Android App Bug Bounty Secrets

Sergey Toshin tells us the story of how he became a top Android bug hunter and how he finds critical vulnerabilities. He also shows us a really cool vulnerability found in the Google Android Snapseed app. I didn't know this crazy attack vector exists! Start Android Bug Hunting Here! Google App Scan Results: https://bughunters.google.com/report/targets/290590452 Google Mobile VRP: https://bughunters.google.com/about/rules/6618732618186752/google-mobile-vulnerability-reward-program-rules Oversecured Blog: https://blog.oversecured.com/ Verify the output of tools: https://bughunters.google.com/learn/improving-your-reports/avoiding-mistakes/5981856648134656/verify-the-output-of-the-tools More Bug Bounty Videos: https://www.youtube.com/playlist?list=PLhixgUqwRTjxKYsPTegCyL5adZaq5eILt More Mobile Security: https://www.youtube.com/playlist?list=PLhixgUqwRTjxHFDl0OykeqZ-VvnClfDpT Chapters: 00:00 - Intro 00:57 - Meet Sergey Toshin (Oversecured) 02:51 - How Oversecured Started 04:42 - Verify The Output of Tools! 07:17 - First Look at Vulnerability 09:58 - 1. Explained: Android Intents 11:25 - 2. Explained: Content Providers 12:51 - 3. Explained: App Permissions 13:34 - Exploit Walkthrough 16:17 - Proof of Concept and Report 17:15 - Android VRP Rewards 18:32 - Start Hunting for Bugs in Google Apps! =[ ❤️ Support ]= → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join =[ 🐕 Social ]= → Twitter: https://twitter.com/LiveOverflow/ → Instagram: https://instagram.com/LiveOverflow/ → Blog: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/