AndroScanner: Automated Backend Vulnerability Detection for Android Applications

Computer Science > Cryptography and Security [Submitted on 15 Apr 2026] AndroScanner: Automated Backend Vulnerability Detection for Android Applications Harini Dandu Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting vulnerabilities in Android application backends through combined static and dynamic analysis. AndroScanner extracts backend API calls from APK files using apktool, Androguard, and Frida-based dynamic instrumentation, then vets them against the OWASP API Security Top 10 using APIFuzzer. We evaluate AndroScanner on two Android applications: a purposely vulnerable bank application and a production recruitment application with over 50,000 downloads on Google Play Store. Across both applications, AndroScanner extracted 24 APIs and identified 5 vulnerabilities, including a previously unreported zero-day Excessive Data Exposure vulnerability (ranked 3rd in the OWASP API Security Top 10) in the production application. The vulnerability was responsibly disclosed to the development team prior to publication. AndroScanner is available upon request to assist developers in identifying and remediating backend security risks before deployment. Comments: 12 pages, 6 figures Subjects: Cryptography and Security (cs.CR); Networking and Internet Architecture (cs.NI); Software Engineering (cs.SE) Cite as: arXiv:2604.14431 [cs.CR]   (or arXiv:2604.14431v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2604.14431 Focus to learn more Submission history From: Harini Dandu [view email] [v1] Wed, 15 Apr 2026 21:23:49 UTC (816 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-04 Change to browse by: cs cs.NI cs.SE References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)