Secrets of an Android App Bug Hunter

Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn t know this crazy attack vector exists Start Android Bug Hunting Here Google App Scan Results: Google Mobile VRP: Oversecured Blog: Verify the output of tools: Chapters: 00:00 Intro 00:57 Meet Sergey Toshin (Oversecured) 02:51 How Oversecured Started 04:42 Verify The Output of Tools 07:17 First Look at Vulnerability 09:58 1. Explained: Android Intents 11:25 2. Explained: Content Providers 12:51 3. Explained: App Permissions 13:34 Exploit Walkthrough 16:17 Proof of Concept and Report 17:15 Android VRP Rewards 18:32 Start Hunting for Bugs in Google Apps Support per Video: per Month: Social Twitter: Instagram: Blog: Subreddit: Facebook: