CodeInspect is a powerfull Android reverse engineering tool. It comes with different plugins that support an analyst with the most-detailed information inside an Android application. A bytecode-debugger is one of those plugins.


TeamSIK is a hacking group I founded at Fraunhofer SIT. Our main motivation is to work on interesting security-related projects for fun with the goal of exposing security issues. All our finding are directly reported to the affected party and if needed we support them fixing the security issues. After a certain time frame (usualy after 90 days) we expose our findings on our website.

Open Source

FuzzDroid is a target-fuzzying tool for Android applications. It's goal is to extract concrete triggers (environments) that need to be fullfilled in order to reach a certain code location.
Harvester is a tool for extracting runtime values from Android applications. It's goal is to extract runtime values that get passed into API calls such as sendTextMessage. Without any human interaction, Harvester fully-automatically extracts all runtime values that get passed into the logging point.
NOTE: Unfortunately, we are currently not able to release the source code of Harvester.
SuSi is a machine-based learning approach for automatically extracting sensitive API calls from the Android OS. SuSi is able to extract sensitive source and sink API calls from the Android OS. This is espeically necessary if one wants to detect privacy leaks inside an Android application.
FlowDroid is a precise static dataflow tracking tool for Java and Android applications.