{"id":13538416,"url":"https://github.com/b3nac/android-reports-and-resources","last_synced_at":"2025-05-15T14:02:14.423Z","repository":{"id":38857640,"uuid":"111239706","full_name":"B3nac/Android-Reports-and-Resources","owner":"B3nac","description":"A big list of Android Hackerone disclosed reports and other resources. ","archived":false,"fork":false,"pushed_at":"2024-08-04T20:11:50.000Z","size":66,"stargazers_count":1550,"open_issues_count":0,"forks_count":308,"subscribers_count":93,"default_branch":"master","last_synced_at":"2025-04-15T03:49:39.632Z","etag":null,"topics":["android","android-repo","android-resource","android-security","bugbounty","bypass","hackerone","infosec","insecure-data-storage","intercept-broadcasts","steal-files","webview","xss"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/B3nac.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-18T21:11:31.000Z","updated_at":"2025-04-12T14:36:59.000Z","dependencies_parsed_at":"2023-01-22T23:00:48.749Z","dependency_job_id":"e8f1c110-5644-42f0-8691-4bb4aeb0096c","html_url":"https://github.com/B3nac/Android-Reports-and-Resources","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B3nac%2FAndroid-Reports-and-Resources","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B3nac%2FAndroid-Reports-and-Resources/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B3nac%2FAndroid-Reports-and-Resources/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/B3nac%2FAndroid-Reports-and-Resources/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/B3nac","download_url":"https://codeload.github.com/B3nac/Android-Reports-and-Resources/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249003943,"owners_count":21196794,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","android-repo","android-resource","android-security","bugbounty","bypass","hackerone","infosec","insecure-data-storage","intercept-broadcasts","steal-files","webview","xss"],"created_at":"2024-08-01T09:01:11.649Z","updated_at":"2025-04-15T03:49:51.229Z","avatar_url":"https://github.com/B3nac.png","language":null,"funding_links":[],"categories":["\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","\u003ca id=\"06fccfcc4faa7da54d572c10ef29b42e\"\u003e\u003c/a\u003e移动\u0026\u0026Mobile","\u003ca id=\"2110ded2aa5637fa933cc674bc33bf21\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"fe88ee8c0df10870b44c2dedcd86d3d3\"\u003e\u003c/a\u003eAndroid","\u003ca id=\"63fd2c592145914e99f837cecdc5a67c\"\u003e\u003c/a\u003e新添加的1"],"readme":"# Android-Reports-and-Resources\n\n### HackerOne Reports\n\n--------\n\n### Hardcoded credentials\n\n#### Disclosure of all uploads via hardcoded api secret\n\n[https://hackerone.com/reports/351555](https://hackerone.com/reports/351555)\n\n--------\n\n### WebView\n\n#### Android security checklist: WebView\n[https://blog.oversecured.com/Android-security-checklist-webview/](https://blog.oversecured.com/Android-security-checklist-webview/)\n\n### Insecure deeplinks\n\n#### Account Takeover Via DeepLink\n[https://hackerone.com/reports/855618](https://hackerone.com/reports/855618)\n\n#### Sensitive information disclosure\n\n[https://hackerone.com/reports/401793](https://hackerone.com/reports/401793)\n\n### RCE/ACE\n\n#### Why dynamic code loading could be dangerous for your apps: a Google example\n\n[https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/](https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/)\n\n#### RCE in TinyCards for Android\n\n[https://hackerone.com/reports/281605](https://hackerone.com/reports/281605) - TinyCards made this report private.\n\n#### Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC\n\n[https://hackerone.com/reports/971386](https://hackerone.com/reports/971386)\n\n#### CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library\n\n[https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/](https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/) - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913\n\n#### TikTok: three persistent arbitrary code executions and one theft of arbitrary files\n[https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/](https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/) - Oversecured detects dangerous vulnerabilities in the TikTok Android app\n\n--------\n\n### Memory corruption\n\n#### Exploiting memory corruption vulnerabilities on