Android Pentesting Tools, iOS Lock Screen Vulnerabilities, and Essential Kotlin Tips

By Tara SinghAndroid Apps

Android Pentesting Tools, iOS Lock Screen Vulnerabilities, and Essential Kotlin Tips

In this roundup: ten pentesting tools, iOS lock screen vulnerabilities, bypassing anti-emulator protection, legal ways to elevate privileges in Android, methods to make your app harder to hack, 15 must-have tools for Android developers, useful Android Studio keyboard shortcuts, 31 Kotlin tips, and a fresh batch of handy Android libraries.

Tools

  • SnoopSnitch β€” App for checking your phone’s firmware for installed and missing security patches.
  • uitkyk β€” Simple Frida script to detect malware by analyzing stack objects and intercepting shell command functions.
  • AndHook β€” Another DBI framework for Android, similar to Cydia Substrate and Xposed.
  • androidre β€” Docker image with a set of Android app analysis tools: Apktool, jadx, APKiD, Radare2, Frida, and more.
  • iCloudBrutter β€” Apple ID password brute-forcer.
  • QARK β€” Automated tool for finding various vulnerabilities in Android apps; can sometimes generate ready-to-use exploits or ADB command sets.
  • droidstatx β€” Utility that generates a mind map with app info and possible vulnerabilities.
  • avd-root β€” Script for rooting the Android emulator.
  • bfinject β€” Utility for injecting libraries into any iOS app; requires jailbroken iOS 11.0–11.1.2.
  • bfdecrypt β€” Utility for decrypting iOS apps; requires jailbroken iOS 11.0–11.1.2.

Bypassing Android Anti-Emulation Protection

Bypassing Android Anti-Emulation, Part I and Part II β€” a two-part series on bypassing anti-emulator protection. The first part introduces Android app structure and how anti-emulation works. The second part is practical, showing how to decompile an app and disable the protection.

  • Most anti-emulation mechanisms rely on reading system variables and searching for certain strings, e.g., Build.FINGERPRINT.startsWith("generic"), Build.MODEL.contains("google_sdk"), Build.BRAND.startsWith("generic").
  • Disabling anti-emulation is similar to hacking a legit app: decompile with jadx or another tool, find the emulator check (often in functions like carrierNameFromTelephonyManager(), isEmulator(), or smellsLikeAnEmulator()), then disassemble with apktool, find the same function call in smali code, and remove it. Obfuscators like ProGuard make this harder, but not impossible.

iOS Lock Screen Vulnerabilities and Mitigation

Full list of iOS lock screen vulnerabilities from iOS 5 to present, with links to descriptions and video demos.

  • iOS 5.x β€” 4 vulnerabilities
  • iOS 6.x β€” 8 vulnerabilities
  • iOS 7.x β€” 12 vulnerabilities
  • iOS 8.x β€” 11 vulnerabilities
  • iOS 9.x β€” 6 vulnerabilities
  • iOS 10.x β€” 10 vulnerabilities
  • iOS 11.x β€” 5 vulnerabilities

Tips to protect yourself from lock screen hacks:

  • Disable Siri on lock screen: Settings β†’ Passcode β†’ Siri (or Voice Dial) β†’ Allow access when locked
  • Disable Passbook on lock screen: Settings β†’ Passcode β†’ Passbook β†’ Allow access when locked
  • Disable Control Center on lock screen: Settings β†’ Control Center β†’ Access on Lock Screen
  • Disable notification panel on lock screen: Settings β†’ Passcode β†’ Allow access when locked
  • Disable missed calls on lock screen: Settings β†’ Notifications β†’ Phone β†’ Show on Lock Screen
  • Disable SMS previews on lock screen: Settings β†’ Notifications β†’ Messages β†’ Show Previews
  • Disable lock/unlock with case: Settings β†’ General β†’ Lock/Unlock
  • Disable camera on lock screen: Settings β†’ General β†’ Camera
  • Set an alphanumeric password

Security of Apps Using ADB Workaround

Analysing Use of High Privileges in Android Applications β€” a study on the security of apps using the ADB Workaround to gain higher system privileges without root.

