iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications:
This tool hooks various methods in order to disable SSL certificate pinning, by forcing the Android application to accept any SSL certificate. Once installed, it works across all applications on a device. See the project page.
This tool disables signature and permission checks for Android IPCs. This can be useful to test internal or restricted IPCs in specific cases/scenarios. See the project page.
This extension makes all applications running on the device debuggable; once installed, any application will accept a debugger to attach to them. We originally wrote a different version that hooked on the android.content.pm.PackageParser class; however, MWR released a new technique last week involving a faster way to do it, which is what this Cydia Extension now uses. See the project page.