Android has an app for everything. If you are a network administrator, professional pen tester, or someone who is aspiring to be a white hat hacker, you should learn basic and comprehensive scanning/testing on Android devices. Here are some of the best Android hacking apps that you can use to gather information and find vulnerabilities. None of them require your Android phone to be rooted, which makes them easy to use for beginners. Almost all of them work with the latest Android versions and each one is available on Google Play Store.
Disclaimer: our aim in this guide isn’t to teach “how to hack your Android phone,” but to describe what a hacker would see if they gained access to your Android device. See FAQs for legality of penetration testing.
- 1. Fing - Network Tools
- 2. RoboShadow Network Scanner
- 3. SnoopSnitch
- 4. Traced Mobile Security
- 5. IoPT Network Security Scanner
- 6. Network Scanner by Zoltan Pallagi
- 7. Inware
- 8. tPacketCapture
- 9. Darktrace
- 10. PortDroid – Network Analysis Kit & Port Scanner
- 11. Hidden Eye - Intruder Selfie
- Frequently Asked Questions
1. Fing – Network Tools
Fing is a Play Store app that gives you a complete summary of what’s going on in your Wi-Fi network, all the logged-on devices, hidden cameras in the building, bandwidth usage, and more. With the bird’s eye view, you can set parental controls, block intruders, analyze ISP performance, perform ping tests, run a traceroute, and do port scanning on your network for a complete picture.
- Perfect balance of network analysis and penetration/hacking.
- Highly reputed app.
- Free network analysis features give adequate network visibility.
- Some penetration testing features such as finding router vulnerabilities, intrusion blocking, and parental controls are locked away in the Pro version.
- You also need to purchase a physical Fingbox device for $99 to make the app compatible with smart home security.
2. RoboShadow Network Scanner
RoboShadow Network Scanner and Integrated Cyber Platform is an ethical hacking tool that adequately provides self-penetration tests for free. Just a simple click rapidly scans more than 65000 ports. Through a free device test, you get the IP address, MAC address, and BIOS names of all devices connected to your phone’s Wi-Fi network. All the data history is saved and exportable for network audit. If you just started out with self-penetration testing on your phone, give RoboShadow a try.
- No effort, no learning – absolutely free self-penetration.
- Assess router vulnerabilities through a simple device scan.
- Free advanced tools to spot all the Internet-connected devices such as Shodan cache, UPNP Scan, DNSSD Scan.
- Attractive, classy user interface.
- Application is still in a bit of Beta stage compared to some of the well-established apps on this list.
- While RoboShadow identifies the open ports, it doesn’t provide very deep and meaningful information.
SnoopSnitch by Security Research Labs goes deep into your phone firmware to determine installed and missing Android security patches. You also get a quick graphical summary of which nearby networks are relatively safer from hacker intercepts and impersonations. With an older Qualcomm MSM chip, you get more advanced penetration testing features such as SMS & SS7 attacks, and fake base stations (IMSI attacks.)
- Decent job at Android patch testing.
- Gives summary of all nearby networks (Wi-Fi and mobile data) to help you assess which is most secure.
- Advanced penetration testing only supported with Qualcomm MSM chip, available on older smartphones.
- Even a simple network and device scan is not possible without the right chip.
4. Traced Mobile Security
Traced Mobile Security uses deep learning to scan for potential malicious apps on your phone. It also keeps track of dangerous Wi-Fi networks and phishing agents but its main focus is to keep a constant vigil on the apps you put on your device. If it worries you that an unknown app is suddenly gaining access to your phone’s camera, microphone, and other essentials, Traced will alert you to suspicious activity by spyware, ransomware, and other forms of mobile malware.
- Malicious apps alert on mobile .
- Keeps track of each and every event on phone.
- No ads and free to use.
- Greater user privacy due to lack of location tracking.
- Too much information under the dashboards.
- Wi-Fi network scanning feature seems broken at setup stage.
5. IoPT Network Security Scanner
IoPT is a pen test app that describes itself as Internet of Protected Things. Its objective is to look for vulnerabilities in small office/home office segment. For this purpose, it provides a rather comprehensive security suite: port scanning, host discovery, CCTV camera audits, and Shodan to understand digital footprints. The app may look simple but it does provide end-to-end visibility of every minor vulnerability on your network. The best part is it’s all free.
- Get visibility of everything from open ports to CCTV vulnerabilities.
- Check accounts for compromise of password.
- Camera vulnerabilities identified.
- Clunky user interface
- Once the vulnerabilities are identified, you won’t know what it is without upgrading to a Pro version.
