{"id":50794577,"url":"https://github.com/brandonhimpfen/awesome-mobile-security","last_synced_at":"2026-06-12T13:32:15.780Z","repository":{"id":347701308,"uuid":"1194979667","full_name":"brandonhimpfen/awesome-mobile-security","owner":"brandonhimpfen","description":"A curated list of tools, frameworks, practices, and resources for mobile security.","archived":false,"fork":false,"pushed_at":"2026-03-29T03:55:01.000Z","size":17,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-29T06:29:45.606Z","etag":null,"topics":["awesome","awesome-list","awesome-lists","mobile","mobile-security"],"latest_commit_sha":null,"homepage":"https://lnktr.net/awesome","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brandonhimpfen.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"ko_fi":"brandonhimpfen","custom":["https://paypal.me/brandonhimpfen","https://github.com/brandonhimpfen/donate"]}},"created_at":"2026-03-29T03:53:12.000Z","updated_at":"2026-03-29T03:59:20.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/brandonhimpfen/awesome-mobile-security","commit_stats":null,"previous_names":["brandonhimpfen/awesome-mobile-security"],"tags_count":null,"template":false,"template_full_name":"brandonhimpfen/awesome-lists-template","purl":"pkg:github/brandonhimpfen/awesome-mobile-security","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhimpfen%2Fawesome-mobile-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhimpfen%2Fawesome-mobile-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhimpfen%2Fawesome-mobile-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhimpfen%2Fawesome-mobile-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brandonhimpfen","download_url":"https://codeload.github.com/brandonhimpfen/awesome-mobile-security/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brandonhimpfen%2Fawesome-mobile-security/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34247461,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-12T02:00:06.859Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","awesome-lists","mobile","mobile-security"],"created_at":"2026-06-12T13:32:11.648Z","updated_at":"2026-06-12T13:32:15.775Z","avatar_url":"https://github.com/brandonhimpfen.png","language":"Python","funding_links":["https://ko-fi.com/brandonhimpfen","https://paypal.me/brandonhimpfen","https://github.com/brandonhimpfen/donate","https://github.com/sponsors/awesomelistsio","https://ko-fi.com/awesomelists","https://www.paypal.com/donate/?hosted_button_id=3LLKRXJU44EJJ"],"categories":["Related Awesome Lists","Mobile Development","Other Lists"],"sub_categories":["Vue Lists"],"readme":"# Awesome Mobile Security [![Awesome Lists](https://srv-cdn.himpfen.io/badges/awesome-lists/awesomelists-flat.svg)](https://github.com/awesomelistsio/awesome)\n\n[![GitHub Sponsors](https://srv-cdn.himpfen.io/badges/github/github-flat.svg)](https://github.com/sponsors/awesomelistsio) \u0026nbsp; \n[![Ko-Fi](https://srv-cdn.himpfen.io/badges/kofi/kofi-flat.svg)](https://ko-fi.com/awesomelists) \u0026nbsp; \n[![PayPal](https://srv-cdn.himpfen.io/badges/paypal/paypal-flat.svg)](https://www.paypal.com/donate/?hosted_button_id=3LLKRXJU44EJJ) \u0026nbsp; \n[![Stripe](https://srv-cdn.himpfen.io/badges/stripe/stripe-flat.svg)](https://tinyurl.com/e8ymxdw3) \u0026nbsp; \n[![X](https://srv-cdn.himpfen.io/badges/twitter/twitter-flat.svg)](https://x.com/ListsAwesome) \u0026nbsp; \n[![Facebook](https://srv-cdn.himpfen.io/badges/facebook-pages/facebook-pages-flat.svg)](https://www.facebook.com/awesomelists)\n\n\u003e A curated list of tools, frameworks, practices, and resources for mobile security — covering secure storage, app hardening, reverse engineering protection, authentication, and privacy across iOS and Android.