Android Application Pen-testing Framework

ABSTRACT Android OS running Smartphones are widely accepted and popular in the recent years and as the vogue of using the Android applications in the android phone are inspiring the Android developers to build verities ofAndroid applications. There are 2.8 million android applications in Android play store itself. Security pet-testing of Android mobile application is challengeable and complicated for pen-tester because of various versions of Android OS and mobile phone fragmentation. The two major problems found in Android applications were Insecure Communication over the network and Code Mitigating which includes altering some portion of code which leads certain benefits to the attacker. There are various other ways to penetrate the android applications and find innumerable vulnerabilities and bugs which might lead to critical organizational fail. I used SantokuOS which is Linux based open source operating and Genymotion to configure virtual envirnmentwith DIVA (Damn insecure and vulnerable App) to perform mobile application penetration testing. I elaborated broad categories of mobile application vulnerabilities and demonstrate practically vary crucial security loophole - insecure data storage, insecure communication and data leakage.