Wednesday, May 7, 2025
HomeAndroidAndroid Application Penetration Testing Part 3

Android Application Penetration Testing Part 3

Published on

SIEM as a Service

Follow Us on Google News

In my last article( Android Application Penetration Testing Part 1 ), ( Android Application Penetration Testing Part 2 )we had look at basic architecture and penetration testing tools. Now Let’s dig deeper with ADB.

Android Debug Bridge

Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device

Adb install – It is used to install an apk file into an Emulated/Connected Device

- Advertisement - Google News

Adb pull – It is used to fetch some data from an Emulated device (remote) to a local host (local).

Adb push – It is used to push some data from localhost (local) to Emulated Device (remote).

Adb forward – Forwards socket connections from a specified local port to a specified remote port on the emulator/device instance.

Adb shell – Adb provides a UNIX shell that you can use to run a variety of commands on an emulator or connected device. In the terminal, you can use all adb commands

  • We can install applications via ADB shell or directly by using the app use dashboard

Some Important notes

  • UID– Every time a new application is initiated in the Android device, it is assigned a unique User ID
  • PID– As every application has its own process id
  • GID– group IDs of the application that owns that process

Dumpsys meminfo – All process details

Android Application Penetration testing Part 3

Dumpsys meminfo name of .apk

Android Application Penetration testing Part 3

Android Package (APK) is the default extension for Android applications, which is just an archive file that contains all the necessary files and folders of the application.

All data of the application in the device can be found in /data/data directory.

All applications (apk files) in the device can be found in /data/app directory

Android Application Penetration testing Part 3

Standard permissions granted to the shell can be found in /system/etc/permissions # cat platform.xml

Android Application Penetration testing Part 3
Android Application Penetration testing Part 3

Hacks via ADB:

We usually open our Android device by unlocking various gesture patterns or password key

Android Application Penetration testing Part 3

If you remove the gesture. Key or password. The key which located in data/system, you can bypass that lock.

Android Application Penetration testing Part 3

Another method

Try with ADB shell

Cd /data/data/com.android.providers.settings/databases

sqlite3 settings.db

Update system set value=0 where name='lock_pattern_autolock';

Update system set value=0 where name='lockscreen.lockedoutpermanently'; .quit

Reset your phone. Don’t worry try a random pattern or pin or Password, you will bypass it.

  Android Application Penetration Testing Part – 4

Also, read

You can follow us on LinkedinTwitter, and Facebook for daily Cybersecurity updates also you can take the Android Hacking and Penetration Testing Course to keep yourself self-updated.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...