Exploiting Android WebView Vulnerabilities

In this blog, we are going to discuss Android WebView vulnerabilities.  What is a WebView?   The WebView class, which is an extension of the View class in Android, can be used to show a web page as part of your activity layout. It doesn’t have navigation buttons or an address bar, which are two important...

Exploiting Broadcast Receivers

What are Broadcast Receivers?  A broadcast receiver is a component in Android applications that allows the system to send events to applications that are not part of the standard user stream. Broadcast receivers are set up to receive specific events. When the event occurs, the receiver is called, and tasks such as displaying a message...

Exploiting Content Providers

In the previous blog, we described the Drozer tool; in this blog, we are going to discuss Content Providers.  What are Content Providers? Content Providers are a crucial component of a relational database because they enable the storage of application data. In the Android system, the role of a content provider is similar to that...

Android Pentesting with Drozer

In this blog, we are going to discuss the Drozer tool for pen-testing Android applications.  What is Drozer?  The Android evaluation tool, Drozer, was introduced in March 2012 at Blackhat EU under the name Mercury. Its primary goal was to dissuade the prerequisite of building specialized apps merely for the purpose of testing a specific...

Sensitive Data Exposure in Local Storage iOS

In this blog, we are going to demonstrate how to examine and detect potential security risks in an iOS application based on a Local Data storage evaluation. So, Let’s get this party started. The following are some ways of storing data on a device: Property List files CoreData and SQLite databases NSUserDefaults Stores Insecure Data...

iOS Architecture

All Apple mobile devices, including the iPhone, iPad, and iPod, run on iOS, a platform jointly developed with the Darwin foundation.  With iOS, the hardware device is managed and the technology needed to create applications for the platform is provided, unlike other significant operating systems.  A few commonly used system apps are included as part...

Bypass SSL pinning on iOS Application

In this blog we are going to bypass SSL pinning on iOS devices, and test it on a vulnerable application aka DVIA V2. One of the most important aspects of the whole design and development process for mobile apps has always been security. This alone has the power to create or ruin an app empire’s...

Android Tapjacking Vulnerability

In this blog, we are going to talk about Tapjacking and how it operates. In addition to that, we are going to learn about free-floating windows.  The Android operating system is based on the Linux operating system and was designed with great aspirations. Android is typically seen to be at least as secure as a...

iOS Jailbreaking

In this blog, we are going to discuss jailbreaking, its advantages and disadvantages, as well as types and the steps for carrying out a successful jailbreak.  The technique of circumventing a smart device’s internal defenses to get total control of the operating system is known as rooting or jailbreaking, but it puts the device’s security...

Broken Cryptography in Android Applications

In this blog we are going to discuss Broken Cryptography in Android applications. When application developers wish to use encryption in their apps, they have to be aware of broken cryptography attacks. This blog discusses how vulnerabilities caused by faulty encryption might be introduced into Android apps. We’ll also look at some of the ways...