Android Security Testing
Posted on 2015-01-18
I am initiating Android mobile testing and acquired some basic information on the process and checklist. Even I have zeroed to some tools. I am not sure about the tools how it works but I am exploring. I have one basic question on best practice. Should we do performance testing directly on the device or through some emulator? I have not categorised the tools accordingly whether to execute on device or emulator. Please provide some insight.
Some tools which I will be considering --
App-Ray analyzes apps and highlights vulnerabilities, data leaks, and privacy breaches.
DidFail (Droid Intent Data Flow Analysis for Information Leakage) uses static analysis to detect potential leaks of sensitive information within a set of Android apps
DroidBench is a set of open source real-life Android applications to be used as a testing ground for static and dynamic security tools
FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.