This repo is a helpful starting point for those interested in exploring the world of Android hacking and bug bounties. The resources mentioned have personally assisted me.
This is not intended to be a comprehensive guide to all Android hacking resources or a guarantee that it will make you an expert in this field. However, it can provide a useful starting point for those interested in bug bounties, as all the resources mentioned have personally helped the me in getting into this field. It should be noted that some of the videos referenced may not reflect current best practices, so it is advisable to also use the regularly updated Android developer documentation.
Android apps can be written using Kotlin, Java, and C++ languages. The Android SDK tools compile your code along with any data and resource files into an APK or an Android App Bundle.
An Android package, which is an archive file with an .apk
suffix, contains the contents of an Android app that are required at runtime and it is the file that Android-powered devices use to install the app.
App components are the essential building blocks of an Android app. Each component is an entry point through which the system or a user can enter your app. Some components depend on others.
There are four different types of app components:
AndroidManifest.xml
. It is located in the root directory of the app’s Android Package Kit (APK) file.<activity>
for each subclass of Activity
.<service>
for each subclass of Service
.<receiver>
for each subclass of BroadcastReceiver
.<provider>
for each subclass of ContentProvider
.BroadcastReceiver
objects and registered with the system by calling registerReceiver()
.android:exported="false"
unless this element is set to true in the manifest or intent-filters are defined for the Activity or Service.<service android:name=".ExampleExportedService" android:exported="true"/>
<activity android:name=".ExampleExportedActivity" android:exported="true"/>
The name of your subclass must be specified with the name
attribute, using the full package designation. For example, an Activity
subclass can be declared as follows:
<manifest ... >
<application ... >
<activity android:name="com.example.myapp.MainActivity" ... >
</activity>
</application>
</manifest>
However, if the first character in the name
value is a period, the app's namespace (from the module-level build.gradle
file's namespace
property) is prefixed to the name. For example, if the namespace is "com.example.myapp" the following activity name is resolved to "com.example.myapp.MainActivity"`:
<manifest ... >
<application ... >
<activity android:name=".MainActivity" ... >
...
</activity>
</application>
</manifest>
AndroidManifest.xml
file.AndroidManifest.xml
that declares two activities for the app.<?xml version="1.0" encoding="utf-8"?>
<manifest
xmlns:android="http://schemas.android.com/apk/res/android"
android:versionCode="1"
android:versionName="1.0">
<!-- Beware that these values are overridden by the build.gradle file -->
<uses-sdk android:minSdkVersion="15" android:targetSdkVersion="26" />
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:roundIcon="@mipmap/ic_launcher_round"
android:label="@string/app_name"
android:supportsRtl="true"
android:theme="@style/AppTheme">
<!-- This name is resolved to com.example.myapp.MainActivity
based upon the namespace property in the `build.gradle` file -->
<activity android:name=".MainActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity
android:name=".DisplayMessageActivity"
android:parentActivityName=".MainActivity" />
</application>
</manifest>
More about this in Overview of Android Components: Intents, Triggering Android Intents