3.4 Attack surface

AT THE BEGINNING

within drozer shell:

run app.package.attacksurface com.x.x.x

INFO

• The command above lists:

  • Activities

  • ContentProvider

  • BroadcastReceiver

  • Services

THINGS TO REPORT

• If "is debuggable" output shows up (allows attaching a debugger to a process, using adb, and stepping through the code)

MORE DETAILS

• How to use drozer (translation needed)

• Using drozer for application security assessment

• Android app hacking w/ drozer