Android has normal and dangerous permissions (the latter require user consent), but also system and signature permissions, which allow installing/removing any app, taking screenshots, backups, and more. System permissions are only for pre-installed apps; signature permissions are for apps signed with the firmware’s key.

However, any process started via adb shell gets signature-level permissions. Some developers use this by embedding a proxy in their app, which the user starts via ADB or a script. The proxy receives commands from the app and performs privileged actions. Researchers found that these proxies often use hardcoded or insecurely stored passwords, making them vulnerable to malware that could connect to the proxy and, for example, record the screen β€” all without system-level rights.

Running Java Code with Shell Privileges

Introducing scrcpy β€” an article about the scrcpy utility, which mirrors your phone’s screen to your PC and lets you control it with mouse and keyboard. The interesting part is how it works: scrcpy uploads and runs Java code with adb shell privileges, but not as a regular Android app β€” just a DEX-packed JAR file.

  1. Write a Java app (example): 
    import android.os.SystemClock;

public class HelloWorld {
    public static void main(String... args) {
        System.out.print("Hello,");
        SystemClock.sleep(1000);
        System.out.println(" world!");
    }
}
  2. Compile: 
    $ javac -source 1.7 -target 1.7 -cp "$ANDROID_HOME"/platforms/android-27/android.jar HelloWorld.java
  3. Convert to DEX: 
    $ "$ANDROID_HOME"/build-tools/27.0.2/dx --dex --output classes.dex HelloWorld.class
  4. Pack into JAR: 
    $ jar cvf hello.jar classes.dex
  5. Push and run on device: 
    $ adb push hello.jar /data/local/tmp/
$ adb shell CLASSPATH=/data/local/tmp/hello.jar app_process / HelloWorld

This way, you get an app that doesn’t need to be installed and has shell rights, allowing privileged actions like backup, screencasting, screenshots, and app management.

Better Obfuscation with ProGuard

Improving ProGuard Name Obfuscation β€” ProGuard, included with Android Studio, optimizes and obfuscates Java classes by shortening class, method, and variable names. By default, it uses predictable names (a, b, aa, etc.), making it easier for attackers to map code between versions. To make it harder, use different dictionaries for each build:

-obfuscationdictionary method-dictionary.txt
-packageobfuscationdictionary package-dictionary.txt
-classobfuscationdictionary class-dictionary.txt

Also, use:

-repackageclasses 'o'

This moves all classes into package o, further confusing attackers.

Kotlin Inline Functions

Demystifying the inline keyword β€” The inline keyword tells the compiler to insert the function’s body at the call site instead of making a function call. This is especially useful for functions that take lambdas, as it avoids creating anonymous objects for each call, improving performance.

  • Use inline for functions that take lambdas and are called frequently.
  • Since Kotlin 1.1, inline can be used with properties (getters/setters).
  • return inside a lambda passed to an inline function returns from the calling function, not just the lambda.
  • There are also noinline and crossinline modifiers for more control over lambda inlining.
inline fun exampleFun(crossinline body: () -> Unit) {
    Runnable {
        body()
    }.run()
}

15 Essential Android Development Tools

  • FlowUp β€” App performance monitor (FPS, memory, CPU, etc.)
  • Stetho β€” Facebook’s debugging tool for inspecting View hierarchy, SQLite DBs, and network via Chrome DevTools
  • LeakCanary β€” Memory leak detection library
  • JRebel β€” Build acceleration system
  • Android Asset Studio β€” Tools for generating app icons and resources
  • DryRun β€” Quickly try Android libraries with a sample app in the emulator
  • Vysor β€” Chrome plugin for interacting with your phone’s screen
  • B4A β€” BASIC development environment for Android
  • Genymotion β€” Feature-rich Android emulator
  • Sourcetree β€” Graphical Git client
  • Takt β€” FPS counter overlay for apps
  • Codota β€” Android Studio plugin for searching Stack Overflow, GitHub, and Gist
  • AIDE β€” Android IDE as an app
  • Android Studio

