📰Bug Bounty Reports

Category	Title	Link	Notes
Hardcoded credentials	Disclosure of all uploads via hardcoded api secret	HackerOne Report	-
WebView	Android security checklist: WebView	Blog Post	-
Insecure deeplinks	Account Takeover Via DeepLink	HackerOne Report	-
	Sensitive information disclosure	HackerOne Report	-
RCE/ACE	Why dynamic code loading could be dangerous for your apps: a Google example	Blog Post	-
	RCE in TinyCards for Android	HackerOne Report	TinyCards made this report private
	Persistent arbitrary code execution in Android's Google Play Core Library	HackerOne Report	Details, explanation and the PoC
	CVE-2020-8913: Persistent arbitrary code execution in Google Play Core library	Blog Post	CVE-2020-8913
	TikTok: three persistent arbitrary code executions and one theft of arbitrary files	Blog Post	Oversecured detects dangerous vulnerabilities in TikTok
Memory corruption	Exploiting memory corruption vulnerabilities on Android	Blog Post	Includes PayPal example
Cryptography	Use cryptography in mobile apps the right way	Blog Post	-
SQL Injection	SQL Injection in Content Provider	HackerOne Report	-
	Another SQL Injection in Content Provider	HackerOne Report	-
Session theft	Steal user session	HackerOne Report	-
Steal files	Android security checklist: theft of arbitrary files	Blog Post	-
	How to exploit insecure WebResourceResponse configurations	Blog Post	Includes Amazon apps example
	Vulnerable to local file steal, Javascript injection, Open redirect	HackerOne Report	-
	Token leakage due to stolen files via unprotected Activity	HackerOne Report	-
	Steal files due to exported services	HackerOne Report	-
	Steal files due to unprotected exported Activity	HackerOne Report	-
	Steal files due to insecure data storage	HackerOne Report	-
	Insecure local data storage, makes it easy to steal files	HackerOne Report	-
Bypasses	Accidental $70k Google Pixel Lock Screen Bypass	Blog Post	-
	Golden techniques to bypass host validations	HackerOne Report	-
	Two-factor authentication bypass due to vuln endpoint	HackerOne Report	-
	Another endpoint Auth bypass	HackerOne Report	-
	Bypass PIN/Fingerprint lock	HackerOne Report	-
	Bypass lock protection	HackerOne Report	-
	Bypass of biometrics security functionality	HackerOne Report	-
XSS	HTML Injection in BatterySaveArticleRenderer WebView	HackerOne Report	-
	XSS via SAMLAuthActivity	HackerOne Report	-
	XSS in ImageViewerActivity	HackerOne Report	-
	XSS via start ContentActivity	HackerOne Report	-
	XSS on Owncloud webview	HackerOne Report	-
Privilege Escalation	20 Security Issues Found in Xiaomi Devices	Blog Post	-
	Discovering vendor-specific vulnerabilities in Android	Blog Post	-
	Common mistakes when using permissions in Android	Blog Post	-
	Two weeks of securing Samsung devices: Part 2	Blog Post	-
	Two weeks of securing Samsung devices: Part 1	Blog Post	-
	Intent Spoofing	HackerOne Report	-
	Access of some not exported content providers	HackerOne Report	-
	Access protected components via intent	HackerOne Report	-
	Fragment injection	HackerOne Report	-
	Javascript injection	HackerOne Report	-
CSRF	Deeplink leads to CSRF in follow action	HackerOne Report	-
Case sensitive account collisions	overwrite account associated with email via android application	HackerOne Report	-
Intercept Broadcasts	Possible to intercept broadcasts about file uploads	HackerOne Report	-
	Vulnerable exported broadcast reciever	HackerOne Report	-
	View every network request response's information	HackerOne Report	-
Critical LFI vulnerability in Content Provider	Content Provider Local File Inclusion	POC Video	-