Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update README.md #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update README.md #27

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
323 changes: 0 additions & 323 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,324 +1 @@
# Android-Reports-and-Resources

### HackerOne Reports

--------

### Hardcoded credentials

#### Disclosure of all uploads via hardcoded api secret

[https://hackerone.com/reports/351555](https://hackerone.com/reports/351555)

--------

### WebView

#### Android security checklist: WebView
[https://blog.oversecured.com/Android-security-checklist-webview/](https://blog.oversecured.com/Android-security-checklist-webview/)

### Insecure deeplinks

#### Account Takeover Via DeepLink
[https://hackerone.com/reports/855618](https://hackerone.com/reports/855618)

#### Sensitive information disclosure

[https://hackerone.com/reports/401793](https://hackerone.com/reports/401793)

### RCE/ACE

#### Why dynamic code loading could be dangerous for your apps: a Google example

[https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/](https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/)

#### RCE in TinyCards for Android

[https://hackerone.com/reports/281605](https://hackerone.com/reports/281605) - TinyCards made this report private.

#### Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC

[https://hackerone.com/reports/971386](https://hackerone.com/reports/971386)

#### CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library

[https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/](https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/) - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913

#### TikTok: three persistent arbitrary code executions and one theft of arbitrary files
[https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/](https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/) - Oversecured detects dangerous vulnerabilities in the TikTok Android app

--------

### Memory corruption

#### Exploiting memory corruption vulnerabilities on Android
[https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) - Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps

--------

### Cryptography

#### Use cryptography in mobile apps the right way

[https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/](https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/)

--------

### SQL Injection

#### SQL Injection in Content Provider

[https://hackerone.com/reports/291764](https://hackerone.com/reports/291764)

--------

### Session theft

#### Steal user session

[https://hackerone.com/reports/328486](https://hackerone.com/reports/328486)

--------

### Steal files

#### Android security checklist: theft of arbitrary files

[https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)

#### How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps

[https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/](https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse) - Android: Exploring vulnerabilities in WebResourceResponse

#### Vulnerable to local file steal, Javascript injection, Open redirect

[https://hackerone.com/reports/499348](https://hackerone.com/reports/499348)

#### Token leakage due to stolen files via unprotected Activity

[https://hackerone.com/reports/288955](https://hackerone.com/reports/288955)

#### Steal files due to exported services

[https://hackerone.com/reports/258460](https://hackerone.com/reports/258460)

#### Steal files due to unprotected exported Activity

[https://hackerone.com/reports/161710](https://hackerone.com/reports/161710)

#### Steal files due to insecure data storage

[https://hackerone.com/reports/44727](https://hackerone.com/reports/44727)

#### Insecure local data storage, makes it easy to steal files

[https://hackerone.com/reports/57918](https://hackerone.com/reports/57918)

--------

### Bypasses

#### Accidental $70k Google Pixel Lock Screen Bypass

[https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)

#### Golden techniques to bypass host validations

[https://hackerone.com/reports/431002](https://hackerone.com/reports/431002)

#### Two-factor authentication bypass due to vuln endpoint

[https://hackerone.com/reports/202425](https://hackerone.com/reports/202425)

#### Another endpoint Auth bypass

[https://hackerone.com/reports/205000](https://hackerone.com/reports/205000)

#### Bypass PIN/Fingerprint lock

[https://hackerone.com/reports/331489](https://hackerone.com/reports/331489)

#### Bypass lock protection

[https://hackerone.com/reports/490946](https://hackerone.com/reports/490946)

#### Bypass of biometrics security functionality

[https://hackerone.com/reports/637194](https://hackerone.com/reports/637194)

--------

### XSS

#### HTML Injection in BatterySaveArticleRenderer WebView

[https://hackerone.com/reports/176065](https://hackerone.com/reports/176065)

#### XSS via SAMLAuthActivity

[https://hackerone.com/reports/283058](https://hackerone.com/reports/283058)

#### XSS in ImageViewerActivity

[https://hackerone.com/reports/283063](https://hackerone.com/reports/283063)

#### XSS via start ContentActivity

[https://hackerone.com/reports/189793](https://hackerone.com/reports/189793)

