Most penetration testers know the headaches of testing mobile applications. Challenges like certificate pinning and wondering what files are being written to the device while the app is in use. Since Android is open source, you create your own custom OS that takes the guess work out of your test. By doing this, you can monitor HTTP/HTTPS traffic, SQLLite queries, file access and more. Because this is part of the OS, you can intercept before the data is encrypted (i.e. MiTF). And this works for all apps. No need to hook, inject or rebuild each app you test.
In this talk, I will give a high level overview of the Android OS, point out key files for modifications, and demonstrate a proof on concept with a custom OS along with a monitor showing the intercepted information.