Mercury Android Security Assessment

mwrlabs.pngMWR Labs has a new free Android security assessment framework called Mercury that’s useful for developers and/or QA to assess the security of their apps. It allows you to interact with Activities, Broadcast receivers, Content providers and Services to assess if information is being leaked.

An example of such vulnerabilities can be found in MWR’s advisories that shows that Samsung’s pre-installed apps were leaking information via content providers. This was fixed in later Samsung firmware releases.