Proj 3x: Security Audit of An Android App (40 pts)

What You Need for This Project


Choose any App you like to test, but not one that I've used in homework projects. Test for security flaws in these areas:
  1. Network communications
  2. File storage
  3. Logging
  4. Any other areas of interest

Security Audit Report

Write a report explaining your methods and results. Here's an example I did, covering only one topic (code modification) for the Bank of America.

Notifying Vendors

Before disclosing a vulnerability publicly, it is traditional to privately notify vendors, supposedly giving them time to fix the problem.

In my experience, the chance of an actual fix is negligible, but privately notifying vendors is a wise political move to avoid criticism from other members of the security community.

I recommend these practices:

I recommend that you let me verify your findings before notifying vendors. Here is another example of a vendor notification.

Turning in your Project

Email the Report, as a PDF or Office document, or a link to a web page. Send it to with the subject line: Proj 3x from YOUR NAME
Vendor notification section added 2-15-19