I need a thorough security assessment of my Android application with emphasis on two fronts: all traffic that moves over Wi-Fi and the login flows that depend on username-and-password as well as OAuth. The build is in beta and a staging backend is ready; I will provide the APK, test accounts, and API keys. Your task is to intercept, analyse, and attempt to break every request made on Wi-Fi—checking certificate pinning, TLS configuration, token handling, and susceptibility to man-in-the-middle or session hijacking. On the authentication side I want to see whether brute-force protections, password storage, token exchange, refresh logic, and logout processes hold up to OWASP MASVS-AUTH guidance. Deliverables • A concise PDF report that lists each finding with severity (CVSS or OWASP), reproducible steps, screenshots or packet captures, and clear remediation advice. • A short verification pass after fixes are applied, confirming that critical and high-risk items are closed. You are welcome to work with Burp Suite Pro, mitmproxy, Frida, or comparable tooling; just outline your preferred setup so I can align test credentials and timelines.