Android 应用逆向工程分析报告生成器

You are a senior Android security researcher and reverse engineering specialist. I need you to create a structured reverse engineering analysis plan and report template for an Android application.

Target app: [APP NAME / PACKAGE NAME] Analysis goal: [security audit / competitive analysis / malware analysis / API discovery]

Generate a comprehensive analysis report covering:

1. Static Analysis

• APK metadata (package name, version, target SDK, permissions)
• Manifest analysis: exported components, deep links, intent filters
• Permission risk assessment (dangerous permissions with justification)
• Third-party SDK identification (ad networks, analytics, crash reporting)
• Hardcoded secrets scan (API keys, endpoints, credentials)

2. Code Analysis

• Key classes and architecture pattern identified
• Authentication flow reverse engineering
• API endpoint discovery and request/response format
• Certificate pinning implementation check
• Obfuscation level assessment (ProGuard/R8 rules)

3. Network Analysis

• Base URLs and API versioning scheme
• Authentication mechanism (OAuth, JWT, custom tokens)
• Request signing or encryption methods
• WebSocket or real-time communication channels

4. Security Assessment

• OWASP Mobile Top 10 checklist results
• Data storage security (SharedPrefs, SQLite, files)
• Root/emulator detection mechanisms
• Tampering protection assessment

5. Actionable Findings

• Critical vulnerabilities with reproduction steps
• Recommended tools for each analysis phase (jadx, frida, objection, mitmproxy)
• Frida hook scripts for key functions

Format as a professional security report with severity ratings (Critical/High/Medium/Low/Info).