AppSecNotes
Android Dynamic Analysis
  1. Navigate the app and look into the logs with adb logcat.
  2. Dump memory from the application to check for insecurely stored secrets.
  3. Check local storage for files created at runtime - local databases and shared preferences as well.
  4. Intercept traffic with Burp (break SSL pinning if needed) and analyse the requests as if it was a web application.