Course Overview

This course focuses on Android and iOS Mobile Application Penetration testing. The course will demonstrate common techniques to extract sensitive data from Android and iOS Application such as API Keys, stored secrets, and firebase databases, and provide a solid foundation for continuing a career as a Mobile Application Penetration Tester. This course will cover the common methodologies and practices you can utilize to start Bug Bounty hunting mobile applications.

Prerequisites & System Requirements

The student should have:

  • A basic understanding of Web Application or API-based penetration testing
  • Some familiarity with Mobile Application platforms such as iOS and Android (like how to navigate to settings, install applications, etc.) is expected.


For the Android section of this course the following device requirements will apply:

  1. Windows, Linux, or MacOS based machine
  2. 16 GB of RAM or more (to run virtual machines as well as emulated devices)
  3. At least 250GB of available storage

For the iOS Section of this course the following device requirements will apply:

  1. MacOS-based Machine (Macbook, Mac Mini, etc.), or Linux-Based physical machine with preferably with 16 GB of RAM as well as at least 250GB of available storage
  2. Physical iPhone or iPad running iOS 16.x or less (for jailbreaking purposes)

Mobile Application Penetration Testing Course Overview


What will I learn?

  1. How to follow the Penetration Testing and Mobile Application Penetration Testing Processes
  2. How to setup a lab environment to analyze both iOS and Android Mobile applications that are pulled directly from the Apple and Google Play Stores
  3. Manual analysis of Mobile Applications for sensitive information such as URLs, Storage Buckets, Firebase Databases, and other Stored Secret
  4. Automated analysis of Mobile Applications by using tools like MobSF
  5. How to break SSL Pinning by using Objection and Frida for both iOS and Android
  6. The OWASP Top Ten for Mobile
  7. How to jailbreak an iOS device


Hacking Into Computer Example

Mobile Application Penetration Testing Course Curriculum - 9 Hours

  Introduction and Course Resources
Available in days
days after you enroll
  Penetration Testing Process
Available in days
days after you enroll
  Android Intro and Security Architecture
Available in days
days after you enroll
  Android Lab Setup
Available in days
days after you enroll
  Android Static Analysis
Available in days
days after you enroll
  Android Dynamic Analysis
Available in days
days after you enroll
  Android Bug Bounty Hunt
Available in days
days after you enroll
  BONUS - Android Red Teaming
Available in days
days after you enroll
  iOS Introduction and Architecture
Available in days
days after you enroll
  iOS Lab Setup
Available in days
days after you enroll
  iOS Static Analysis
Available in days
days after you enroll
  iOS Dynamic Analysis/Jailbreaking
Available in days
days after you enroll
  iOS Bug Bounty Hunt
Available in days
days after you enroll
Aaron Wilson - Course Instructor

About the Instructor: Aaron Wilson


Aaron is a passionate security professional with experience in the Fortune 50. He is a Principal Penetration Tester at TCM Security, responsible for Mobile Application Penetration Testing of over 20 Mobile Apps. He is also an avid Capture the Flag Creator and has published multiple rooms on TryHackMe. Aaron is also CEO and Founder of the Wilson Security Group and publishes videos on YouTube on security topics and cybersecurity certification reviews.


Aaron holds certifications such as the eMAPT, CISSP, eCPPTv2, eWAPTv2, CEH, and eJPT certifications among others. He holds a bachelor's degree in Security and Risk Analysis from Penn State University as well as a Master's in Information Assurance and Cybersecurity from Western Governor's University (WGU).


Follow Aaron on Social Media:

LinkedIn - https://www.linkedin.com/in/wilson-security

YouTube - https://www.youtube.com/c/WilsonSecurityGroup

TryHackMe Hacker Methodology - https://tryhackme.com/room/hackermethodology

all-access membership wolf logo

This course is included in our
All-Access Membership
starting at $29.99/month

Get full access to the Mobile Application Penetration Testing course and our full course catalog when you enroll in our All-Access Membership.

Courses Included in the All-Access Membership

Mobile Application Penetration Testing

Learn Mobile Application Hacking for iOS and Android Devices

Aaron Wilson

Aaron Wilson

Practical Ethical Hacking - The Complete Course

Learn how to hack like a pro. 20 hours of up-to-date practical hacking techniques with no filler.

Heath Adams

Heath Adams

Practical Bug Bounty

A hands-on course to prepare you for your first Bug Bounty adventure.

Heath Adams

Heath Adams

Practical Web Hacking

Expand your knowledge and skills in web application hacking with this intermediate course.

