Android-Reports-and-Resources
HackerOne Reports
Hardcoded credentials
Disclosure of all uploads via hardcoded api secret
https://hackerone.com/reports/351555
Insecure deeplinks
Sensitive information disclosure
https://hackerone.com/reports/401793
RCE
RCE in TinyCards for Android
https://hackerone.com/reports/281605 - TinyCards made this report private.
SQL Injection
SQL Injection in Content Provider
https://hackerone.com/reports/291764
Session theft
Steal user session
https://hackerone.com/reports/328486
Steal files
Vulnerable to local file steal, Javascript injection, Open redirect
https://hackerone.com/reports/499348
Token leakage due to stolen files via unprotected Activity
https://hackerone.com/reports/288955
Steal files due to exported services
https://hackerone.com/reports/258460
Steal files due to unprotected exported Activity
https://hackerone.com/reports/161710
Steal files due to insecure data storage
https://hackerone.com/reports/44727
Insecure local data storage, makes it easy to steal files
https://hackerone.com/reports/57918
Bypasses
Golden techniques to bypass host validations
https://hackerone.com/reports/431002
Two-factor authentication bypass due to vuln endpoint
https://hackerone.com/reports/202425
Another endpoint Auth bypass
https://hackerone.com/reports/205000
Bypass PIN/Fingerprint lock
https://hackerone.com/reports/331489
Bypass lock protection
https://hackerone.com/reports/490946
Bypass of biometrics security functionality
https://hackerone.com/reports/637194
XSS
HTML Injection in BatterySaveArticleRenderer WebView
https://hackerone.com/reports/176065
XSS via SAMLAuthActivity
https://hackerone.com/reports/283058
XSS in ImageViewerActivity
https://hackerone.com/reports/283063
XSS via start ContentActivity
https://hackerone.com/reports/189793
XSS on Owncloud webview
https://hackerone.com/reports/87835
Privilege Escalation
Intent Spoofing
https://hackerone.com/reports/97295
Access of some not exported content providers
https://hackerone.com/reports/272044
Access protected components via intent
https://hackerone.com/reports/200427
Fragment injection
https://hackerone.com/reports/43988
Javascript injection
https://hackerone.com/reports/54631
CSRF
Deeplink leads to CSRF in follow action
https://hackerone.com/reports/583987
Case sensitive account collisions
overwrite account associated with email via android application
https://hackerone.com/reports/187714
Intercept Broadcasts
Possible to intercept broadcasts about file uploads
https://hackerone.com/reports/167481
Vulnerable exported broadcast reciever
https://hackerone.com/reports/289000
View every network request response's information
https://hackerone.com/reports/56002
Practice Apps
InjuredAndroid
Android-InsecureBankv2
Damn Insecure and Vulnerable app
Damn Insecure and vulnerable App for Android
OWASP-GoatDroid-Project
Sieve mwrlabs
Resources
Detect secret leaks in Android apps online
Attacking vulnerable Broadcast Recievers
Android Webview Vulnerabilities
Android reverse engineering recon
Webview addjavascriptinterface RCE