Summer Sale · 25% off · SUMMER25
8kSec

Interactive Learning Roadmap

How to Learn Mobile Security

A dependency-ordered path from first principles to userland and kernel-level exploitation — across iOS and Android, app-level and OS-level. Start on the shared foundation, then fork into the specialization you want. Userland exploitation (browser, media parsers, IPC, sandbox escapes) and kernel-level exploitation are treated as distinct advanced tracks that chain together into a full compromise. Every node explains what it is, why it matters, and what it takes to master.

Reading about mobile security is not enough — you have to break things. Practice everything on the free 8kSec Battlegrounds (deliberately vulnerable iOS, Android and ARM challenges) and the OWASP MASTG UnCrackable apps as you work through each node.
Beginner Intermediate Advanced Android iOS Fully detailed

Tip: click any node for a full checklist of the skills, knowledge and tools it takes to master it — plus an honest note where a skill only comes from original research or paid training · filter by platform or level · Esc closes.

01–05

Foundations

The shared trunk — five milestones every mobile security researcher shares before specializing, sequenced by dependency. Each opens a full checklist of the skills, knowledge and tools it takes to master it.

After the foundations You have the toolkit of a junior mobile security analyst — you can reverse and instrument apps. You are not a pentester yet; the vulnerability classes come next. Real roles also expect a portfolio and lots of practice.
the path forks

The app-security track

App-Level Exploitation

Attacking the app itself — storage, IPC, deep links, crypto, network defenses and anti-tampering. No jailbreak-kernel work required to start.

iOS apps

Data & crypto
IPC & web surface
Network
Milestone master everything above and you have the skills for the iOS App Penetration Tester role — with a portfolio and enough hands-on practice
Anti-tampering & resilience
Milestone master everything above and you have the skills for the Advanced iOS App Pentester role — with a portfolio and enough hands-on practice

Android apps

Data & crypto
Components & IPC
Network
Milestone master everything above and you have the skills for the Android App Penetration Tester role — with a portfolio and enough hands-on practice
Anti-tampering & integrity
Native & advanced
Milestone master everything above and you have the skills for the Advanced Android App Pentester role — with a portfolio and enough hands-on practice

Cross-platform

Methodology & interception
Frameworks & obfuscation
Backend & abuse
Milestone master everything above and you have the skills for the Mobile Application Pentester (cross-platform) role — with a portfolio and enough hands-on practice

The userland-to-kernel research track

OS Exploitation: Userland & Kernel

Going below the app — both userland exploitation (browser/JIT, zero-click media parsers, IPC and sandbox escapes) and kernel-level exploitation (XNU/Linux internals, mitigations, memory-corruption primitives, jailbreak/root research). Real chains start in userland and pivot into the kernel; this track covers both ends and the bridge between them.

iOS internals

Kernel foundations
Code integrity & sandbox
Userland exploitation & sandbox escape
Milestone master everything above and you have the skills for the iOS Userland Exploit Developer role — with a portfolio and enough hands-on practice
Kernel-level exploitation & mitigations
Milestone master everything above and you have the skills for the iOS Security Researcher role — with a portfolio and enough hands-on practice
Memory corruption & primitives
Bug hunting & patch diffing
Milestone master everything above and you have the skills for the iOS Vulnerability Researcher role — with a portfolio and enough hands-on practice
Jailbreak & real-world
Milestone master everything above and you have the skills for the iOS Kernel Exploit Developer role — with a portfolio and enough hands-on practice

Android internals

Platform foundations
IPC & system services
Access control & privesc
Milestone master everything above and you have the skills for the Android Security Researcher role — with a portfolio and enough hands-on practice
Memory & mitigations
Native code, fuzzing & patch diffing
Milestone master everything above and you have the skills for the Android Vulnerability Researcher role — with a portfolio and enough hands-on practice
Debugging & real-world
Milestone master everything above and you have the skills for the Android Kernel Exploit Developer role — with a portfolio and enough hands-on practice

A free, open study plan for learning mobile security. Every node points to the skills, tools and standards on the topic — plus, where relevant, the hands-on 8kSec course that goes deeper.

8ksec.io/roadmaps/mobile-security · a free resource for the mobile security community