Convert Figma logo to code with AI

B3nac logoAndroid-Reports-and-Resources

A big list of Android Hackerone disclosed reports and other resources.

1,444
300
1,444
2

Top Related Projects

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

A collection of android security related resources

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Quick Overview

B3nac/Android-Reports-and-Resources is a comprehensive GitHub repository that serves as a curated collection of Android security resources, vulnerability reports, and tools. It aims to provide developers, security researchers, and enthusiasts with valuable information and resources to enhance Android application security.

Pros

  • Extensive collection of Android security resources in one place
  • Regularly updated with new vulnerability reports and tools
  • Includes both technical reports and beginner-friendly resources
  • Covers a wide range of Android security topics, from basic to advanced

Cons

  • May be overwhelming for beginners due to the large amount of information
  • Some links may become outdated over time
  • Lacks a structured learning path for newcomers to Android security
  • Limited original content, primarily aggregates external resources

Code Examples

This repository does not contain a code library, so code examples are not applicable.

Getting Started

As this is not a code library, there are no specific getting started instructions. However, users can benefit from the repository by:

  1. Browsing the README.md file for an overview of available resources
  2. Exploring the different sections based on their interests (e.g., vulnerability reports, tools, or learning resources)
  3. Clicking on relevant links to access external resources and tools
  4. Staying updated by watching the repository for new additions and updates

Competitor Comparisons

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).

Pros of owasp-mastg

  • Comprehensive guide covering mobile app security testing across platforms
  • Regularly updated with contributions from a large community
  • Includes detailed testing procedures and best practices

Cons of owasp-mastg

  • May be overwhelming for beginners due to its extensive content
  • Focuses on general mobile security, not specifically Android
  • Requires more time to navigate and find specific information

Code Comparison

While both repositories don't primarily focus on code samples, owasp-mastg does provide some examples for security testing. Here's a brief comparison:

owasp-mastg:

TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init((KeyStore) null);
TrustManager[] trustManagers = tmf.getTrustManagers();
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, null);

Android-Reports-and-Resources doesn't typically include code snippets, focusing more on vulnerability reports and resources.

Summary

owasp-mastg is a comprehensive guide for mobile app security testing, offering detailed procedures and best practices. It's regularly updated but may be overwhelming for beginners. Android-Reports-and-Resources is more focused on Android-specific vulnerabilities and reports, making it easier to navigate for Android developers. While owasp-mastg provides code examples for security testing, Android-Reports-and-Resources primarily offers vulnerability reports and resources without code snippets.

Android Vulnerability Test Suite - In the spirit of open data collection, and with the help of the community, let's take a pulse on the state of Android security. NowSecure presents an on-device app to test for recent device vulnerabilities.

Pros of android-vts

  • Provides an automated vulnerability testing suite for Android devices
  • Includes a user-friendly GUI for running tests and viewing results
  • Regularly updated with new vulnerability checks and exploits

Cons of android-vts

  • Focused solely on vulnerability testing, lacking broader Android security resources
  • May require more technical expertise to interpret and act on test results
  • Limited documentation on contributing to the project

Code Comparison

Android-Reports-and-Resources primarily consists of markdown files with curated lists and resources. It doesn't contain significant code samples for comparison.

android-vts, being a testing suite, contains more substantial code. Here's a snippet from its main activity:

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_main);
    toolbar = (Toolbar) findViewById(R.id.toolbar);
    setSupportActionBar(toolbar);
}

Summary

Android-Reports-and-Resources serves as a comprehensive collection of Android security resources, reports, and tools. It's an excellent reference for researchers and developers but lacks practical testing capabilities.

android-vts, on the other hand, is a hands-on tool for vulnerability testing on Android devices. It offers immediate, practical value for security testing but may not provide the breadth of information found in Android-Reports-and-Resources.

Both repositories complement each other, serving different aspects of Android security research and testing.

A collection of android security related resources

Pros of android-security-awesome

  • More comprehensive and extensive collection of resources
  • Better organized with clear categorization of tools, books, courses, etc.
  • Regularly updated with recent contributions

Cons of android-security-awesome

  • May be overwhelming for beginners due to the sheer volume of information
  • Less focused on specific vulnerability reports and real-world examples
  • Lacks detailed explanations or tutorials for using the listed tools

Code comparison

While both repositories primarily focus on curating lists of resources rather than providing code, Android-Reports-and-Resources includes some code snippets for specific vulnerabilities. For example:

Android-Reports-and-Resources:

if (Build.VERSION.SDK_INT >= 24) {
    try {
        Method m = StrictMode.class.getMethod("disableDeathOnFileUriExposure");
        m.invoke(null);
    } catch (Exception e) {
        e.printStackTrace();
    }
}

android-security-awesome doesn't typically include code snippets, focusing instead on linking to external resources.

