Android Penetration Testing with QARK

In this post i want to show you how you can check your app against common security vulnerabilities with QARK (Quick Android Review Kit)

What is QARK?

QARK is a open source tool created by LinkedIn. You can use it to check your app against common security vulnerabilities.

Quick Android Review Kit — This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating “Proof-of-Concept” deployable APKs and/or ADB commands, capable of exploiting many of the vulnerabilities it finds.

How to use it?

1)Download the project from GitHub
2)Start QARK

sudo python qark.py

QARK Startmenu

You can choose to analyse an APK or your existing source code. QARK will generate a report file in “report” folder.

This is the report that QARK generates for the App

The report file will give you information about potential vulnerabilities and what you should do to fix them.