Alex Olsen

Alex Olsen

Advanced Web Hacking

Advanced Web Hacking is designed to take your web penetration testing skills to the next level. This course dives deep into advanced topics, exploring edge-case vulnerabilities, sophisticated attacks, and complex scenarios faced in modern web applications. Each module will offer in-depth exploration through code review, debugging, and hands-on labs.

Alex Olsen

Alex Olsen

Practical API Hacking

A hands-on course for hacking APIs.

Alex Olsen

Alex Olsen

Windows Privilege Escalation for Beginners

Learn how to escalate privileges on Windows machines with absolutely no filler.

Heath Adams

Heath Adams

Linux Privilege Escalation for Beginners

Learn how to escalate privileges on Linux machines with absolutely no filler.

Heath Adams

Heath Adams

Open-Source Intelligence (OSINT) Fundamentals

Learn the ins and outs of Open Source Intelligence and step up your investigative game.

Heath Adams

Heath Adams

External Pentest Playbook

Learn to conduct an external network penetration test from start to finish

Heath Adams

Heath Adams

Linux 101

Everything you need to know to start using Linux

Brent Eskridge

Brent Eskridge

Programming 100: Fundamentals

Learn the building blocks of programming with Python.

Heath Adams

Heath Adams

Security Operations (SOC) 101

Learn the fundamentals required to become a SOC Analyst.

Andrew Prince

Andrew Prince

Practical Malware Analysis & Triage

Arm yourself with knowledge and bring the fight to the bad guys.

Matt Kiely

Matt Kiely

Python 101 For Hackers

Learn Python with a focus on concepts and modules important for hacking

Riley Kidd

Riley Kidd

Python 201 For Hackers

Move beyond the basics and learn how to actively use Python as a Windows hacking tool

Riley Kidd

Riley Kidd

Practical Windows Forensics

Learn how to conduct a digital forensic investigation on a Windows system from start to finish

Markus Schober

Markus Schober

The Definitive GRC Analyst Master Class

Everything you need to know to dive into the cybersecurity GRC pool

Gerald Auger, PhD

Gerald Auger, PhD

Rust 101

Learn the foundational concepts of the Rust programming language.

Heath Adams

Heath Adams

Beginner's Guide to IoT and Hardware Hacking

Learn to perform security research and testing on IoT devices and hardware.

Andrew Bellini

Andrew Bellini

Detection Engineering for Beginners

Start thinking and working as a Detection Engineer.

Anthony Isherwood

Anthony Isherwood

Programming with AI - Mini Course

Utilize Artificial Intelligence and Large Language Models to become a better programmer.

Heath Adams

Heath Adams

Practical Help Desk

Prepare for a career in IT or cybersecurity by learning everything you need to know to work the help desk.

Andrew Bellini

Andrew Bellini

Soft Skills for the Job Market

Equip yourself with essential soft skills, communication techniques, and job application strategies required to excel in today’s competitive job market.

Heath Adams

Heath Adams

Practical Phishing Campaigns

This immersive course delves into practical phishing tactics, equipping cybersecurity professionals with the knowledge to perform professional phishing engagements.

Aaron Wilson

Aaron Wilson

C# 101 for Hackers

Learn the fundamentals of C# and .NET to enhance your hacking skills.

Alex Tushinsky

Alex Tushinsky

Academy Live Workshops

Exclusive Workshops for Academy Students Go beyond the course materials with bi-monthly livestreamed workshops taught by your favorite Academy instructors. These interactive sessions will be hosted on the Academy platform and will not be available on our public social media channels. If you attend live, you can ask questions and hack alongside our instructors. Workshop recordings will also be available so you can go back later and hack at your own pace. Topics for the workshops will rotate, please check the curriculum below for the upcoming schedule.

Alex Olsen

Alex Olsen

Frequently Asked Questions


Can I get a refund if I'm unhappy with my purchase?

Yes. All courses come with a 24-hour money-back guarantee.


Will I receive a certificate of completion when I finish a course?

Yes. All courses come with a certificate of completion.

Do the courses count as Continuing Education Units (CEUs)?

Yes. Every certificate of completion comes with the total CEUs earned listed on the certificate.

What is the All-Access Pass?

As of July 1st, 2023 TCM Academy transitioned to a monthly subscription model, where you now receive full access to all of the courses on our platform for as long as your subscription remains active.


What if you already own courses on TCM Academy?

If you already own a course on our platform, you will continue to own that course forever. Previously owned courses will not be affected by this change.


I can see the course, but it won’t load or play. What should I do?

We use Cloudflare to protect our course platform and unfortunately, it does not play nice with VPNs. If you are experiencing issues, turn off your VPN and try again. If that does not solve the issue, please contact our support team at [email protected] and we will help you out.