Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/b3nac/android-reports-and-resources
A big list of Android Hackerone disclosed reports and other resources.
https://github.com/b3nac/android-reports-and-resources
android android-repo android-resource android-security bugbounty bypass hackerone infosec insecure-data-storage intercept-broadcasts steal-files webview xss
Last synced: 27 days ago
JSON representation
A big list of Android Hackerone disclosed reports and other resources.
- Host: GitHub
- URL: https://github.com/b3nac/android-reports-and-resources
- Owner: B3nac
- Created: 2017-11-18T21:11:31.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2024-08-04T20:11:50.000Z (3 months ago)
- Last Synced: 2024-10-15T04:41:49.314Z (27 days ago)
- Topics: android, android-repo, android-resource, android-security, bugbounty, bypass, hackerone, infosec, insecure-data-storage, intercept-broadcasts, steal-files, webview, xss
- Homepage:
- Size: 64.5 KB
- Stars: 1,443
- Watchers: 93
- Forks: 300
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-security-collection - **358**星
README
# Android-Reports-and-Resources
### HackerOne Reports
--------
### Hardcoded credentials
#### Disclosure of all uploads via hardcoded api secret
[https://hackerone.com/reports/351555](https://hackerone.com/reports/351555)
--------
### WebView
#### Android security checklist: WebView
[https://blog.oversecured.com/Android-security-checklist-webview/](https://blog.oversecured.com/Android-security-checklist-webview/)
### Insecure deeplinks
#### Account Takeover Via DeepLink
[https://hackerone.com/reports/855618](https://hackerone.com/reports/855618)
#### Sensitive information disclosure
[https://hackerone.com/reports/401793](https://hackerone.com/reports/401793)
### RCE/ACE
#### Why dynamic code loading could be dangerous for your apps: a Google example
[https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/](https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/)
#### RCE in TinyCards for Android
[https://hackerone.com/reports/281605](https://hackerone.com/reports/281605) - TinyCards made this report private.
#### Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC
[https://hackerone.com/reports/971386](https://hackerone.com/reports/971386)
#### CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library
[https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/](https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/) - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913
#### TikTok: three persistent arbitrary code executions and one theft of arbitrary files
[https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/](https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/) - Oversecured detects dangerous vulnerabilities in the TikTok Android app
--------
### Memory corruption
#### Exploiting memory corruption vulnerabilities on Android
[https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/](https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/) - Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps
--------
### Cryptography
#### Use cryptography in mobile apps the right way
[https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/](https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/)
--------
### SQL Injection
#### SQL Injection in Content Provider
[https://hackerone.com/reports/291764](https://hackerone.com/reports/291764)
--------
### Session theft
#### Steal user session
[https://hackerone.com/reports/328486](https://hackerone.com/reports/328486)
--------
### Steal files
#### Android security checklist: theft of arbitrary files
[https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/](https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/)
#### How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps
[https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/](https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse) - Android: Exploring vulnerabilities in WebResourceResponse
#### Vulnerable to local file steal, Javascript injection, Open redirect
[https://hackerone.com/reports/499348](https://hackerone.com/reports/499348)
#### Token leakage due to stolen files via unprotected Activity
[https://hackerone.com/reports/288955](https://hackerone.com/reports/288955)
#### Steal files due to exported services
[https://hackerone.com/reports/258460](https://hackerone.com/reports/258460)
#### Steal files due to unprotected exported Activity
[https://hackerone.com/reports/161710](https://hackerone.com/reports/161710)
#### Steal files due to insecure data storage
[https://hackerone.com/reports/44727](https://hackerone.com/reports/44727)
#### Insecure local data storage, makes it easy to steal files
[https://hackerone.com/reports/57918](https://hackerone.com/reports/57918)
--------
### Bypasses
#### Accidental $70k Google Pixel Lock Screen Bypass
[https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)
#### Golden techniques to bypass host validations
[https://hackerone.com/reports/431002](https://hackerone.com/reports/431002)
#### Two-factor authentication bypass due to vuln endpoint
[https://hackerone.com/reports/202425](https://hackerone.com/reports/202425)
#### Another endpoint Auth bypass
[https://hackerone.com/reports/205000](https://hackerone.com/reports/205000)
#### Bypass PIN/Fingerprint lock
[https://hackerone.com/reports/331489](https://hackerone.com/reports/331489)
#### Bypass lock protection
[https://hackerone.com/reports/490946](https://hackerone.com/reports/490946)
#### Bypass of biometrics security functionality
[https://hackerone.com/reports/637194](https://hackerone.com/reports/637194)
--------
### XSS
#### HTML Injection in BatterySaveArticleRenderer WebView
[https://hackerone.com/reports/176065](https://hackerone.com/reports/176065)
