This repository contains educational material — documentation, lab exercises, payload configurations, and automation scripts for authorized Android security assessments. It does not include production software, services, or APIs.
If you discover a security issue in the documentation site, build pipeline, or any script shipped in this repository:
- Open an issue on this repository.
- Include:
- Description of the issue
- Steps to reproduce
- Potential impact
- You will receive an acknowledgment within 72 hours and a resolution timeline within 7 days.
- Vulnerabilities in third-party tools referenced by the book (apktool, Frida, adb, etc.) — report those to their respective maintainers.
- Weaknesses in the practice target APK you build from Lab 12 — that app is intentionally vulnerable by design.
The techniques described in this repository are intended for use only on applications and systems you own or have explicit written authorization to test. If you discover that any content inadvertently facilitates harm beyond authorized assessment, please report it using the process above so we can address the framing or content.
We appreciate responsible disclosure and will credit reporters (with permission) in release notes.