Useful Android Studio Keyboard Shortcuts

  • Ctrl + Shift + A (Cmd + Shift + A) β€” Quick action search (menu items like Generate signed APK…)
  • Ctrl + N (Cmd + O) β€” Find classes
  • Ctrl + Shift + N (Shift + Cmd + O) β€” Find files
  • Shift twice β€” Search everything above
  • Ctrl + Alt + Left (Cmd + [) β€” Jump to previous code location
  • Ctrl + Alt + Right (Cmd + ]) β€” Jump to next location
  • Ctrl + E (Cmd + E) β€” Recent files
  • Ctrl + Shift + Enter (Cmd + Shift + Enter) β€” Autocomplete

31 Days of Kotlin: Key Tips

Summary of #31DaysOfKotlin β€” In March, Google’s official AndroidDev Twitter shared daily Kotlin tips. Here’s a concise summary:

  1. Elvis operator (?:): val name: String = person.name ?: "unknown"
  2. String templates: val text = "$language has ${language.length} characters"
  3. Destructuring declarations: val (red, green, blue) = color
  4. when operator for smart branching
  5. Flexible for loops: for(i in 1..100), for((index, element) in array.withIndex())
  6. Properties and fields with custom getters/setters
  7. Data classes: data class User(val name: String, val email: String)
  8. Visibility modifiers: private, internal
  9. Default arguments in constructors and functions
  10. Sealed classes for advanced enums
  11. Lazy initialization: val preferences: String by lazy { ... }
  12. lateinit for non-null variables initialized later
  13. Argument checks: require(name.isNotEmpty()) { "Invalid name" }
  14. Inline functions: inline fun onlyIf(check: Boolean, operator: () -> Unit)
  15. Calling Kotlin functions from Java with @file:JvmName
  16. Type-safe system services with reified generics
  17. Delegation for property state management
  18. Extension functions: fun String.toUri(): Uri = Uri.parse(this)
  19. Drawable to Bitmap conversion with Android KTX
  20. Sequences for efficient data processing
  21. Operator overloading: operator fun Spannable.plusAssign(span: Any)
  22. Top-level functions (no class needed)
  23. Iterators for ViewGroup and SparseArray with Android KTX
  24. ContentValues made easy with Android KTX
  25. DSLs for custom mini-languages
  26. Bundles simplified with Android KTX
  27. Lambdas for concise code
  28. Spannable string building with Android KTX
  29. @Parcelize for Parcelable data classes
  30. Extended Android API with Android KTX
  31. Scope functions: let, apply, with, also, run

More Tools

  • Scrcpy β€” Simple tool for mirroring and controlling your phone from your PC; requires only ADB, no root.
  • Hyperion-Android β€” In-app debugging and UI inspection tool, similar to browser DevTools.
  • Profilo β€” Facebook’s app performance profiling library.
  • Certified Devices β€” List of Google-certified devices compatible with Google Play.

Useful Libraries

  • PhotoEditor β€” Ready-to-use Paint-style graphics editor View.
  • Lynket β€” Open-source Chrome-based browser for learning how to build your own.
  • Json2Kotlin β€” Converts JSON to Kotlin data classes.
  • Kyrie β€” Enhanced VectorDrawable and AnimatedVectorDrawable classes.
  • GlideToVectorYou β€” Glide-based library for loading and displaying SVG images.
  • BottomNavigationViewEx β€” Extended BottomNavigationView UI component.
  • Spark β€” Gradient animation library in Instagram/Spotify style.
  • ShapeOfView β€” Assign custom shapes to any View.
  • ModalBottomSheetDialogFragment β€” Material Design bottom sheet menu.
  • Kotlin Please Animate β€” Powerful, easy-to-use animation library.
  • ElevationImageView β€” Adds shadow to ImageView.
  • Floating Action Button Speed Dial β€” Speed dial menu for FloatingActionButton.
  • android-inline-youtube-view β€” Embed YouTube in your app.
  • convalida β€” Input field validation library.
  • LocaleText β€” Change app locale without restarting.

Leave a Reply