Both repositories serve as valuable resources for Android security enthusiasts, with Android-Reports-and-Resources offering more specific vulnerability reports and examples, while android-security-awesome provides a broader, more comprehensive collection of tools and resources for Android security research and development.

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.

Pros of MobileApp-Pentest-Cheatsheet

  • Covers both Android and iOS platforms, providing a more comprehensive mobile app security resource
  • Includes detailed checklists for various testing categories, making it easier for pentesters to follow a structured approach
  • Offers a wider range of tools and techniques for mobile app security testing

Cons of MobileApp-Pentest-Cheatsheet

  • Less focused on Android-specific vulnerabilities compared to Android-Reports-and-Resources
  • May not provide as many real-world examples or case studies of Android vulnerabilities
  • Updates less frequently, potentially missing newer Android security issues

Code Comparison

While both repositories primarily focus on documentation and resources rather than code, Android-Reports-and-Resources includes some code snippets for vulnerability examples. MobileApp-Pentest-Cheatsheet doesn't typically include code samples. Here's an example from Android-Reports-and-Resources:

WebView webView = (WebView) findViewById(R.id.webview);
webView.getSettings().setJavaScriptEnabled(true);
webView.addJavascriptInterface(new WebAppInterface(this), "Android");

This code demonstrates a potential security issue with WebView JavaScript interfaces in Android apps.

Both repositories serve as valuable resources for mobile app security testing, with Android-Reports-and-Resources offering more Android-specific content and MobileApp-Pentest-Cheatsheet providing a broader overview of mobile app security across platforms.

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

Pros of Mobile-Security-Framework-MobSF

  • Comprehensive mobile app security testing framework for both Android and iOS
  • Automated static and dynamic analysis capabilities
  • Active development with frequent updates and community support

Cons of Mobile-Security-Framework-MobSF

  • More complex setup and configuration compared to Android-Reports-and-Resources
  • Requires more system resources to run effectively
  • Steeper learning curve for beginners in mobile security testing

Code Comparison

Mobile-Security-Framework-MobSF (Python):

def scan_file(app_path):
    # Perform static analysis
    static_analysis = StaticAnalyzer(app_path)
    static_results = static_analysis.analyze()
    
    # Perform dynamic analysis
    dynamic_analysis = DynamicAnalyzer(app_path)
    dynamic_results = dynamic_analysis.analyze()

Android-Reports-and-Resources (Markdown):

## Android Security Reports

- [Report 1: Vulnerability in XYZ App](link-to-report-1)
- [Report 2: Security Analysis of ABC App](link-to-report-2)

## Resources

- [Android Security Checklist](link-to-checklist)
- [Best Practices for Secure Android Development](link-to-best-practices)

The code comparison highlights the difference in focus between the two repositories. Mobile-Security-Framework-MobSF provides an actual testing framework with code for analysis, while Android-Reports-and-Resources is primarily a collection of reports and resources in markdown format.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Android-Reports-and-Resources

HackerOne Reports


Hardcoded credentials

Disclosure of all uploads via hardcoded api secret

https://hackerone.com/reports/351555


WebView

Android security checklist: WebView

https://blog.oversecured.com/Android-security-checklist-webview/

Insecure deeplinks

Account Takeover Via DeepLink

https://hackerone.com/reports/855618

Sensitive information disclosure

https://hackerone.com/reports/401793

RCE/ACE

Why dynamic code loading could be dangerous for your apps: a Google example

https://blog.oversecured.com/Why-dynamic-code-loading-could-be-dangerous-for-your-apps-a-Google-example/

RCE in TinyCards for Android

https://hackerone.com/reports/281605 - TinyCards made this report private.

Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC

https://hackerone.com/reports/971386

CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library

https://blog.oversecured.com/Oversecured-automatically-discovers-persistent-code-execution-in-the-Google-Play-Core-Library/ - Persistent arbitrary code execution in Android's Google Play Core Library: details, explanation and the PoC - CVE-2020-8913

TikTok: three persistent arbitrary code executions and one theft of arbitrary files

https://blog.oversecured.com/Oversecured-detects-dangerous-vulnerabilities-in-the-TikTok-Android-app/ - Oversecured detects dangerous vulnerabilities in the TikTok Android app


Memory corruption

Exploiting memory corruption vulnerabilities on Android

https://blog.oversecured.com/Exploiting-memory-corruption-vulnerabilities-on-Android/ - Exploiting memory corruption vulnerabilities on Android + an example of such vulnerability in PayPal apps


