Dive into the world of Android app security with this 48-minute conference talk from Derbycon 2018, presented by Joff Thyer and Derek Banks. Explore the fundamentals of Android app penetration testing, covering essential topics such as Android OS architecture, potential risks, and must-have tools for testing. Learn how to configure emulators, utilize ADB effectively, and analyze package files and manifests. Gain insights into app analysis guidelines, methodology overviews, and various testing techniques including static analysis, app reconnaissance, and identifying insecure communications and data storage. Discover how to detect extraneous functionality and understand the process of embedding malware in APKs. This comprehensive talk equips security professionals with the knowledge to assess and improve Android app security.