Static analysis

For extracting apk using apktool refer

During static analysis keep these things in mind:-

• Hardcoded secrets in functions.

• Hardcoded secrets in resource file (strings.xml etc)

• JNI - Java Native Interface

  • Used to call into native code, commonly used to embedded C or C++ code or libraries into an application

    • Generally these are used in cross platform application.

    • We can identify calls into such functions by the keyword native.

    • Jadx doesn’t let us decompile shared objects (.so files under lib directory) so we will use binary ninja or ghidra for it. We can also use strings command to get a sneak peak into file.