Getting Started? » Buy me a coffee » Wanna Talk?
🚀 Android Security Notes? » Here, You will find important concepts, resources, hand-crafted and self-curated notes written by a kind-hearted fellow. The main purpose of this project is to serve as a First-Aid to newbies (like me) and intermediate peep who perform android security.
🤝 Wanna contribute? » If you see something wrong or incorrectly interpreted then open an issue or send a pull request. We appreciate your contribution and all suggestions/PRs are welcome. You can also ping me on twitter@iamsarvagyaa.
📜 Things to be done! » I started this project from scratch. Steadily, I will update more resources and notes that I've found useful while learning Android Security. The upcoming lineup for this project ...
- I will add more resources
- Add conference papers, notes and more
- Write more blogposts related to android security ...
- Getting Started
- HackerOne Reports
- BugBounty Writeups
- CTF Challenge Writeups
- Healthy Digests
- Vulnerable Applications
↑ Getting Started
- Diving in Android Security
- Android Security - Understanding Android Basics
- Android Pentesting Lab Setup
- Getting started with Frida on Android Apps
- Android Penetration Testing: Apk Reverse Engineering
- Android Penetration Testing: APK Reversing (Part 2)
↑ HackerOne Reports
- Account hijacking possible through ADB backup feature :: #12617
- Twitter android app Fragment Injection :: #43988
- Bypass Setup by External Activity Invoke :: #55064
- Webview Vulnerablity in OwnCloud apk :: #87835
- No permission set on Activities [Android App] :: #145402
- Flaw in login with twitter to steal Oauth tokens :: #44492
- Authentication Failed Mobile version :: #55530
- Multiple Stored XSS on Sanbox.veris.in through Veris Frontdesk Android App :: #121275
- Coinbase Android Security Vulnerabilities :: #5786
- Insecure Data Storage in Vine Android App :: #44727
- Sending payments via QR code does not require confirmation :: #126784
- Bypass pin(4 digit passcode on your android app) :: #50884
- REG: Content provider information leakage :: #146179
- Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content :: #56002
- HTML/XSS rendered in Android App of Crashlytics through fabric.io :: #41856
- ByPassing the email Validation Email on Sign up process in mobile apps :: #57764
- Insecure Local Data Storage : Application stores data using a binary sqlite database :: #57918
- Vulnerable to JavaScript injection. (WXS) (Javascript injection)! :: #54631
- Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code :: #5314
- Reflected XSS in Zomato Mobile - category parameter :: #230119
↑ BugBounty Writeups
- Brave — Stealing your cookies remotely
- Hack crypto secrets from heap memory to exploit Android application
- Guest Blog Post: Firefox for Android LAN-Based Intent Triggering
↑ CTF Challenge Writeups
- Good old friend - THCon 2021 - by cryptax
- draw.per - THCon 2021 - by cryptax
- Water Color - S4CTF 2021 - by 1gn1te
- Memedrive - RITSEC CTF 2021 - by klefz
- ezpz - darkCON CTF - by karma9874
- Fire in the Androiddd - darkCON CTF - by karma9874
- MobaDEX - HackTM CTF Finals 2020 - by umutoztunc
- hehe - PhantomCTF 3.0 - by FrigidSec
- Vault 101 - Hackers Playground 2020 - by saketupadhyay
- android - Google Capture The Flag 2020 - by luker983
- android - Google Capture The Flag 2020 - by s3np41k1r1t0
- android - Google Capture The Flag 2020 - by TFNS
↑ Healthy Digests
- Let's Reverse Engineer an Android App! - Well written blogpost by M.Yasoob Ullah Khalid, which explains how APK reverse engineering generally works.
- Reverse Engineering Nike Run Club Android App Using Frida - In this blogpost M.Yasoob Ullah Khalid, tell about How we can reverse an android application using Frida.
- Android Application Security Series - Well structured, Android Application Security Series. Start learning from this healthy digest. In this series Aditya covered OWASP MOBILE TOP 10 vulnerabilities in detailed form.
- Android App Reverse Engineering 101 - Wanna learn reverse engineering of Android Applications? If yes, then dive into this course. I learned a lot from this, huge thanks to maddiestone.
↑ Vulnerable Applications
- hpAndro - One of the nice vulnerable android application to practice. Plenty of challenges are there, and most of the challenges are beginner friendly. I recommend everyone to checkout this vulnerable application. This challenge is maintained by hpandro1337, you can also checkout his YouTube Channel : Android AppSec.
- InjuredAndroid - A vulnerable android application ctf examples based on bug bounty findings, exploitation concepts, and pure creativity. Created and maintained by B3nac.
- Oversecured Vulnerable Android App - an Android app that aggregates all the platform's known and popular security vulnerabilities. Plenty of vulnerabilities are there to practice our Security skills. Vulnerable Lab maintained by Bagipro.
- LinkedIn : iamsarvagyaa
- Twitter : iamsarvagyaa
- Instagram : iamsarvagyaa
- Keybase : iamsarvagyaa
- E-mail : iamsarvagyaa@gmail.com
📣 If you enjoyed this project and wanna appreciate me, Buy me a cup of coffee. You can also help via sharing this project among the community to help it grow. You may support me on Buy me a coffee, monetary contributions are always welcome. If you wish to sponsor this project, ping me - iamsarvagyaa[at]gmail.com