#### XSS on Owncloud webview

[https://hackerone.com/reports/87835](https://hackerone.com/reports/87835)

--------

### Privilege Escalation

#### 20 Security Issues Found in Xiaomi Devices

[https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/](https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/)

#### Discovering vendor-specific vulnerabilities in Android

[https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/](https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/)

#### Common mistakes when using permissions in Android

[https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/](https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/)

#### Two weeks of securing Samsung devices: Part 2

[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/)

#### Two weeks of securing Samsung devices: Part 1

[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/)

#### Intent Spoofing

[https://hackerone.com/reports/97295](https://hackerone.com/reports/97295)

#### Access of some not exported content providers

[https://hackerone.com/reports/272044](https://hackerone.com/reports/272044)

#### Access protected components via intent

[https://hackerone.com/reports/200427](https://hackerone.com/reports/200427)

#### Fragment injection

[https://hackerone.com/reports/43988](https://hackerone.com/reports/43988)

#### Javascript injection

[https://hackerone.com/reports/54631](https://hackerone.com/reports/54631)

--------

### CSRF

#### Deeplink leads to CSRF in follow action

[https://hackerone.com/reports/583987](https://hackerone.com/reports/583987)

---

### Case sensitive account collisions

#### overwrite account associated with email via android application

[https://hackerone.com/reports/187714](https://hackerone.com/reports/187714)

---

### Intercept Broadcasts

#### Possible to intercept broadcasts about file uploads

[https://hackerone.com/reports/167481](https://hackerone.com/reports/167481)

#### Vulnerable exported broadcast reciever

[https://hackerone.com/reports/289000](https://hackerone.com/reports/289000)

#### View every network request response's information
[https://hackerone.com/reports/56002](https://hackerone.com/reports/56002)

--------

## Practice Apps

#### Oversecured Vulnerable Android App
[A vulnerable app showing modern security bugs in Android apps](https://github.com/oversecured/ovaa)

#### Damn Vulnerable Bank

[Vulnerable Banking Application for Android](https://github.com/rewanth1997/Damn-Vulnerable-Bank)

#### InsecureShop

[Intentionally Vulnerable Android Application](https://github.com/optiv/InsecureShop)

#### Vuldroid

[Vulnerable Android Application made with security issues](https://github.com/jaiswalakshansh/Vuldroid)

#### InjuredAndroid

[A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.](https://github.com/B3nac/InjuredAndroid)

#### Android-InsecureBankv2

[Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities](https://github.com/dineshshetty/Android-InsecureBankv2)

#### Damn Insecure and Vulnerable app

[Damn Insecure and vulnerable App for Android](https://github.com/payatu/diva-android)

#### OWASP-GoatDroid-Project
[OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security](https://github.com/jackMannino/OWASP-GoatDroid-Project)

#### Sieve mwrlabs
[Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk)

## Tools
[Android - PentestBook](https://github.com/six2dez/pentest-book/blob/master/mobile/android.md)

[Awesome-Android-Security](https://github.com/saeidshirazi/awesome-android-security)

[android-security-awesome](https://github.com/ashishb/android-security-awesome)

## Resources

[OWASP top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10)

[OWASP mobile testing guide](https://github.com/OWASP/owasp-mstg)

[Android Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit)

[Detect secret leaks in Android apps online](https://android.fallible.co/)

[Android Security Guidelines](https://developer.box.com/docs/android-security-guidelines)

[Attacking vulnerable Broadcast Recievers](https://manifestsecurity.com/android-application-security-part-18/)

[Android Webview Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)

[Android reverse engineering recon](https://b3nac.com/posts/2017-11-10-Setup-and-tips-for-Android-APK-recon.html)

[Webview addjavascriptinterface RCE](https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/)

[Install PLayStore On Android Emulator](https://medium.com/@dai_shi/installing-google-play-services-on-an-android-studio-emulator-fffceb2c28a1)

[Android Bug Bounty Tips](https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc)

[Android: Access to app protected components](https://blog.oversecured.com/Android-Access-to-app-protected-components/)

[Android: arbitrary code execution via third-party package contexts](https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/)

[Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)

[Evernote: Universal-XSS, theft of all cookies from all sites, and more](https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/)

[Android: Gaining access to arbitrary* Content Providers](https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/)