Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/B3nac/Android-Reports-and-Resources

A big list of Android Hackerone disclosed reports and other resources.
https://github.com/B3nac/Android-Reports-and-Resources

android android-repo android-resource android-security bugbounty bypass hackerone infosec insecure-data-storage intercept-broadcasts steal-files webview xss

Last synced: about 2 months ago
JSON representation

A big list of Android Hackerone disclosed reports and other resources.

Awesome Lists containing this project

README

        

# Android-Reports-and-Resources

### HackerOne Reports

--------

### Hardcoded credentials

#### Disclosure of all uploads via hardcoded api secret

[https://hackerone.com/reports/351555](https://hackerone.com/reports/351555)

--------

### WebView

#### Android security checklist: WebView
[https://blog.oversecured.com/Android-security-checklist-webview/](https://blog.oversecured.com/Android-security-checklist-webview/)

### Insecure deeplinks

#### Account Takeover Via DeepLink
[https://hackerone.com/reports/855618](https://hackerone.com/reports/855618)

#### Sensitive information disclosure

[https://hackerone.com/reports/401793](https://hackerone.com/reports/401793)

### RCE/ACE

#### Why dynamic code loading could be dangerous for your apps: a Google example

[https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/](https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/)

#### RCE in TinyCards for Android

[https://hackerone.com/reports/281605](https://hackerone.com/reports/281605) - TinyCards made this report private.

#### Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC

[https://hackerone.com/reports/971386](https://hackerone.com/reports/971386)

#### CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library

[https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/](https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/) - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913

#### TikTok: three persistent arbitrary code executions and one theft of arbitrary files
[https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/](https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/) - Oversecured detects dangerous vulnerabilities in the TikTok Android app

--------

### Memory corruption

#### Exploiting memory corruption vulnerabilities on Android
[https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) - Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps

--------

### Cryptography

#### Use cryptography in mobile apps the right way

[https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/](https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/)

--------

### SQL Injection

#### SQL Injection in Content Provider

[https://hackerone.com/reports/291764](https://hackerone.com/reports/291764)

--------

### Session theft

#### Steal user session

[https://hackerone.com/reports/328486](https://hackerone.com/reports/328486)

--------

### Steal files

#### Android security checklist: theft of arbitrary files

[https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)

#### How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps

[https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/](https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse) - Android: Exploring vulnerabilities in WebResourceResponse

#### Vulnerable to local file steal, Javascript injection, Open redirect

[https://hackerone.com/reports/499348](https://hackerone.com/reports/499348)

#### Token leakage due to stolen files via unprotected Activity

[https://hackerone.com/reports/288955](https://hackerone.com/reports/288955)

#### Steal files due to exported services

[https://hackerone.com/reports/258460](https://hackerone.com/reports/258460)

#### Steal files due to unprotected exported Activity

[https://hackerone.com/reports/161710](https://hackerone.com/reports/161710)

#### Steal files due to insecure data storage

[https://hackerone.com/reports/44727](https://hackerone.com/reports/44727)

#### Insecure local data storage, makes it easy to steal files

[https://hackerone.com/reports/57918](https://hackerone.com/reports/57918)

--------

### Bypasses

#### Accidental $70k Google Pixel Lock Screen Bypass

[https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)

#### Golden techniques to bypass host validations

[https://hackerone.com/reports/431002](https://hackerone.com/reports/431002)

#### Two-factor authentication bypass due to vuln endpoint

[https://hackerone.com/reports/202425](https://hackerone.com/reports/202425)

#### Another endpoint Auth bypass

[https://hackerone.com/reports/205000](https://hackerone.com/reports/205000)

#### Bypass PIN/Fingerprint lock

[https://hackerone.com/reports/331489](https://hackerone.com/reports/331489)

#### Bypass lock protection

[https://hackerone.com/reports/490946](https://hackerone.com/reports/490946)

#### Bypass of biometrics security functionality

[https://hackerone.com/reports/637194](https://hackerone.com/reports/637194)

--------

### XSS

#### HTML Injection in BatterySaveArticleRenderer WebView

[https://hackerone.com/reports/176065](https://hackerone.com/reports/176065)

#### XSS via SAMLAuthActivity

[https://hackerone.com/reports/283058](https://hackerone.com/reports/283058)

#### XSS in ImageViewerActivity

[https://hackerone.com/reports/283063](https://hackerone.com/reports/283063)

