Xposed is a framework that enables developers to write custom modules for hooking into Android apps and thus modifying their flow at runtime. The Xposed framework was released by rovo89 in 2012. The Xposed framework works by placing an app_process binary in a /system/bin/ directory and thus replacing the original app_process binary. app_process is the binary responsible for starting the zygote process. Basically, when an Android phone is booted, init runs the /system/bin/app_process and gives the resulting process the name Zygote. We can hook into any process that is forked from the Zygote process using the Xposed framework.

To demonstrate the capabilities of the Xposed framework, I have developed a custom vulnerable ...