On nice way to start is set up a proxy using burp to see what data is being sent out. If possible you could even do it with wireshark to see all data that is leaving your app. Looking at the logcat is another nice area to start looking for malicious activity.
Have a look at http://givemeroot.blogspot.com/2013/08/burp-suite-to-pen-test-android-app-on.html On Thursday, October 4, 2012 11:45:48 PM UTC-7, Manivannan Sairam Sairam wrote: > > Hi There, > I have been asked to test the Android phone security. I have performed IA > testing on server before, have knowledge of DISA STIGs, Foundstone and > Nessus scanners. > > Could some one help me on the below questions? > 1. Is there STIG available for Android phones? > 2. Is there any Licensed/OSS security software available for Android > phones? > 3. Is there any documentation on verifying the Android security test? > > Thanks, > Mani > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