Cryptography

Use cryptography in mobile apps the right way

https://blog.oversecured.com/Use-cryptography-in-mobile-apps-the-right-way/


SQL Injection

SQL Injection in Content Provider

https://hackerone.com/reports/291764


Session theft

Steal user session

https://hackerone.com/reports/328486


Steal files

Android security checklist: theft of arbitrary files

https://blog.oversecured.com/Android-security-checklist-theft-of-arbitrary-files/

How to exploit insecure WebResourceResponse configurations + an example of the vulnerability in Amazon apps

https://blog.oversecured.com/Android-Exploring-vulnerabilities-in-WebResourceResponse/ - Android: Exploring vulnerabilities in WebResourceResponse

Vulnerable to local file steal, Javascript injection, Open redirect

https://hackerone.com/reports/499348

Token leakage due to stolen files via unprotected Activity

https://hackerone.com/reports/288955

Steal files due to exported services

https://hackerone.com/reports/258460

Steal files due to unprotected exported Activity

https://hackerone.com/reports/161710

Steal files due to insecure data storage

https://hackerone.com/reports/44727

Insecure local data storage, makes it easy to steal files

https://hackerone.com/reports/57918


Bypasses

Accidental $70k Google Pixel Lock Screen Bypass

https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/

Golden techniques to bypass host validations

https://hackerone.com/reports/431002

Two-factor authentication bypass due to vuln endpoint

https://hackerone.com/reports/202425

Another endpoint Auth bypass

https://hackerone.com/reports/205000

Bypass PIN/Fingerprint lock

https://hackerone.com/reports/331489

Bypass lock protection

https://hackerone.com/reports/490946

Bypass of biometrics security functionality

https://hackerone.com/reports/637194


XSS

HTML Injection in BatterySaveArticleRenderer WebView

https://hackerone.com/reports/176065

XSS via SAMLAuthActivity

https://hackerone.com/reports/283058

XSS in ImageViewerActivity

https://hackerone.com/reports/283063

XSS via start ContentActivity

https://hackerone.com/reports/189793

XSS on Owncloud webview

https://hackerone.com/reports/87835


Privilege Escalation

20 Security Issues Found in Xiaomi Devices

https://blog.oversecured.com/20-Security-Issues-Found-in-Xiaomi-Devices/

Discovering vendor-specific vulnerabilities in Android

https://blog.oversecured.com/Discovering-vendor-specific-vulnerabilities-in-Android/

Common mistakes when using permissions in Android

https://blog.oversecured.com/Common-mistakes-when-using-permissions-in-Android/

Two weeks of securing Samsung devices: Part 2

https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-2/

Two weeks of securing Samsung devices: Part 1

https://blog.oversecured.com/Two-weeks-of-securing-Samsung-devices-Part-1/

Intent Spoofing

https://hackerone.com/reports/97295

Access of some not exported content providers

https://hackerone.com/reports/272044

Access protected components via intent

https://hackerone.com/reports/200427

Fragment injection

https://hackerone.com/reports/43988

Javascript injection

https://hackerone.com/reports/54631


CSRF

Deeplink leads to CSRF in follow action

https://hackerone.com/reports/583987


Case sensitive account collisions

overwrite account associated with email via android application

https://hackerone.com/reports/187714


Intercept Broadcasts

Possible to intercept broadcasts about file uploads

https://hackerone.com/reports/167481

Vulnerable exported broadcast reciever

https://hackerone.com/reports/289000

View every network request response's information

https://hackerone.com/reports/56002


Practice Apps

Oversecured Vulnerable Android App

A vulnerable app showing modern security bugs in Android apps

Damn Vulnerable Bank

Vulnerable Banking Application for Android

InsecureShop

Intentionally Vulnerable Android Application

Vuldroid

Vulnerable Android Application made with security issues

InjuredAndroid

A vulnerable Android application with ctf examples based on bug bounty findings, exploitation concepts, and pure creativity.

Android-InsecureBankv2

Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities

Damn Insecure and Vulnerable app

Damn Insecure and vulnerable App for Android

OWASP-GoatDroid-Project

OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security

Sieve mwrlabs

Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.

Tools

Android - PentestBook

Awesome-Android-Security

android-security-awesome

Resources

OWASP top 10 2016

OWASP mobile testing guide

Android Reversing 101

Detect secret leaks in Android apps online

Android Security Guidelines

Attacking vulnerable Broadcast Recievers

Android Webview Vulnerabilities

Android reverse engineering recon

Webview addjavascriptinterface RCE

Install PLayStore On Android Emulator

Android Bug Bounty Tips

Android: Access to app protected components

Android: arbitrary code execution via third-party package contexts

Interception of Android implicit intents

Evernote: Universal-XSS, theft of all cookies from all sites, and more

Android: Gaining access to arbitrary* Content Providers