Oversecured found and resolved significant mobile security vulnerabilities in Xiaomi devices. Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users. The vulnerabilities

Table of contents: Introduction Maven philosophy Method of attacks Verifying the theory Attack vectors for different project types Existing defenses Problems in implementing defenses against dependency hijacking Total number of vulnerable dependencies Vulnerable

After spending two weeks looking for security bugs in the pre-installed apps on Samsung devices, we were able to find multiple dangerous vulnerabilities. In this blog, we will be going over them.

Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution.

Oversecured Apps Care At Oversecured, our core mission is to make the Internet safer for everyone.

Android security checklist: Content Providers

For several years, Oversecured has been the best way to discover vulnerabilities in Android and iOS mobile apps. We are always carrying out research and improving the quality of our detection. In the

Developers for Android do a lot of work with files and exchange them with other apps, for example, to get photos, images, or user data. Developers often make typical mistakes that allow an

At Oversecured, we scan thousands of apps every month. We observe that some vulnerabilities now come up much less frequently than they did a few years ago. But the same cannot be said

WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential

When an Android app needs access to sensitive resources on the device, the app developers make use of the permissions model. While the model can be quite simple to use, developers often make

As mentioned in the first part of this series, Oversecured spent two weeks finding security bugs in Samsung’s built-in apps. In this part, we will go over bugs that could have allowed an

Almost every Android app dynamically loads code from native .so libraries or .dex files. There are also some special libraries like Google Play Core to simplify this process.

When it comes to vulnerabilities in WebViews, we often overlook the incorrect implementation of WebResourceResponse which is a WebView class that allows an Android app to emulate the server by returning a response

In today’s blog, we’ll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we’ll show how we found such a vulnerability in PayPal

Do you want to check your mobile apps for such types of vulnerabilities? Oversecured mobile apps scanner provides an automatic solution that helps to detect vulnerabilities in Android and iOS mobile apps. You

Oversecured found dangerous vulnerabilities in the Evernote app for Android, which could have allowed access to user accounts to be intercepted by a hostile app installed on the same device. Some time ago,

All intents on Android are divided into two big categories: explicit and implicit. Explicit intents have a set receiver (the name of an app package and the class name of a handler component)

The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the

This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many developers make use of

There are apps for Android that have the ability to add extra functionality by using external modules. Some load native libraries or third-party dex or app files, but in this article we will