I am working on a project where I am asked to manually conduct security analysis on android app APKs, such as Misuse of Phone Identifiers, Exposure of Physical Location ...ect. The burden lies in the fact that I don't know how to go about it. I know how to decompile the apk into java classes but what after that?
My question: are there best practices, tools, universal guide to conduct such analysis?
While this is a very general question that requires extensive understanding the security field, here are some options...