During your application security assessments, you may want to know what the attack surface of a given application is. drozer has a really neat module that helps you determine just that. In terms of this module, the attack surface for an application is simply the number of exported components.
Execute the following command from your drozer console:
dz> app.package.attacksurface [package name]
This command will list all the exported activities for a given package as determined by the package manager API.
As an example, you could try running it against a sample package as follows:
Let's take a look at the app.package.attacksurface
module code. I think this is probably one of the most interesting modules, and walking through its code should spark some ideas on how to write automated testing tools in the form of applications. It will most certainly come in handy when you want to do mass automated application scanning!
The code...