Skip to main content
back to agenda
on this page

APKaleidoscope - Android security insights in full spectrum

  • 17:00
  • Tue
  • 14 Nov
Arsenal 3


APKaleidoscope is an open source tool written in Python designed for comprehensive scanning of Android applications for security vulnerabilities. A key highlight is its capability to detect the latest OWASP Top 10 vulnerabilities, ensuring that apps are safeguarded against the most pressing security threats of today. During the session will demonstrate the dual mode of operation of APKaleidoscope : static and dynamic analysis. In static analysis, we extract crucial data points from the APK, such as permissions, intent filters, and API calls, providing insights into potential security misconfigurations or vulnerabilities. On the other hand, In dynamic analysis, we will see the app's real-time behavior, and flag suspicious activities or insecure data handling practices. 

One of the showstoppers today is our ""Contextual Vulnerability Mapping."" Instead of merely flagging vulnerabilities, Will demonstrate how APKaleidoscope examines the surrounding code, user flow, and even the UI. This approach provides a richer context, ensuring we grasp the complete picture of each vulnerability. Another crucial area of focus will be on the extraction of sensitive information directly from the application's source code, a vulnerability often overlooked by developers. I have a demo planned for same. 

Near the end, I will showcase the tool's capability in highlighting insecure data storage practices, extracting sensitive information from source code and insecure request protocols. And to wrap things up, we'll generate a comprehensive, actionable report, bridging the gap between detection and remediation.