๐Ÿ“ฑ

Mobile Application Pentest

Android and iOS security testing - static analysis, dynamic instrumentation, SSL pinning bypass, and API backend testing.

Prerequisites

  • APK file (Android) or IPA file (iOS) from client
  • Physical device or emulator with USB debugging enabled (for dynamic analysis)
  • Android: device connected with USB debugging enabled (developer mode)
  • iOS: Jailbroken device or Corellium subscription for iOS dynamic testing
  • Written authorization covering the mobile app and its backend APIs
  1. 1

    Select Mobile Pentest from Home Screen

    Click ๐Ÿ“ฑ Mobile Pentest. Select platform: Android, iOS, or Both.

  2. 2

    Upload APK / IPA

    Drag and drop the APK or IPA file onto the upload zone. PhantomYerra validates the file, calculates SHA-256, and prepares it for analysis.

    ๐Ÿ’ก For Android: obtain the APK via the Android device bridge (pm path com.target.app then pull the path). For iOS: export from Xcode Archive or request from client.
  3. 3

    Complete Mobile Wizard

    Platform : Android / iOS / Both App Version : [auto-detected from manifest] Backend API : Include API testing? Yes/No โ†’ enter API URL Device : Connected device or emulator (for dynamic) Auth : App login credentials for authenticated dynamic testing Scope : App binary + backend API + local storage
  4. 4

    Claude Runs the Mobile Test Pipeline

    Phase 1: Static analysis - PhantomYerra Mobile Analysis Platform decompile and code review Phase 2: Secrets scan : API keys, hardcoded passwords, tokens in APK Phase 3: Permission audit - dangerous permissions, over-privileged access Phase 4: SSL pinning check: detect pinning implementation Phase 5: Dynamic analysis : runtime instrumentation and pinning bypass Phase 6: Traffic intercept: HTTP/S traffic via proxy with cert installed Phase 7: Backend API test : all endpoints discovered from traffic Phase 8: Storage analysis : SQLite DBs, SharedPrefs, files on device
  5. 5

    Review Findings and Generate Mobile Security Report

    Report includes: app info, permission analysis, static findings, dynamic findings, API security findings, OWASP Mobile Top 10 coverage, and remediation guidance.

โฑ๏ธ Static analysis: 15โ€“30 minutes. Full dynamic analysis: 2โ€“4 hours.

Common Issues

Ensure the runtime agent binary matches the device architecture (arm64 for modern devices, x86 for emulator). Use Settings โ†’ Tools โ†’ Mobile โ†’ Reinstall Runtime Agent to download and push the correct architecture binary automatically. When deploying manually, ensure you run with root privileges on the device.

The app may use certificate transparency or custom pinning not covered by the standard bypass. Try the advanced pinning bypass mode in PhantomYerra โ†’ Mobile โ†’ Runtime Agent โ†’ Advanced SSL Bypass. If that fails, use the TrustMeAlready Xposed module or load a custom instrumentation script targeting the specific pinning class found via decompiler analysis. Check the decompiled code for custom TrustManager implementations.

The APK may be split (Android App Bundle). Request a universal APK from the client or use bundletool build-apks --bundle=app.aab --output=app.apks --mode=universal to generate a universal APK. The Mobile Analysis Platform requires a standard APK, not an AAB.

Related Topics

๐Ÿ”Œ API Pentest โšก Automated AI Mode ๐Ÿ“Š Reports
ยฉ Ravi Yerra. All Rights Reserved.
Full Disclosure

264 modules ยท 30+ surfaces ยท 14 vuln families ยท 120+ classes

The sections above describe what this surface tests. For the complete enumeration of every vulnerability class PhantomYerra covers across all surfaces โ€” with scanner module names โ€” see the Coverage Matrix.

View Full Coverage Matrix →