I have an in-house Android application that now needs a thorough security health-check. The goal is a full ethical hacking engagement focused on uncovering vulnerabilities in its APK, backend interactions, and data-storage practices, then documenting clear, actionable fixes. Scope • Perform a penetration test against the latest production APK and any exposed APIs. • Emulate real-world attack vectors—static and dynamic analysis, network traffic interception, insecure data storage checks, and reverse-engineering attempts using tools such as MobSF, Burp Suite, Frida, or equivalent. • Keep testing strictly black-box; source code will not be shared. Deliverables 1. A concise executive-level summary highlighting overall risk. 2. A technical report listing each finding, its CVSS score, reproduction steps, screenshots or PoC scripts, and recommended remediation. 3. A verification re-test once fixes are applied to confirm closure of all critical and high-severity issues. Acceptance Criteria • At least one exploitable issue (or confirmation none exist) is demonstrated. • All findings are reproducible from the steps provided. • Reports are delivered in PDF and editable format within the agreed timeline. The work must remain 100 % ethical and compliant with relevant laws; only the authorised APK, endpoints, and test credentials I supply may be touched.