#### XSS via SAMLAuthActivity
[https://hackerone.com/reports/283058](https://hackerone.com/reports/283058)
#### XSS in ImageViewerActivity
[https://hackerone.com/reports/283063](https://hackerone.com/reports/283063)
#### XSS via start ContentActivity
[https://hackerone.com/reports/189793](https://hackerone.com/reports/189793)
#### XSS on Owncloud webview
[https://hackerone.com/reports/87835](https://hackerone.com/reports/87835)
--------
### Privilege Escalation
#### 20 Security Issues Found in Xiaomi Devices
[https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/](https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/)
#### Discovering vendor-specific vulnerabilities in Android
[https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/](https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/)
#### Common mistakes when using permissions in Android
[https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/](https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/)
#### Two weeks of securing Samsung devices: Part 2
[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/)
#### Two weeks of securing Samsung devices: Part 1
[https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/](https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/)
#### Intent Spoofing
[https://hackerone.com/reports/97295](https://hackerone.com/reports/97295)
#### Access of some not exported content providers
[https://hackerone.com/reports/272044](https://hackerone.com/reports/272044)
#### Access protected components via intent
[https://hackerone.com/reports/200427](https://hackerone.com/reports/200427)
#### Fragment injection
[https://hackerone.com/reports/43988](https://hackerone.com/reports/43988)
#### Javascript injection
[https://hackerone.com/reports/54631](https://hackerone.com/reports/54631)
--------
### CSRF
#### Deeplink leads to CSRF in follow action
[https://hackerone.com/reports/583987](https://hackerone.com/reports/583987)
---
### Case sensitive account collisions
#### overwrite account associated with email via android application
[https://hackerone.com/reports/187714](https://hackerone.com/reports/187714)
---
### Intercept Broadcasts
#### Possible to intercept broadcasts about file uploads
[https://hackerone.com/reports/167481](https://hackerone.com/reports/167481)
#### Vulnerable exported broadcast reciever
[https://hackerone.com/reports/289000](https://hackerone.com/reports/289000)
#### View every network request response's information
[https://hackerone.com/reports/56002](https://hackerone.com/reports/56002)
--------
## Practice Apps
#### Oversecured Vulnerable Android App
[A vulnerable app showing modern security bugs in Android apps](https://github.com/oversecured/ovaa)
#### Damn Vulnerable Bank
[Vulnerable Banking Application for Android](https://github.com/rewanth1997/Damn-Vulnerable-Bank)
#### InsecureShop
[Intentionally Vulnerable Android Application](https://github.com/optiv/InsecureShop)
#### Vuldroid
[Vulnerable Android Application made with security issues](https://github.com/jaiswalakshansh/Vuldroid)
#### InjuredAndroid
[A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.](https://github.com/B3nac/InjuredAndroid)
#### Android-InsecureBankv2
[Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities](https://github.com/dineshshetty/Android-InsecureBankv2)
#### Damn Insecure and Vulnerable app
[Damn Insecure and vulnerable App for Android](https://github.com/payatu/diva-android)
#### OWASP-GoatDroid-Project
[OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security](https://github.com/jackMannino/OWASP-GoatDroid-Project)
#### Sieve mwrlabs
[Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.](https://github.com/mwrlabs/drozer/releases/download/2.3.4/sieve.apk)
## Tools
[Android - PentestBook](https://github.com/six2dez/pentest-book/blob/master/mobile/android.md)
[Awesome-Android-Security](https://github.com/saeidshirazi/awesome-android-security)
[android-security-awesome](https://github.com/ashishb/android-security-awesome)
## Resources
[OWASP top 10 2016](https://www.owasp.org/index.php/Mobile_Top_10_2016-Top_10)
[OWASP mobile testing guide](https://github.com/OWASP/owasp-mstg)
[Android Reversing 101](https://www.evilsocket.net/2017/04/27/Android-Applications-Reversing-101/#.WQND0G3TTOM.reddit)
[Detect secret leaks in Android apps online](https://android.fallible.co/)
[Android Security Guidelines](https://developer.box.com/docs/android-security-guidelines)
[Attacking vulnerable Broadcast Recievers](https://manifestsecurity.com/android-application-security-part-18/)
[Android Webview Vulnerabilities](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/)
[Android reverse engineering recon](https://b3nac.com/posts/2017-11-10-Setup-and-tips-for-Android-APK-recon.html)
[Webview addjavascriptinterface RCE](https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/)
[Install PLayStore On Android Emulator](https://medium.com/@dai_shi/installing-google-play-services-on-an-android-studio-emulator-fffceb2c28a1)
[Android Bug Bounty Tips](https://medium.com/bugbountyhunting/bug-bounty-hunting-tips-2-target-their-mobile-apps-android-edition-f88a9f383fcc)
[Android: Access to app protected components](https://blog.oversecured.com/Android-Access-to-app-protected-components/)
[Android: arbitrary code execution via third-party package contexts](https://blog.oversecured.com/Android-arbitrary-code-execution-via-third-party-package-contexts/)
[Interception of Android implicit intents](https://blog.oversecured.com/Interception-of-Android-implicit-intents/)
[Evernote: Universal-XSS, theft of all cookies from all sites, and more](https://blog.oversecured.com/Evernote-Universal-XSS-theft-of-all-cookies-from-all-sites-and-more/)
[Android: Gaining access to arbitrary* Content Providers](https://blog.oversecured.com/Gaining-access-to-arbitrary-Content-Providers/)