I will try to make them in such a way that I can also share it with others as well. Hope this will be helpful for me as well as other people.


These are my android notes that I am going to keep while I progress and see what all I can do.

  • All the applications are stored on /data/app directory.

  • All the system applications are stored on /system/app/

    • We don't have to touch this unless we are going behind the android OS

  • Some application gets installed in /data/app-private

    • This is done my PM(package manager) using FORWARD_LOCK enabled

    • No external app or anyone else can access that.

    • Obviously if you have rooted device you can access those.

zygotes: This is the process that listen for new application requests in Android OS

  • To get all the URLs from the apk

    • strings <apk> | grep -ProI "[\"'\](https?://|/)[\w.-/]+[\"'`]"`

Some general things

  • In AndroidManifest.xml we can see <application> tag they define layout and stuff but it have some spicy stuff as well

    • <android:allowBackup> : Define whether the backup of application data is allowed or not.

      • run app.package.backup -f <package-name>

      • So it's possible for the developer to define Backupagent which can be used to do various task related to backup.

      • we can make the backup using adb backup <package-name> , an activity will be launched. Leave the Key field black and back it up

      • dd if=backup.ab bs=24 skip=1 | openssl zlib -d > backup.tar

        • here backup.ab is placed in the $(pwd)

      • extract the tar and see if the databases etc is also being shared.

    • Check if the app is debuggable:

      • run app.pacage.debuggable

      • If this is the case a shit load of information would be leaking.

      • Use adb jdwp to see what all application are running in debuggable mode.

API keys

In 'strings.xml` you will find lot of APIs. It's possible to use some in wrong manners.