TODO List

### Android

- [ ] Check APK Signature
  - rizin can open `META-INF/CERT.RSA` and print the pkcs7 data from `pFp`
- [ ] Check Certificates and validity, bad hashes, etc..
- [ ] Detect trackers
- [x] App is debuggable [example](https://stackoverflow.com/questions/2952140/android-how-to-mark-my-app-as-debuggable)
- [ ] Exported [example](https://stackoverflow.com/questions/27458207/what-is-the-use-of-androidexported-true-in-broadcastreceiver) [issue](https://stackoverflow.com/questions/44063387/android-app-security-test-failed-saying-component-is-not-protected-an-int) - Partial
- [ ] Test all android security best practies [link](https://developer.android.com/topic/security/best-practices)

### iOS

- [x] Weak rand function
- [ ] Sandbox Behavior (like successfully use `fork()` because calls to `fork()` are disallowed on a stock iOS device).
- [x] [TrustKit](https://github.com/datatheorem/TrustKit) pinning.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TODO List #1

Android

iOS

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

TODO List #1

Description

Android

iOS

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions