Open-Source Cybersecurity Tools: Mobile Security

← Back to Open-Source Cybersecurity Tools Hub | Full Open Source Catalog | Main Atlas

This category contains 12 documented tools. It focuses on capabilities used for mobile app hardening, runtime protections, and endpoint device posture enforcement. Use this section when building shortlists, comparing operational tradeoffs, and mapping controls to detection/response ownership.

Category Evaluation Checklist

  • Coverage depth against your highest-priority threats and compliance obligations.
  • Operational overhead for deployment, tuning, and long-term maintenance.
  • Signal quality versus analyst workload and false-positive pressure.
  • Integration fit with SIEM, ticketing, identity, cloud, and engineering workflows.
  • Governance readiness including auditability, ownership clarity, and change control.

Jump by Name

A | C | D | E | F | J | O

Letter A

This letter section contains 3 tools.

Apk2Gold

  • Website: https://github.com/lxdvs/apk2gold
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome CTF

What it does: Apk2Gold is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Yet another Android decompiler.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

APKinspector

  • Website: https://github.com/honeynet/apkinspector/
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Honeypots

What it does: APKinspector is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Powerful GUI tool for analysts to analyze the Android applications.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Contents > Honeypots.

Back to Name Jump

ApkTool

  • Website: http://ibotpeaches.github.io/Apktool/
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome CTF

What it does: ApkTool is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Android Decompiler.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter C

This letter section contains 1 tools.

Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018

  • Website: https://www.usenix.org/conference/usenixsecurity18/presentation/talebi
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Fuzzing

What it does: Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018 is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

Letter D

This letter section contains 1 tools.

Decompiler.com

  • Website: https://www.decompiler.com/
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Hacking

What it does: Decompiler.com is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Java, Android, Python, C# online decompiler.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Web > Tools.

Back to Name Jump

Letter E

This letter section contains 1 tools.

Evolutionary Fuzzing of Android OS Vendor System Services, 2019

  • Website: https://arxiv.org/abs/1906.00621
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Fuzzing

What it does: Evolutionary Fuzzing of Android OS Vendor System Services, 2019 is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > ArXiv (Fuzzing with Artificial Intelligence & Machine Learning).

Back to Name Jump

Letter F

This letter section contains 4 tools.

FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020

  • Website: https://www.usenix.org/conference/usenixsecurity20/presentation/liu
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Fuzzing

What it does: FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020 is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Source list entry describing this security tool and its use case.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Fuzzing > Papers > USENIX Security.

Back to Name Jump

FingerprintJS

  • Website: https://github.com/fingerprintjs/fingerprintjs
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Security

What it does: FingerprintJS is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Identifies browser and hybrid mobile application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Fraud prevention.

Back to Name Jump

FingerprintJS Android

  • Website: https://github.com/fingerprintjs/fingerprint-android
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Security

What it does: FingerprintJS Android is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Identifies Android application users even when they purge data storage. Allows you to detect account takeovers, account sharing and repeated malicious activity.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Security > Fraud prevention.

Back to Name Jump

Frida

  • Website: https://www.frida.re
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome Honeypots, Awesome Penetration Testing

What it does: Frida is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Awesome Penetration Testing > Reverse Engineering > Reverse Engineering Tools.

Back to Name Jump

Letter J

This letter section contains 1 tools.

Java Decompilers

  • Website: http://www.javadecompilers.com
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome CTF

What it does: Java Decompilers is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: An online decompiler for Java and Android APKs.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump

Letter O

This letter section contains 1 tools.

Objection

  • Website: https://github.com/sensepost/objection
  • Model: Open Source
  • Category: Mobile Security
  • Source Lists: Awesome CTF

What it does: Objection is used in mobile security programs to support mobile app hardening, runtime protections, and endpoint device posture enforcement. Source summaries describe it as: Runtime Mobile Exploration.

Operational value: Security teams commonly use this capability to improve consistency between detection, investigation, and response decisions, especially when alerts, evidence collection, and triage ownership are distributed across multiple teams.

Typical deployment pattern: Implementations usually start with scoped pilot coverage, baseline logging/telemetry validation, and explicit runbook mapping so analysts understand when to escalate, contain, or defer.

Selection considerations: As an open-source option, teams usually evaluate maintainer activity, release cadence, and community response quality. Related source context: Solve > Reversing.

Back to Name Jump