Android\n[https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) - Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps\n\n--------\n\n### Cryptography\n\n#### Use cryptography in mobile apps the right way\n\n[https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/](https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/)\n\n--------\n\n### SQL Injection\n\n#### SQL Injection in Content Provider\n\n[https://hackerone.com/reports/291764](https://hackerone.com/reports/291764)\n\n--------\n\n### Session theft\n\n#### Steal user session\n\n[https://hackerone.com/reports/328486](https://hackerone.com/reports/328486)\n\n--------\n\n### Steal files\n\n#### Android security checklist: theft of arbitrary files\n\n[https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)\n\n#### How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps\n\n[https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/](https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse) - Android: Exploring vulnerabilities in WebResourceResponse\n\n#### Vulnerable to local file steal, Javascript injection, Open redirect\n\n[https://hackerone.com/reports/499348](https://hackerone.com/reports/499348)\n\n#### Token leakage due to stolen files via unprotected Activity\n\n[https://hackerone.com/reports/288955](https://hackerone.com/reports/288955)\n\n#### Steal files due to exported services\n\n[https://hackerone.com/reports/258460](https://hackerone.com/reports/258460)\n\n#### Steal files due to unprotected exported Activity\n\n[https://hackerone.com/reports/161710](https://hackerone.com/reports/161710)\n\n#### Steal files due to insecure data storage\n\n[https://hackerone.com/reports/44727](https://hackerone.com/reports/44727)\n\n#### Insecure local data storage, makes it easy to steal files\n\n[https://hackerone.com/reports/57918](https://hackerone.com/reports/57918)\n\n--------\n\n### Bypasses\n\n#### Accidental $70k Google Pixel Lock Screen Bypass\n\n[https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)\n\n#### Golden techniques to bypass host validations\n\n[https://hackerone.com/reports/431002](https://hackerone.com/reports/431002)\n\n#### Two-factor authentication bypass due to vuln endpoint\n\n[https://hackerone.com/reports/202425](https://hackerone.com/reports/202425)\n\n#### Another endpoint Auth bypass\n\n[https://hackerone.com/reports/205000](https://hackerone.com/reports/205000)\n\n#### Bypass PIN/Fingerprint lock\n\n[https://hackerone.com/reports/331489](https://hackerone.com/reports/331489)\n\n#### Bypass lock protection\n\n[https://hackerone.com/reports/490946](https://hackerone.com/reports/490946)\n\n#### Bypass of biometrics security functionality\n\n[https://hackerone.com/reports/637194](https://hackerone.com/reports/637194)\n\n--------\n\n### XSS\n\n#### HTML Injection in BatterySaveArticleRenderer WebView\n\n[https://hackerone.com/reports/176065](https://hackerone.com/reports/176065)\n\n#### XSS via SAMLAuthActivity\n\n[https://hackerone.com/reports/283058](https://hackerone.com/reports/283058)\n\n#### XSS in ImageViewerActivity\n\n[https://hackerone.com/reports/283063](https://hackerone.com/reports/283063)\n\n#### XSS via start ContentActivity\n\n[https://hackerone.com/reports/189793](https://hackerone.com/reports/189793)\n\n#### XSS on Owncloud webview\n\n[https://hackerone.com/reports/87835](https://hackerone.com/reports/87835)\n\n--------\n\n### Privilege Escalation\n\n#### 20 Security Issues Found in Xiaomi Devices\n\n[https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/](https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/)\n\n#### Discovering vendor-specific vulnerabilities in Android\n\n[https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/](https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/)\n\n#### Common mistakes when using permissions in Android\n\n[https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/](https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/)\n\n#### Two weeks of securing Samsung devices: Part 2\n\n[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/)\n\n#### Two weeks of securing Samsung devices: Part 1\n\n[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/)\n\n#### Intent Spoofing\n\n[https://hackerone.com/reports/97295](https://hackerone.com/reports/97295)\n\n#### Access of some not exported content providers\n\n[https://hackerone.com/reports/272044](https://hackerone.com/reports/272044)\n\n#### Access