6. Network Scanner by Zoltan Pallagi
Any hacker that wants to get into your network would be interested to know who is using your Wi-Fi. As a preventive measure, this simple network scanner by Zoltan Pallagi keeps track of all the vulnerabilities arising due to your Android device. The attention to detail for each connected device is elaborate and goes deeply into many information layers. There are a large number of device types that are analyzed – smart bulbs, smart plugs, smart thermostats etc. This makes this free tool a must have for assessing the weak spots of your smart home.
- Extremely detailed overview of device vulnerability with real-time ping stats.
- Works for custom subnets and router security.
- No easy way to tell authorized users from unauthorized ones especially when there are multiple devices.
- Potential privacy issues.
So far we’ve seen penetration testing tools that detect the vulnerabilities of your entire network, and all the devices contained in it. How about knowing everything of your own Android phone? This is where an app called Inware can shed some real knowledge. Whether you want to access info regarding how much RAM you are using, fingerprints and bootloaders of your system, hardware clusters and frequency, any such data is extremely valuable to forensics experts.
- Expert forensics level capability in device diagnostics.
- Simple to use, easy to read.
- Free to use.
- Some inaccuracy in camera specs.
tPacketCapture is a simple app to capture packets and data transferred over your network. Since tPacketCapture works by creating its own local VPN, it works equally on both rooted and non-rooted devices. The good thing about the tPacketCapture app is that it stores all the captured data in a PCAP file so that you can use powerful desktop tools like Wireshark for detailed analysis. However, it looks like the app has seen better days as it’s not longer compatible with latest Android versions.
- Good pen test tool to determine the threat due to packet sniffers.
- Helps find MMS settings, and determines DNS packets.
- Does not work with latest Android versions 9.0 onwards.
- Timeouts and crashes have been reported.
Sometimes as cyber security professionals, we need a means to visualize threats with real-time threat notifications. Darktrace is a leading app that uses AI algorithms, machine learning and other intuitive methods to automatically detect threats in physical, cloud, and virtualized networks – all from the comfort of your Android phone. To use this app, you need to purchase access to Darktrace Enterprise immune System V3 and an IMAP email server.
- Connects with a full-fledged security suite by Darktrace for comprehensive security audit with advanced desktop features.
- Artificial Intelligence (AI) networks at play.
- The Android app by itself is useless. Can only be used with Darktrace Threat Visualizer available online.
10. PortDroid – Network Analysis Kit & Port Scanner
PortDroid is a complete network analysis kit which contains many advanced functions to give you a complete penetration testing environment. From pinging to port scanning, DNS lookup, and reverse IP lookup, the app works smoothly to keep you aware of everything going on in your network. Most of these features are supported in the free version but the Pro version gets you dark mode and a few more advanced features.
- Complete self-penetration kit for elaborate network analysis.
- Provides reverse IP lookup.
- Supports IPv6 addresses.
- See all devices on network.
- Multi IP port scanning is not free.
- Might require rooting for advanced features.
11. Hidden Eye – Intruder Selfie
Cyber-criminals are often looking for those lucky five minutes when you’re not looking and they can get their hands on your phone. As the last self-penetration test, you should protect your device in case someone tries to access it physically in your absence. This is where Hidden Eye pulls out a truly fast one on the curious hacker. If the intruder tries to break into your device, he’d better be smiling as he’s going to leave behind a cute little selfie on your phone camera.
- Ingenious way to grab phone intruders with a selfie.
- Triggers include wrong PIN, pattern, password.
- Catching snoopers red-handed.
- Uninstalling the app is a pain because it requires device Admin level permissions. So you first need to disable them.
Frequently Asked Questions
1. Is it legal to do penetration testing on Android?
Penetration testing on your own devices is perfectly legal as you have the right to test your device for vulnerabilities. However, if you are doing it on behalf of others, you should get some kind of written consent from them to protect yourself in the event of legal trouble (even if it’s close friends or family.).
Having a recognized Certified Ethical Hacker (CEH) degree adds to your credentials as an ethical hacker. Unauthorized hacking attempts without the information or consent of the device owner is definitely illegal, and can spell legal problems for you if you get caught.
Google itself may prevent you from unauthorized intrusions on your phone as a security measure (even if it’s you doing it), That is we recommend using the pen test apps found on Google Play Store rather than open apks.
2. What are a few good hacking apps on Android outside Google Play Store?
There are a few decent hacking apps on Android which you will find outside the Google Play Store for desktop devices. These include:
You can also look for decent hacking apps on Android in GitHub.
The above Android hacking apps are some of the best available. Do you have any particular apps in mind that are easy to use and perform reliable penetration testing? If you are new to penetration testing, you can try to familiarize yourself with Kali Linux.
Our latest tutorials delivered straight to your inbox