When I first started learning about mobile pentesting, I did not have a lot of spare mobile devices that I could use for testing. If you fast forward to today, mobile application pentesting is now the primary focus of my career, and I have several Android and Apple devices scattered all over my office. Before I got to that point though, I remember having a lot of trouble getting a suitable Android emulator that would work with a lot of the tools that I needed in order to test Android applications, but I eventually ended up figuring out how to build an appropriate emulator using Android Studio. Although these days I usually will have a physical Android device that I can use for my testing purposes, I will still occasionally spin up an Android Studio emulator in some situations.
Since I’m sure there are others out there that are in the situation that I was in where you are having trouble getting an emulator working for the purposes of pentesting mobile apps, I thought I would make a walkthrough of how I setup my Android Studio emulator in a way that works with the tools that I need (Burp Suite, Frida, etc.).
Download Android Studio
Naturally, the first thing we need to do in order to build an Android Studio emulator is download Android Studio. To do this, visit https://developer.android.com/studio, download the most recent version of Android Studio for your appropriate operating system, and follow the installation instructions here: https://developer.android.com/studio/install. During the install, make sure that you install the Android Virtual Device. Depending on the version of Android Studio that you are installing, this might be included in your install automatically, but there may be a checkbox that you have to select at some point during the install.
Create Your Virtual Device
After the install is complete, launch Android Studio. Once it launches and you see the “Welcome to Android Studio” page, click on More Actions and select Virtual Device Manager. This will open a new window where you can create your emulator.
Once you open the Device Manager, click Create Device, which will open a new window where you can begin customizing your device. The first option you will be asked to choose is the device hardware. This option will mostly only affect the look and feel of the emulator, but there is one detail that is pretty important for my purposes. This window should have a table showing some of the information about each of the hardware profiles, and one of the columns in this table will be labeled as Play Store. There should be a triangle-shaped logo in this column to denote the hardware profiles that have the Google Play Store enabled. It is important to choose a profile that does NOT have this enabled because the devices without the Play Store will be rooted by default. A rooted device is required for a lot of things that I want to do while testing Android apps, so having a rooted device out of the box just makes my job a little bit easier. The only downside is that you won’t be able to install production release apps from the Google Play Store, but in most cases when I am testing an application, I will be working with a non-production APK that I would sideload onto the device anyway.
After choosing your hardware, click Next. This will take you to the next customization option, which is selecting the system image that will be installed on the device. This is where you choose what version of Android will be installed on the device. Depending on your specific needs, there may be a certain version of Android you want to install (i.e., app requirements, testing tools compatibility, etc.), but typically I try to use one of the newer versions so I can attempt to replicate a fairly modern device.
Once you choose the version of Android that you want to use, you should notice an arrow pointing down next to the release name. Before you can move onto the next step, you will need to click on this icon to download the system image of the release that you chose. Once you click that icon, it will open a new window and begin the download of the system image, which will probably take a couple of minutes. After the download finishes, you can click Finish, which will take you back to the previous window, and you should no longer see the arrow next to the release name that you chose. Click Next to proceed.
After choosing the system image for your device, you will be shown a summary of the choices that you made while customizing your device, and you will also be able to make some final configuration changes, including changing the name of your device, the default orientation of your device, and the system resources that should be allocated for the memory and storage of the device (click Show Advanced Settings to access these options).
Once you are satisfied with all of your configurations, you can click Finish. You now have a fully customized Android emulator powered by Android Studio!
Running Your Emulator
After you have finished building your emulator, you should return to the Device Manager screen, and you should now see the emulator that you just created listed.
Now that you have your emulator built, let’s boot it up! There are a couple ways to run your emulator. The easiest way is to simply click the Play button under Actions on the right side of the Device Manager window. This method of launching your emulator will probably work fine for most situations. However, there are a few situations where you may need to run it from the command line and use some specific command line flags when working with certain tools. For now, I will just show you how to launch the emulator from the command line, and I can get into the details of those different launch options in a future blog entry.
In order to launch your emulator from the command line, you must first find the Android SDK directory on your system. This can vary depending on your operating system. For my example, I am using a laptop running Ubuntu, and it is located at ~/Android/Sdk/. It should be in a similar location on MacOS, but for Windows, it will likely be located in the AppData directory. In a Windows machine that I tested it on, I found it in C:\Users\<my username>\App Data\Local\Android\Sdk\. Once you find that directory, you should see an emulator directory. Inside this directory run the following command:
./emulator -list-avds
You should see the name of the emulator that you just created, and if you created multiple emulators, then you will see the names of all of the Android Studio emulator devices that are on your system.
Once you have the name of the emulator that you want to run, then you can run the following command with your device name, which will launch your emulator:
./emulator -avd <AVD name>
For Windows, you would replace ./emulator with emulator.exe, but the rest of the commands would be the same.
If you’re interested in more content about security, hacking, making, and tech, check out my YouTube channel at https://youtube.com/@CorSecure.
