Android Security Testing Framework

The mobile security testing field is constantly growing, with a vast amount of documentation, techniques and tools released to help IT security teams, penetration testers and developers to assess the behaviour and security of their mobile applications. 

However, the complexity of mobile application security testing can sometimes make it challenging for people with limited experience of mobile environments to up skill in the area or be a timely process for those with the relevant experience. 

The Android Security Testing Framework Tool (ASTF) is a PoC tool that enables you to easily use key Android testing tools freely available on the Internet, with minimal configuration or effort. It offers a simple interface to support those approaching both static and dynamic analysis of Android applications, whether they are developers or testers up skilling in this area or experienced testers who perform these tasks daily on Android applications.

The aim is to continuously extend its features to provide a 360 framework for detecting Android application vulnerabilities and assist with manual security testing of Android applications.

In its first beta version, ASTF allows users to:

  • Connect to a standard Android phone (no agent installation is required, but rooting is required for many functions)
  • Analyse an Android application, either installed on the phone or loaded from the computer
  • Easily facilitate obtaining decompiled source code for each app component (activities, services, content providers etc.)Start the app and analyse its dynamic behaviour with real time logs and a file system monitor
  • Interface with well-known local proxy "Burp" through the use of a custom plugin to collect information on the HTTP/S traffic generated by the application
  • Take snapshots of the application status (i.e. HTTP traffic, file system, logs, screenshot) for later comparison 
  • ASTF provides a self-embedded binary that doesn’t require any further dependencies other than Java and the Android SDK. It is currently developed for Windows OS 

Note: users must agree to the terms and conditions