Latest Article 20 Security Issues Found in Xiaomi Devices Oversecured found and resolved significant mobile security vulnerabilities in Xiaomi devices. Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users. The vulnerabilities
Top Article Introducing MavenGate: a supply chain attack method for Java and Android applications Table of contents: Introduction Maven philosophy Method of attacks Verifying the theory Attack vectors for different project types Existing defenses Problems in implementing defenses against dependency hijacking Total number of vulnerable dependencies Vulnerable
Top Article Two weeks of securing Samsung devices: Part 1 After spending two weeks looking for security bugs in the pre-installed apps on Samsung devices, we were able to find multiple dangerous vulnerabilities. In this blog, we will be going over them.
Top Article Oversecured detects dangerous vulnerabilities in the TikTok Android app Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution.
Oversecured Apps Care. Part 1: Vulnerability disclosure of 225 Google apps Oversecured Apps Care At Oversecured, our core mission is to make the Internet safer for everyone.
Content Providers and the potential weak spots they can have Android security checklist: Content Providers
Discovering vendor-specific vulnerabilities in Android For several years, Oversecured has been the best way to discover vulnerabilities in Android and iOS mobile apps. We are always carrying out research and improving the quality of our detection. In the
Android security checklist: theft of arbitrary files Developers for Android do a lot of work with files and exchange them with other apps, for example, to get photos, images, or user data. Developers often make typical mistakes that allow an
Use cryptography in mobile apps the right way At Oversecured, we scan thousands of apps every month. We observe that some vulnerabilities now come up much less frequently than they did a few years ago. But the same cannot be said
Android security checklist: WebView WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential
Common mistakes when using permissions in Android When an Android app needs access to sensitive resources on the device, the app developers make use of the permissions model. While the model can be quite simple to use, developers often make
Two weeks of securing Samsung devices: Part 2 As mentioned in the first part of this series, Oversecured spent two weeks finding security bugs in Samsung’s built-in apps. In this part, we will go over bugs that could have allowed an
Why dynamic code loading could be dangerous for your apps: a Google example Almost every Android app dynamically loads code from native .so libraries or .dex files. There are also some special libraries like Google Play Core to simplify this process.
Android: Exploring vulnerabilities in WebResourceResponse When it comes to vulnerabilities in WebViews, we often overlook the incorrect implementation of WebResourceResponse which is a WebView class that allows an Android app to emulate the server by returning a response
Exploiting memory corruption vulnerabilities on Android In today’s blog, we’ll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we’ll show how we found such a vulnerability in PayPal
Gaining access to arbitrary* Content Providers Do you want to check your mobile apps for such types of vulnerabilities? Oversecured mobile apps scanner provides an automatic solution that helps to detect vulnerabilities in Android and iOS mobile apps. You
Evernote: Universal-XSS, theft of all cookies from all sites, and more Oversecured found dangerous vulnerabilities in the Evernote app for Android, which could have allowed access to user accounts to be intercepted by a hostile app installed on the same device. Some time ago,
Interception of Android implicit intents All intents on Android are divided into two big categories: explicit and implicit. Explicit intents have a set receiver (the name of an app package and the class name of a handler component)
Oversecured automatically discovers persistent code execution in the Google Play Core Library The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the
Android: Access to app protected components This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many developers make use of
Android: arbitrary code execution via third-party package contexts There are apps for Android that have the ability to add extra functionality by using external modules. Some load native libraries or third-party dex or app files, but in this article we will