Explore common Android app vulnerabilities in this 54-minute conference talk by Sebastian Porst from Bugcrowd's LevelUp 0x05 event. Gain insights into vulnerabilities frequently discovered by security researchers in top Google Play apps, learn detection techniques, and understand remediation strategies. Drawing from experience with Google Play's Security Rewards Program, delve into topics such as insecure connections, cryptography and authentication issues, embedded third-party secrets, private file access, ZIP file traversal vulnerabilities, unprotected app components, intent redirection, URL verification flaws, and incorrect sandboxing of scripting languages. Access accompanying slides and additional Bugcrowd University resources to enhance your understanding of Android app security.
Overview
Syllabus
Intro
Talk structure
Google Play Protect programs to help developers
Websites to help developers
Insecure connections
Use of insecure network protocols
Cryptography and authentication
Embedded third-party secrets
Private file access
Private date overwrite due to ZIP file traversal
Unprotected app parts
Intent redirection
Incorrect URL verification
Incorrect sandboxing of scripting language
Taught by
Bugcrowd