protected components via intent\n\n[https://hackerone.com/reports/200427](https://hackerone.com/reports/200427)\n\n#### Fragment injection\n\n[https://hackerone.com/reports/43988](https://hackerone.com/reports/43988)\n\n#### Javascript injection\n\n[https://hackerone.com/reports/54631](https://hackerone.com/reports/54631)\n\n--------\n\n### CSRF\n\n#### Deeplink leads to CSRF in follow action\n\n[https://hackerone.com/reports/583987](https://hackerone.com/reports/583987)\n\n---\n\n### Case sensitive account collisions\n\n#### overwrite account associated with email via android application\n\n[https://hackerone.com/reports/187714](https://hackerone.com/reports/187714)\n\n---\n\n### Intercept Broadcasts\n\n#### Possible to intercept broadcasts about file uploads\n\n[https://hackerone.com/reports/167481](https://hackerone.com/reports/167481)\n\n#### Vulnerable exported broadcast reciever\n\n[https://hackerone.com/reports/289000](https://hackerone.com/reports/289000)\n\n#### View every network request response's information\n[https://hackerone.com/reports/56002](https://hackerone.com/reports/56002)\n\n--------\n\n## Practice Apps\n\n#### Oversecured Vulnerable Android App\n[A vulnerable app showing modern security bugs in Android apps](https://github.com/oversecured/ovaa)\n\n#### Damn Vulnerable Bank\n\n[Vulnerable Banking Application for Android](https://github.com/rewanth1997/Damn-Vulnerable-Bank)\n\n#### InsecureShop\n\n[Intentionally Vulnerable Android Application](https://github.com/optiv/InsecureShop)\n\n#### Vuldroid\n\n[Vulnerable Android Application made with security issues](https://github.com/jaiswalakshansh/Vuldroid)\n\n#### InjuredAndroid\n\n[A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.](https://github.com/B3nac/InjuredAndroid)\n\n#### Android-InsecureBankv2\n\n[Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities](https://github.com/dineshshetty/Android-InsecureBankv2)\n\n#### Damn Insecure and Vulnerable app\n\n[Damn Insecure and vulnerable App for Android](https://github.com/payatu/diva-android)\n\n#### OWASP-GoatDroid-Project\n[OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security](https://github.com/jackMannino/OWASP-GoatDroid-Project)\n\n#### Sieve mwrlabs\n[Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk)\n\n## Tools\n[Android - PentestBook](https://github.com/six2dez/pentest-book/blob/master/mobile/android.md)\n\n[Awesome-Android-Security](https://github.com/saeidshirazi/awesome-android-security)\n\n[android-security-awesome](https://github.com/ashishb/android-security-awesome)\n\n## Resources\n\n[OWASP top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10)\n\n[OWASP mobile testing guide](https://github.com/OWASP/owasp-mstg)\n\n[Android Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit)\n\n[Detect secret leaks in Android apps online](https://android.fallible.co/)\n\n[Android Security Guidelines](https://developer.box.com/docs/android-security-guidelines)\n\n[Attacking vulnerable Broadcast Recievers](https://manifestsecurity.com/android-application-security-part-18/)\n\n[Android Webview Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)\n\n[Android reverse engineering recon](https://b3nac.com/posts/2017-11-10-Setup-and-tips-for-Android-APK-recon.html)\n\n[Webview addjavascriptinterface RCE](https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/)\n\n[Install PLayStore On Android Emulator](https://medium.com/@dai_shi/installing-google-play-services-on-an-android-studio-emulator-fffceb2c28a1)\n\n[Android Bug Bounty Tips](https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc)\n\n[Android: Access to app protected components](https://blog.oversecured.com/Android-Access-to-app-protected-components/)\n\n[Android: arbitrary code execution via third-party package contexts](https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/)\n\n[Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)\n\n[Evernote: Universal-XSS, theft of all cookies from all sites, and more](https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/)\n\n[Android: Gaining access to arbitrary* Content Providers](https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb3nac%2Fandroid-reports-and-resources","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fb3nac%2Fandroid-reports-and-resources","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb3nac%2Fandroid-reports-and-resources/lists"}