Android App Bug Bounty Secrets

Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists!

Start Android Bug Hunting Here! Google App Scan Results: https://bughunters.google.com/report/...

Google Mobile VRP: https://bughunters.google.com/about/r...
Oversecured Blog: https://blog.oversecured.com/
Verify the output of tools: https://bughunters.google.com/learn/i...

More Bug Bounty Videos:    • Bug Bounty  
More Mobile Security:    • Mobile Security  

Chapters:
00:00 - Intro
00:57 - Meet Sergey Toshin (Oversecured)
02:51 - How Oversecured Started
04:42 - Verify The Output of Tools!
07:17 - First Look at Vulnerability
09:58 - 1. Explained: Android Intents
11:25 - 2. Explained: Content Providers
12:51 - 3. Explained: App Permissions
13:34 - Exploit Walkthrough
16:17 - Proof of Concept and Report
17:15 - Android VRP Rewards
18:32 - Start Hunting for Bugs in Google Apps!

=[ ❤️ Support ]=

→ per Video:   / liveoverflow  
→ per Month:    / @liveoverflow  

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow  
→ Instagram:   / liveoverflow  
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow  
→ Facebook:   / liveoverflow