We were engaged to conduct an in-depth security analysis on a set of unknown Android applications, commissioned by Cure53, a leading Berlin-based cybersecurity firm. Their client, a Human Rights Watchdog (HRW), sought to determine whether these applications posed risks to individuals’ rights and privacy.
As freelance members of the Cure53 team, we worked under the guidance of Dr.-Ing. Mario Heiderich, CEO of Cure53, leveraging our expertise in reverse engineering, security research, and investigative analysis.
Due to the sensitive nature of this work, we cannot disclose specific technical details.
However, this project underscores our growing role in investigative cybersecurity research, particularly in areas of human rights, privacy, and ethical security analysis.
Deliverable(s)
✅ Reverse Engineer x3 Android APK(s)
✅ Provide extensive 17 page technical report detailing all findings.
Client(s)
Cure53.de
What We Did
? Secure sandbox environment
? Static code analysis
? physical ADB analysis (filesystem, processes etc)
? Wireshark Network traffic analysis
? Determine capabilities
? Determine attribution
? Determine potential human rights violations
Tech stack
? Various rooted Android Devices, Emulators, isolated network, VM, ADB, Wireshark
Scope
We received three unidentified Android APKs for a black-box penetration test and forensic investigation. Our primary objectives were to:
- Determine the applications’ purpose – What do they actually do, and where do they originate from?
- Identify the developers – Who created these applications?
- Assess data privacy risks – Are they capable of stealing personally identifiable information (PII)?
- Detect hidden behaviours – Do they perform background tasks that could be harmful, unknown, or undesirable to the user?
Investigation
Given the high-risk nature of this investigation, strict security precautions were taken, including:
✔ Sandboxed virtual environments to isolate potential threats
✔ TCP/UDP traffic rerouting & proxying for network analysis
✔ Complete obfuscation of our digital footprint to protect against attribution
Once our secure lab environment was set up, we began the forensic reverse engineering process, decompiling and analysing each application’s binary code.
Key Findings:
? All three applications shared a common codebase, suggesting they were developed by the same team.
? They appeared to be custom-built for a specific geographic region, focusing on civilian and government staff identification.
? While no immediate malicious activity was detected, the applications had the capability to be used for surveillance or human rights violations with minimal modification.
Our final 17-page technical report provided a comprehensive breakdown of the applications’ structure, behaviour, and potential security implications. The client was highly satisfied with the depth of our analysis.
Conclusion
While these particular samples were not actively engaging in malicious activities, our research indicated that similar applications from the same development team could potentially be weaponised for tracking or identifying individuals of interest to governments or organisations.
We remain vigilant in our ongoing cybersecurity research, ensuring that technology is not misused to violate human rights.