Discovering the hidden treasures in Mobile Apps

Oftentimes as a bug bounty hunter we get a variety of scope when we look at a bug bounty program, since in recent years most bug bounty programs include mobile assets as part of their scope the attack surface on mobile apps have significantly increased but very few people explore the security of the mobile app which is going above and beyond low level issues such as reporting API keys, leakage of information, misconfiguration or unprotected components in the APK.
In this talk we will focus on showcasing some of the most impactful scenarios and bug classes which can be found by focusing on core app issues which can help people to discover better bounties and help one grow as a hacker. We will focus on code analysis and how using it can be to find deeper issues which underlie the app. We will showcase how small issues can be chained to form a larger impact issue and using simple misconfigurations in android components such as Deep-links, Content-providers, Webviews , File-Providers etc. Come join us in the journey of exploring the hidden treasures of Mobile apps

Presentation Outline

1. Introduction to key terms
• Deeplinks, Content-providers, Webviews, File-providers
• Attack scenarios (Privacy breaches, Arbitrary code execution, Theft/Manipulate of sensitive files, Universal XSS, Javascript Injection, Access cookies etc).
2. Hunting vulnerabilities and chaining to maximize impact.
• Static analysis, system API/IPC(inter process communications) monitor.
• It will elaborate detailed code review to maximize impact with real scenario based examples.
3. Demo
• CVE-2022-30717/CVE-2022-23998 - Take a picture, record video, get location even in screen lock status without permission and user interaction.
• CVE-2022-28789: Record voice without user interaction and permission.