Apr 25, 2014 10:44 AM EDT
The Infosec Institute describes Android as a Linux kernel mobile platform that has been popular throughout its existence on a huge variety of devices, especially mobile smartphones. Most organizations, ranging from banking to telecom companies, have also come up with their apps for Android. Just like generic web applications, these mobile applications need a pen-test exercise as a part of their SDLC life cycle. According to the company, this market is projected to reach a huge size by the end of 2014 with the growing demand for high end smartphone applications.
Top Android Mobile App Security Tools:
Sophos Mobile Security for Android offers users a free Mobile Security app which provides full functionality to protect the Android device without reducing performance or battery life. The company solutions allows users access to up-to-the-minute intelligence from SophosLabs. Android apps are scanned on demand or in intervals. According to Sophos, antivirus functionality helps the user avoid undesirable software that may lead to data loss and unexpected costs. If a device is lost or stolen, a remote lock or wipe will shield personal information.
Sophos
McAfee Mobile Security is also a popular security application for the Android market. Explore everything the new mobile world has to offer, and do it safely and confidently with industry-leading McAfee® Mobile Security. When the user selects new apps, shop online, browse social networks, or use their device for banking and payments, McAfee Mobile Security is there to protect. With more than 150 million mobile devices protected worldwide, McAfee offers the most robust, comprehensive mobile security solutions in the market today.
iSEC Partners Mobile Security Tools offer Android security for users. The company offers a collection of free mobile security tools. Android-OpenDebug extension makes all applications running on the device debuggable; once installed, any application will accept a debugger to attach to them. The tool is available on Github. Android-KillPermAndSigChecks tool disables signature and permission checks for Android IPCs. Android-SSL-TrustKiller tool hooks various methods in order to disable SSL certificate pinning, by forcing the Android application to accept any SSL certificate. Once installed, it works across all applications on a device. Introspy for Android is a tool designed to help penetration testers understand what an Android application does at runtime, and to greatly facilitate the process of reviewing the application's security mechanisms.
Check back here soon for more tools for Android users found at Droid Report.