Secrets of the Bug Bounty of Android applications

Sergey Toshin tells us how he became one of the best Android bug hunters and how he discovered critical vulnerabilities. It also shows us a really interesting vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector existed!

Start Android bug hunting here! Google app analysis results: https://bughunters.google.com/report/targets/290590452

Google Mobile sales representative: https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules
Oversecure blog: https://blog.oversecured.com/
Verify the output of the tools: https://bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools

More Bug Bounty videos: https://www.youtube.com/playlist?listPLhixgUqwRTjxKYsPTegCyL5adZaq5eILt
More mobile security: https://www.youtube.com/playlist?listPLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT

Chapters:
00:00 – Introduction
00:57 – Meet Sergey Toshin (over-secure)
02:51 – How oversecurity started
04:42 – Check the tool output!
07:17 – First look at the vulnerability
09:58 – 1. Explained: Android intentions
11:25 a.m. – 2. Explained: content providers
12:51 – 3. Explained: app permissions
13:34 – Walkthrough for mining
4:17 p.m. – Proof of concept and report
5:15 p.m. – Android VRP Rewards
6:32 p.m. – Start checking for bugs in Google Apps!

[️Support]

by video: https://www.patreon.com/join/liveoverflow
per month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

[Social]

Twitter: https://twitter.com/LiveOverflow/
Instagram: https://instagram.com/LiveOverflow/
Blog: https://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
Facebook: https://www.facebook.com/LiveOverflow/

Please take the opportunity to connect and share this video with your friends and family if you find it useful.