Android security was one of Cyfinoid’s earlier core research areas. This page remains live as an archive of that work because it led to useful tools, internship projects, training material, and practical lessons that still matter to mobile security practitioners.
Android is no longer one of our primary active research pillars. Our current active focus areas are Software Supply Chain Security, Cloud Security, and AI usage and security. Even so, the Android work remains part of our history and continues to reflect the research-driven approach that shaped the company.
Archived Research Focus
Our Android work looked at security as a full ecosystem problem rather than a narrow reverse-engineering exercise. That included application analysis, device and network considerations, development practices, and the kinds of workflows security engineers use when they need to assess real mobile apps under time pressure.
We were especially interested in making Android security analysis more practical, repeatable, and accessible through hands-on labs, vulnerable targets, and tooling that could help bridge the gap between deep analysis and everyday assessment workflows.
Community Contributions
What This Work Covered
- Static and dynamic analysis of Android applications
- Root detection bypass and instrumentation-driven testing
- Traffic interception and application behavior analysis
- Hybrid mobile application assessment, including React Native and Flutter
- Threat modeling and practical defensive improvements for Android applications
Why Keep This Page Live
- It documents an important earlier phase of Cyfinoid’s research
- It helps previous students, collaborators, and readers find older work
- It preserves projects and ideas that still have practical value
If you are looking for our current active research priorities, start with Software Supply Chain Security, Cloud Security, and AI usage and security.
Blogs
SBOMPlay v0.0.7
GH Navigator Released: Full Coverage of GitHub’s Data and Control Planes
Decouple and Conquer: Understanding Control and Data Planes Across Technology
Automating a Known Weakness: Introducing keychecker
Introducing 3P-Tracer: third-party mapping in your browser
Introducing SBOM Play: A Privacy-First SBOM Explorer with Vulnerability & License Insights
Previous Training Sessions
Note:
Android is a trademark of Google Inc