drozer

drozer is an open-source Android security testing framework that lets a user interact with a connected Android device/emulator by assuming the role of an app. It can enumerate and probe app components and IPC endpoints, execute modules, and install/run a drozer agent on the device (typically via adb).

Evaluated Mar 29, 2026 (0d ago)

Homepage ↗ Repo ↗ Security android mobile-security pentesting reverse-engineering assessment-framework

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

Security tooling that performs exploitation/agent installation actions; use requires authorization. The interface described is local agent console communication over a forwarded TCP port, with no mention of TLS or fine-grained auth. README warns about antivirus flagging on Windows. Dependency versions are not assessed for CVEs from the provided data.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You have permission to test Android apps/devices and want an interactive framework for assessing app/OS exposure and IPC-related risks.

Avoid When

You need an API-first developer experience (REST/GraphQL/SDK) or require a vendor-hosted, authenticated service.

Use Cases

• Assessing Android app security posture (e.g., exported components/IPC exposure) during penetration testing or app security review
• Building and running repeatable security assessments without writing custom Android tooling
• Exploring device/app attack surface via the drozer console and agent

Not For

• Automated production monitoring or compliance scanning in a live environment
• Use without an authorized target and proper legal/ethical approvals
• Agent-assisted programmatic access to a hosted API (the primary interface is an interactive console + device agent)

Interface

REST API

GraphQL

gRPC

MCP Server

SDK

Webhooks

Authentication

Methods: Local console-to-device connection over a forwarded TCP port (server embedded in the agent)

OAuth: No Scopes: No

No documented user auth for a service. Access is effectively controlled by what the connected agent/process can do on the target device.

Pricing

Free tier: No

Requires CC: No

Open-source tooling; costs are primarily operational (setup, devices/emulators, analyst time). README indicates F-Secure stopped further development.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ No hosted API: interaction is via interactive CLI and an installed agent on the device.
⚠ Requires an adb-connected device/emulator and port forwarding (default TCP 31415).
⚠ README is aimed at manual use; limited info about machine-readable outputs or programmatic workflows.
⚠ Windows Defender/AV may flag the tool as malware; may require exclusions in your environment.

Alternatives

MobSF (Mobile Security Framework) QARK Androguard (analysis) + custom scripts for component/manifest inspection Frida (dynamic instrumentation, for analysts) Drozer containerized alternatives / maintained forks (if available in your ecosystem)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for drozer.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-29.