\n\n## Contents\n\n- [Security Standards \u0026 Guidelines](#security-standards--guidelines)\n- [Secure Storage](#secure-storage)\n- [Authentication \u0026 Identity](#authentication--identity)\n- [Network Security](#network-security)\n- [App Hardening \u0026 Protection](#app-hardening--protection)\n- [Reverse Engineering \u0026 Analysis](#reverse-engineering--analysis)\n- [Vulnerability Scanning \u0026 Testing](#vulnerability-scanning--testing)\n- [Monitoring \u0026 Runtime Protection](#monitoring--runtime-protection)\n- [Privacy \u0026 Data Protection](#privacy--data-protection)\n- [Learning \u0026 Resources](#learning--resources)\n\n## Security Standards \u0026 Guidelines\n\nBest practices and frameworks for mobile security.\n\n- [OWASP Mobile Top 10](https://owasp.org/www-project-mobile-top-10/) — List of the most critical mobile security risks.\n- [OWASP Mobile Security Testing Guide (MSTG)](https://owasp.org/www-project-mobile-security-testing-guide/) — Comprehensive guide for mobile app security testing.\n- [OWASP MASVS](https://owasp.org/www-project-mobile-app-security/) — Mobile Application Security Verification Standard.\n- [Apple App Security](https://developer.apple.com/security/) — Security guidelines and documentation for iOS.\n- [Android Security](https://source.android.com/security) — Android platform security model and practices.\n\n## Secure Storage\n\nMechanisms for securely storing sensitive data on mobile devices.\n\n- [Keychain Services](https://developer.apple.com/documentation/security/keychain_services) — Secure storage for iOS credentials and secrets.\n- [Android Keystore](https://developer.android.com/training/articles/keystore) — Secure key storage for Android apps.\n- [EncryptedSharedPreferences](https://developer.android.com/topic/security/data) — Encrypted storage for Android preferences.\n- [SQLCipher](https://www.zetetic.net/sqlcipher/) — Encrypted SQLite database for mobile apps.\n- [Secure Storage (Flutter)](https://pub.dev/packages/flutter_secure_storage) — Secure key-value storage for Flutter apps.\n\n## Authentication \u0026 Identity\n\nTools and frameworks for user authentication and identity management.\n\n- [Firebase Authentication](https://firebase.google.com/products/auth) — Authentication platform supporting multiple providers.\n- [Auth0](https://auth0.com/) — Identity platform for authentication and authorization.\n- [OAuth 2.0](https://oauth.net/2/) — Authorization framework for secure access.\n- [OpenID Connect](https://openid.net/connect/) — Identity layer on top of OAuth 2.0.\n- [Apple Sign In](https://developer.apple.com/sign-in-with-apple/) — Privacy-focused authentication for iOS apps.\n\n## Network Security\n\nTools and practices for securing data in transit.\n\n- HTTPS/TLS — Secure communication protocol for network requests.\n- [TrustKit](https://github.com/datatheorem/TrustKit) — SSL pinning implementation for iOS.\n- [OkHttp Certificate Pinning](https://square.github.io/okhttp/) — Certificate pinning support for Android.\n- [Charles Proxy](https://www.charlesproxy.com/) — Tool for inspecting network traffic.\n- [mitmproxy](https://mitmproxy.org/) — Intercepting proxy for analyzing network traffic.\n\n## App Hardening \u0026 Protection\n\nTechniques for protecting apps against tampering and unauthorized access.\n\n- [ProGuard](https://www.guardsquare.com/proguard) — Code shrinking and obfuscation for Android.\n- [R8](https://developer.android.com/studio/build/shrink-code) — Android code optimizer and obfuscator.\n- [DexGuard](https://www.guardsquare.com/dexguard) — Advanced protection for Android apps.\n- [iOS App Attest](https://developer.apple.com/documentation/devicecheck/validating_apps_that_connect_to_your_server) — App integrity verification for iOS.\n- Code obfuscation — Techniques for making code harder to reverse engineer.\n\n## Reverse Engineering \u0026 Analysis\n\nTools for analyzing and decompiling mobile applications.\n\n- [Frida](https://frida.re/) — Dynamic instrumentation toolkit for mobile apps.\n- [Jadx](https://github.com/skylot/jadx) — Dex to Java decompiler for Android.