In the hands of a hacker, an ordinary Android smartphone can become a formidable weapon – either on its own or in combination with other devices. But hardware is only one component of hacker’s success: to transform a phone into a hacker tool, special software is required.

Once, while being on a job search, I received an interesting test assignment: analyze Viber for Android, find vulnerabilities in it, and exploit them. Using this episode as an example, I will demonstrate you an efficient approach that can be used to analyze real apps and obtain results in a short time. Joking aside: if you go through all the steps described below, you have a good chance to find a 0-day vulnerability in Viber. 😉

Each of us uses satellite navigation to get anywhere outside our backyard. But what if GPS, as of a sudden, stops working and cannot be used to determine your location anymore? This article presents an efficient technique enabling you to fool GPS.

From a hacker’s perspective, a mobile phone is the most handy tool for computer attacks, especially for attacks that require semiphysical access and are delivered over a radio channel. In this article, I will explain how to transform an ordinary Android smartphone into a powerful hacker weapon.

Java or Kotlin are not the only languages you can use to create apps for Android. C# programmers can develop mobile apps using the Xamarin open-source platform. Today, I will explain how to research such apps and find ways to hack them.

One day I encountered a technical issue: I had to put a phone connected to a single-board Raspberry Pi computer into the USB-tethering mode on boot. To do this, I used Android Debug Bridge (ADB), a handy debugging interface for Android devices. There are several ways to automate the work of apps on an Android smartphone using ADB, and this paper examines one of them.

In addition to traditional permissions, Android has three metapermissions that open access to very dangerous APIs enabling the attacker to seize control over the device. In this article, I will explain how to use them so that you can programmatically press smartphone buttons, intercept notifications, extract text from input fields of other apps, and reset device settings.