June 24, 2024


Episode 7


Announcing the Android Security Research Playbook

Authors: Jacob Swinsinski and Hahna Kane Latonick


Welcome to the Android Security Research Playbook (ASRP) Blog Series! For those who are unfamiliar with the ASRP, it is a getting started guide for security researchers that aims to  kickstart and support their Android security research journey. We will chronologically follow the order in which the ASRP is depicted as we apply it to a real-world target. Be sure to check out the following resources to follow alongside this blog series!



If you’re new to Android, we provide an overview of its architecture and applications to help get you up to speed on how it works. Without further ado, let’s dive right into the first stage of the Android security research process, which is Reconnaissance!

What is Reconnaissance?

Reconnaissance is the process of researching your target before carrying out any type of analysis, enumeration, or exploitation of any kind. This involves performing Open-Source Intelligence (OSINT) to gain a foundational understanding of how the target works. We will walk through the following ASRP plays to illustrate steps of the Reconnaissance process: 


Introducing our Target

We will be examining the target application, VLC for Android, an open-source, cross-platform media player. Its software allows end-users to play music, watch videos, and more. The current version is 3.5.4 as of the writing of this post. Its source code is also publicly available, allowing us to review its design and implementation. Now that we have introduced our target, the following sections are going to apply the ASRP Reconnaissance Plays to our target software.

Diving Into the ASRP

The Reconnaissance process that we are going to cover includes gathering open-source resources, contextualizing the history of the target, discovering known common vulnerabilities and exposures (CVEs), and obtaining the target’s Android Package Kit (APK) file.

Play 00: Gather Open-Source Resources

First, we will conduct passive reconnaissance, specifically Open-Source Intelligence (OSINT) on the target. We will start with the official website of VLC for Android to see what information it provides. We observe that VideoLAN offers a community forum, a wiki providing additional information, mailing lists for announcements and notifications, an FAQ page, press releases, and a security center describing various security bulletins and advisories. We can utilize these resources to gain valuable insights into VLC for Android, its development, security, user base, and more.