#### XSS via start ContentActivity

[https://hackerone.com/reports/189793](https://hackerone.com/reports/189793)

#### XSS on Owncloud webview

[https://hackerone.com/reports/87835](https://hackerone.com/reports/87835)

--------

### Privilege Escalation

#### 20 Security Issues Found in Xiaomi Devices

[https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/](https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/)

#### Discovering vendor-specific vulnerabilities in Android

[https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/](https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/)

#### Common mistakes when using permissions in Android

[https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/](https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/)

#### Two weeks of securing Samsung devices: Part 2

[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/)

#### Two weeks of securing Samsung devices: Part 1

[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/)

#### Intent Spoofing

[https://hackerone.com/reports/97295](https://hackerone.com/reports/97295)

#### Access of some not exported content providers

[https://hackerone.com/reports/272044](https://hackerone.com/reports/272044)

#### Access protected components via intent

[https://hackerone.com/reports/200427](https://hackerone.com/reports/200427)

#### Fragment injection

[https://hackerone.com/reports/43988](https://hackerone.com/reports/43988)

#### Javascript injection

[https://hackerone.com/reports/54631](https://hackerone.com/reports/54631)

--------

### CSRF

#### Deeplink leads to CSRF in follow action

[https://hackerone.com/reports/583987](https://hackerone.com/reports/583987)

---

### Case sensitive account collisions

#### overwrite account associated with email via android application

[https://hackerone.com/reports/187714](https://hackerone.com/reports/187714)

---

### Intercept Broadcasts

#### Possible to intercept broadcasts about file uploads

[https://hackerone.com/reports/167481](https://hackerone.com/reports/167481)

#### Vulnerable exported broadcast reciever

[https://hackerone.com/reports/289000](https://hackerone.com/reports/289000)

#### View every network request response's information
[https://hackerone.com/reports/56002](https://hackerone.com/reports/56002)

--------

## Practice Apps

#### Oversecured Vulnerable Android App
[A vulnerable app showing modern security bugs in Android apps](https://github.com/oversecured/ovaa)

#### Damn Vulnerable Bank

[Vulnerable Banking Application for Android](https://github.com/rewanth1997/Damn-Vulnerable-Bank)

#### InsecureShop

[Intentionally Vulnerable Android Application](https://github.com/optiv/InsecureShop)

#### Vuldroid

[Vulnerable Android Application made with security issues](https://github.com/jaiswalakshansh/Vuldroid)

#### InjuredAndroid

[A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.](https://github.com/B3nac/InjuredAndroid)

#### Android-InsecureBankv2

[Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities](https://github.com/dineshshetty/Android-InsecureBankv2)

#### Damn Insecure and Vulnerable app

[Damn Insecure and vulnerable App for Android](https://github.com/payatu/diva-android)

#### OWASP-GoatDroid-Project
[OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security](https://github.com/jackMannino/OWASP-GoatDroid-Project)

#### Sieve mwrlabs
[Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk)

## Tools
[Android - PentestBook](https://github.com/six2dez/pentest-book/blob/master/mobile/android.md)

[Awesome-Android-Security](https://github.com/saeidshirazi/awesome-android-security)

[android-security-awesome](https://github.com/ashishb/android-security-awesome)

## Resources

[OWASP top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10)

[OWASP mobile testing guide](https://github.com/OWASP/owasp-mstg)

[Android Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit)

[Detect secret leaks in Android apps online](https://android.fallible.co/)

[Android Security Guidelines](https://developer.box.com/docs/android-security-guidelines)

[Attacking vulnerable Broadcast Recievers](https://manifestsecurity.com/android-application-security-part-18/)

[Android Webview Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)

[Android reverse engineering recon](https://b3nac.com/posts/2017-11-10-Setup-and-tips-for-Android-APK-recon.html)

[Webview addjavascriptinterface RCE](https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/)

[Install PLayStore On Android Emulator](https://medium.com/@dai_shi/installing-google-play-services-on-an-android-studio-emulator-fffceb2c28a1)

[Android Bug Bounty Tips](https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc)

[Android: Access to app protected components](https://blog.oversecured.com/Android-Access-to-app-protected-components/)

[Android: arbitrary code execution via third-party package contexts](https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/)

[Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)

[Evernote: Universal-XSS, theft of all cookies from all sites, and more](https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/)

[Android: Gaining access to arbitrary* Content Providers](https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/)