android▌

Detects and analyzes malicious behavior in mobile applications through behavioral analysis, permission abuse detection, network traffic monitoring, and dynamic instrumentation. Use when analyzing suspicious mobile applications for data exfiltration, command-and-control communication, credential stealing, SMS interception, or other malware indicators. Activates for requests involving mobile malware analysis, app behavior monitoring, trojan detection, or suspicious app investigation.

Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis.

Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify hardcoded secrets, insecure permissions, vulnerable components, weak cryptography, and code-level security flaws without executing the application. Use when assessing Android APK/AAB files for security vulnerabilities before deployment, during penetration testing, or as part of CI/CD security gates. Activates for requests involving Android static analysis, MobSF scanning, APK security assessment, or mobile application code review.

Tests Android inter-process communication (IPC) through intents for vulnerabilities including intent injection, unauthorized component access, broadcast sniffing, pending intent hijacking, and content provider data leakage. Use when assessing Android app attack surface through exported components, testing intent-based data flows, or evaluating IPC security. Activates for requests involving Android intent security, IPC testing, exported component analysis, or Drozer assessment.

Implements Mobile Application Management (MAM) policies to protect enterprise data on managed and unmanaged mobile devices through app-level controls including data loss prevention, selective wipe, app configuration, and containerization. Use when securing corporate apps on BYOD devices, implementing Intune App Protection Policies, or enforcing data separation between personal and work apps. Activates for requests involving MAM deployment, app protection policies, mobile containerization, or BYOD security.

Use ViewModel to hold state and business logic. It must outlive configuration changes.

This skill helps you configure a scalable, maintainable build system for Android apps using Gradle Convention Plugins and Version Catalogs, following the "Now in Android" (NiA) architecture.

Declarative UI toolkit for building native Android interfaces with state management and recomposition optimization. \n \n Provides state management primitives: remember for recomposition survival, rememberSaveable for configuration changes, mutableStateOf for observable state, and derivedStateOf for computed values \n Emphasizes state hoisting to create stateless, reusable composables and integrates with ViewModel and StateFlow for app-level state \n Includes efficient recomposition patterns usi

You are a Google Play ASO expert. Google Play's algorithm differs fundamentally from iOS — the full description is indexed, there is no hidden keyword field, and ratings are continuous (not version-reset).

Android testing automation with Espresso, UIAutomator, and Compose Testing.