\n- [apktool](https://ibotpeaches.github.io/Apktool/) — Tool for reverse engineering Android APKs.\n- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) — Automated mobile security testing framework.\n- [Ghidra](https://ghidra-sre.org/) — Software reverse engineering suite.\n\n## Vulnerability Scanning \u0026 Testing\n\nTools for identifying and testing security vulnerabilities.\n\n- [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) — Static and dynamic analysis for mobile apps.\n- [QARK](https://github.com/linkedin/qark) — Static analysis tool for Android vulnerabilities.\n- [Drozer](https://github.com/FSecureLABS/drozer) — Security testing framework for Android.\n- [Needle](https://github.com/mwrlabs/needle) — Security testing framework for iOS apps.\n- [Burp Suite](https://portswigger.net/burp) — Web and mobile application security testing platform.\n\n## Monitoring \u0026 Runtime Protection\n\nTools for detecting threats and protecting apps at runtime.\n\n- [Firebase App Check](https://firebase.google.com/products/app-check) — Protect backend resources from abuse.\n- [Sentry](https://sentry.io/) — Error monitoring and performance tracking.\n- [Appdome](https://www.appdome.com/) — Mobile app security and runtime protection platform.\n- [Guardsquare](https://www.guardsquare.com/) — Mobile app security solutions.\n- Runtime Application Self-Protection (RASP) — Techniques for detecting and preventing attacks during execution.\n\n## Privacy \u0026 Data Protection\n\nTools and practices for protecting user data and ensuring compliance.\n\n- [GDPR](https://gdpr.eu/) — Data protection regulation in the European Union.\n- [CCPA](https://oag.ca.gov/privacy/ccpa) — California privacy regulation.\n- [Apple App Privacy](https://developer.apple.com/app-store/app-privacy-details/) — Privacy requirements for iOS apps.\n- [Android Privacy](https://developer.android.com/privacy) — Privacy practices for Android apps.\n- Data minimization — Collecting only necessary user data.\n\n## Learning \u0026 Resources\n\nEducational materials and references for mobile security.\n\n- [OWASP Mobile Security Project](https://owasp.org/www-project-mobile-security/) — Resources and tools for mobile security.\n- [Android Security Blog](https://security.googleblog.com/) — Updates on Android security.\n- [Apple Security Updates](https://support.apple.com/en-us/HT201222) — Security advisories for Apple platforms.\n- [Mobile Security Testing Guide](https://owasp.org/www-project-mobile-security-testing-guide/) — In-depth testing reference.\n- [PortSwigger Web Security Academy](https://portswigger.net/web-security) — Training on web and mobile security concepts.\n\n## Related Awesome Lists\n\n- [Awesome Mobile Development](https://github.com/brandonhimpfen/awesome-mobile-development) — Tools and frameworks for mobile apps.\n- [Awesome Cybersecurity](https://github.com/brandonhimpfen/awesome-cybersecurity) — General security tools and frameworks.\n- [Awesome Privacy](https://github.com/brandonhimpfen/awesome-privacy) — Privacy tools and resources.\n- [Awesome DevOps](https://github.com/brandonhimpfen/awesome-devops) — DevOps tools and practices.\n  \n## Contribute\n\nContributions are welcome. Please ensure your submission fully follows the requirements outlined in [`CONTRIBUTING.md`](CONTRIBUTING.md), including formatting, scope alignment, and category placement.\n\nPull requests that do not adhere to the contribution guidelines may be closed.\n\n## License\n\n[![CC0](https://mirrors.creativecommons.org/presskit/buttons/88x31/svg/by-sa.svg)](http://creativecommons.org/licenses/by-sa/4.0/)\n\nAutomated checks: link checking (PR + weekly), duplicate URL detection, and a lightweight Awesome List lint.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrandonhimpfen%2Fawesome-mobile-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrandonhimpfen%2Fawesome-mobile-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrandonhimpfen%2Fawesome-mobile-security/lists"}