiting-broadcast-receivers)?
* [ ] 应用程序是否[以明文传输信息/使用弱算法](/mobile-pentesting/android-app-pentesting.md#insufficient-transport-layer-protection)?是否可能进行中间人攻击?
* [ ] [检查HTTP/HTTPS流量](/mobile-pentesting/android-app-pentesting.md#inspecting-http-traffic)
* [ ] 这一点非常重要,因为如果您可以捕获HTTP流量,您可以搜索常见的Web漏洞(Hacktricks中有大量关于Web漏洞的信息)。
* [ ] 检查可能存在的[Android客户端注入](/mobile-pentesting/android-app-pentesting.md#android-client-side-injections-and-others)(可能一些静态代码分析会有所帮助)
* [ ] [Frida](/mobile-pentesting/android-app-pentesting.md#frida):只用Frida,用它从应用程序中获取有趣的动态数据(也许一些密码...)
### 一些混淆/反混淆信息
* [ ] [在此处阅读](/mobile-pentesting/android-app-pentesting.md#obfuscating-deobfuscating-code)
**Try Hard Security Group**
{% embed url="" %}
从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS红队专家)!
* 您在**网络安全公司**工作吗? 想要在HackTricks中看到您的**公司广告**? 或者想要访问**PEASS的最新版本或下载HackTricks的PDF**? 请查看[**订阅计划**](https://github.com/sponsors/carlospolop)!
* 发现我们的独家[NFT收藏品**PEASS Family**](https://opensea.io/collection/the-peass-family)
* 获取[**官方PEASS和HackTricks周边产品**](https://peass.creator-spring.com)
* **加入** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord群**](https://discord.gg/hRep4RUj7f) 或 [**电报群**](https://t.me/peass) 或在**Twitter**上**关注**我 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**。**
* 通过向[hacktricks repo](https://github.com/carlospolop/hacktricks)和[hacktricks-cloud repo](https://github.com/carlospolop/hacktricks-cloud)提交PR来**分享您的黑客技巧**。
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://hacktricks.xsx.tw/mobile-pentesting/android-checklist.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.