- For some Android applications, MobSF has the capability to perform dynamic tests inside an emulator, virtual machine, and even a physical device. Dynamic testing for Android apps also includes testing intents and activities. There are some caveats that are listed in MobSF's wiki (https://github.com/MobSF/Mobile-Security-Framework-MobSF/wiki/2.-Configure-MobSF-Dynamic-Analysis-Environment-in-your-Android-Device-or-VM). If the app you are testing requires access to hardware such as the camera or wireless protocol (that is, Bluetooth, ZigBee, or Z-Wave), it is recommended you use a physical device and test manually.
- To learn more about Android and iOS application security testing, visit OWASP's Mobile Security Testing Guide: https://github.com/OWASP/owasp-mstg/.