In this chapter, we have discussed various tools which helped us to reduce the time spent on testing client-side attacks. We have covered Drozer in depth discussing how we can test activities, content providers, and broadcast receivers used by Android apps. We have also seen how Cydia Substrate, Introspy, and Xposed frameworks can be used to do dynamic analysis. Finally we learned how Frida can be used to do dynamic instrumentation without much hassle and coding. We then finished this chapter with discussing issues with logging sensitive information in logs.

In the next chapter, we will be looking into various attacks that are possible on an Android device.