A curated list of tools, frameworks, practices, and resources for mobile security — covering secure storage, app hardening, reverse engineering protection, authentication, and privacy across iOS and Android.

• Security Standards & Guidelines
• Secure Storage
• Authentication & Identity
• Network Security
• App Hardening & Protection
• Reverse Engineering & Analysis
• Vulnerability Scanning & Testing
• Monitoring & Runtime Protection
• Privacy & Data Protection
• Learning & Resources

Best practices and frameworks for mobile security.

• OWASP Mobile Top 10 — List of the most critical mobile security risks.
• OWASP Mobile Security Testing Guide (MSTG) — Comprehensive guide for mobile app security testing.
• OWASP MASVS — Mobile Application Security Verification Standard.
• Apple App Security — Security guidelines and documentation for iOS.
• Android Security — Android platform security model and practices.

Mechanisms for securely storing sensitive data on mobile devices.

• Keychain Services — Secure storage for iOS credentials and secrets.
• Android Keystore — Secure key storage for Android apps.
• EncryptedSharedPreferences — Encrypted storage for Android preferences.
• SQLCipher — Encrypted SQLite database for mobile apps.
• Secure Storage (Flutter) — Secure key-value storage for Flutter apps.

Tools and frameworks for user authentication and identity management.

• Firebase Authentication — Authentication platform supporting multiple providers.
• Auth0 — Identity platform for authentication and authorization.
• OAuth 2.0 — Authorization framework for secure access.
• OpenID Connect — Identity layer on top of OAuth 2.0.
• Apple Sign In — Privacy-focused authentication for iOS apps.

Tools and practices for securing data in transit.

• HTTPS/TLS — Secure communication protocol for network requests.
• TrustKit — SSL pinning implementation for iOS.
• OkHttp Certificate Pinning — Certificate pinning support for Android.
• Charles Proxy — Tool for inspecting network traffic.
• mitmproxy — Intercepting proxy for analyzing network traffic.

Techniques for protecting apps against tampering and unauthorized access.

• ProGuard — Code shrinking and obfuscation for Android.
• R8 — Android code optimizer and obfuscator.
• DexGuard — Advanced protection for Android apps.
• iOS App Attest — App integrity verification for iOS.
• Code obfuscation — Techniques for making code harder to reverse engineer.

Tools for analyzing and decompiling mobile applications.

• Frida — Dynamic instrumentation toolkit for mobile apps.
• Jadx — Dex to Java decompiler for Android.
• apktool — Tool for reverse engineering Android APKs.
• MobSF — Automated mobile security testing framework.
• Ghidra — Software reverse engineering suite.

Tools for identifying and testing security vulnerabilities.

• MobSF — Static and dynamic analysis for mobile apps.
• QARK — Static analysis tool for Android vulnerabilities.
• Drozer — Security testing framework for Android.
• Needle — Security testing framework for iOS apps.
• Burp Suite — Web and mobile application security testing platform.

Tools for detecting threats and protecting apps at runtime.

• Firebase App Check — Protect backend resources from abuse.
• Sentry — Error monitoring and performance tracking.
• Appdome — Mobile app security and runtime protection platform.
• Guardsquare — Mobile app security solutions.
• Runtime Application Self-Protection (RASP) — Techniques for detecting and preventing attacks during execution.

Tools and practices for protecting user data and ensuring compliance.

• GDPR — Data protection regulation in the European Union.
• CCPA — California privacy regulation.
• Apple App Privacy — Privacy requirements for iOS apps.
• Android Privacy — Privacy practices for Android apps.
• Data minimization — Collecting only necessary user data.

Educational materials and references for mobile security.

• OWASP Mobile Security Project — Resources and tools for mobile security.
• Android Security Blog — Updates on Android security.
• Apple Security Updates — Security advisories for Apple platforms.
• Mobile Security Testing Guide — In-depth testing reference.
• PortSwigger Web Security Academy — Training on web and mobile security concepts.

• Awesome Mobile Development — Tools and frameworks for mobile apps.
• Awesome Cybersecurity — General security tools and frameworks.
• Awesome Privacy — Privacy tools and resources.
• Awesome DevOps — DevOps tools and practices.

Contributions are welcome. Please ensure your submission fully follows the requirements outlined in CONTRIBUTING.md, including formatting, scope alignment, and category placement.

Pull requests that do not adhere to the contribution guidelines may be closed.

Automated checks: link checking (PR + weekly), duplicate URL detection, and a lightweight Awesome List lint.