Fundamentals of Android Application Security Testing

This course provides a practical, hands-on introduction to Android application security testing, focusing on how modern Android applications are designed, deployed, and attacked in real-world environments. Students will learn the foundational concepts, tools, and methodologies required to assess the security posture of Android applications across the full application lifecycle.

The class emphasizes offensive and defensive security techniques, helping participants understand not only how vulnerabilities are discovered and exploited, but also how development and security teams can detect, mitigate, and prevent those issues in production environments.

All labs are performed using Corellium, a high-fidelity Android virtualization platform that enables safe, scalable, and repeatable mobile security testing. Corellium allows students to work with real Android operating system images, inspect application behavior at runtime, and perform advanced instrumentation without the instability and limitations commonly encountered on physical devices or traditional emulators.

Throughout the course, students will explore Android application architecture, inter-process communication, permissions, storage models, and common security controls. Hands-on exercises guide participants through tasks such as static analysis, dynamic analysis, traffic interception, runtime manipulation, and vulnerability identification using industry-standard tools and techniques.

By the end of the course, students will have a strong foundational understanding of how Android applications fail in practice, how attackers exploit those failures, and how organizations can build more resilient mobile applications.