Pentest Mobile App

Purpose

Mobile apps are completely absent from Shannon (web-only) and all existing skills. Mobile apps often share backend APIs but introduce unique attack surfaces: local storage, pinning, intent handling, binary protections.

Prerequisites

Authorization Requirements

• Written authorization with mobile app testing scope
• APK/IPA files or access to app store downloads
• Test devices or emulators (rooted Android, jailbroken iOS preferred)
• Backend API documentation if available

Environment Setup

• Frida for runtime instrumentation
• Objection for quick mobile security testing
• MobSF for automated static/dynamic analysis
• jadx for Android decompilation, Hopper for iOS
• Burp Suite configured as mobile proxy