Android-Reports-and-Resources
Disclosure of all uploads via hardcoded api secret
https://hackerone.com/reports/351555
Sensitive information disclosure
https://hackerone.com/reports/401793
RCE in TinyCards for Android
https://hackerone.com/reports/281605 - TinyCards made this report private.
https://hackerone.com/reports/328486
Token leakage due to stolen files via unprotected Activity
https://hackerone.com/reports/288955
Steal files due to exported services
https://hackerone.com/reports/258460
Steal files due to unprotected exported Activity
https://hackerone.com/reports/161710
Steal files due to insecure data storage
https://hackerone.com/reports/44727
Insecure local data storage, makes it easy to steal files
https://hackerone.com/reports/57918
Golden techniques to bypass host validations
https://hackerone.com/reports/431002
Two-factor authentication bypass due to vuln endpoint
https://hackerone.com/reports/202425
Another endpoint Auth bypass
https://hackerone.com/reports/205000
HTML Injection in BatterySaveArticleRenderer WebView
https://hackerone.com/reports/176065
https://hackerone.com/reports/283058
XSS in ImageViewerActivity
https://hackerone.com/reports/283063
XSS via start ContentActivity
https://hackerone.com/reports/189793
https://hackerone.com/reports/87835
https://hackerone.com/reports/97295
Access of some not exported content providers
https://hackerone.com/reports/272044
Access protected components via intent
https://hackerone.com/reports/200427
https://hackerone.com/reports/43988
https://hackerone.com/reports/54631
Possible to intercept broadcasts about file uploads
https://hackerone.com/reports/167481
Vulnerable exported broadcast reciever
https://hackerone.com/reports/289000
View every network request response's information
https://hackerone.com/reports/56002
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
Damn Insecure and Vulnerable app
Damn Insecure and vulnerable App for Android
OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security
Sieve is a small Password Manager app created to showcase some of the common vulnerabilities found in Android applications.
OWASP top 10 2016
OWASP mobile testing guide
Android Reversing 101
Detect secret leaks in Android apps online
Android Security Guidelines
Attacking vulnerable Broadcast Recievers
Android Webview Vulnerabilities
Android reverse engineering recon
Webview addjavascriptinterface RCE
Install PLayStore On Android Emulator
Android Bug Bounty Tips