|
|
@@ -9,11 +9,11 @@ tags: [mobile]
|
|
|
|
|
|
## Things to check
|
|
|
|
|
|
-* Check Activities & Permissions
|
|
|
-* Check Intents & Intent Filters
|
|
|
-* Check WebView + Javascript combinations (rg "JavascriptInterface")
|
|
|
-* PendingIntents (e.g. for notifications) that are passed to another app. (1)
|
|
|
-* Are all outgoing network connections secured? (Https + Public Key Pinning) (rg TrustManager) (2)
|
|
|
+* [ ] Check Activities & Permissions
|
|
|
+* [ ] Check Intents & Intent Filters
|
|
|
+* [ ] Check WebView + Javascript combinations (rg "JavascriptInterface")
|
|
|
+* [ ] PendingIntents (e.g. for notifications) that are passed to another app. (1)
|
|
|
+* [ ] Are all outgoing network connections secured? (Https + Public Key Pinning) (rg TrustManager) (2)
|
|
|
|
|
|
## Malware Tricks
|
|
|
|
Marius Schwarz