Complete Guide to Android App Security
Android BugBounty
By: mu6tx
A Complete Guide to Android App Security
A comprehensive repository containing all the useful information and links I’ve found throughout my journey with Android Bug Bounty. This project is under continuous development and will be updated regularly with new additions.
STATUS: ACTIVE DEVELOPMENT
BugBounty Programs
YesWeHack
Intigriti
HackerOne
Bugcrowd
Activities
Exploiting Android Components (Activities)
API Resources
Hacking the GraphQL API
Common GraphQL Vulnerabilities
Tartiflette-aiohttp
GraphQL with Golang
Tartiflette Engine for GraphQL
GraphQL Introspection
Common GraphQL Vulnerabilities
Top 5 GraphQL Vulnerabilities
Official GraphQL
Getting Started with Tartiflette
Authorization in GraphQL
31-Day API Security Tips
Video: API Security
Code Execution/RCE
From Android App to RCE
Critical Vulnerabilities in TikTok
OWASP Resources
OWASP Mobile Security Testing Guide
Deep Links (Deeplinks)
Deep Links Guide for Android Apps
Facebook Bug Bounty
ScanAndroidXML
File Upload
Facebook Code Execution Vulnerability
IDOR Vulnerabilities
IDOR Vulnerabilities Explained
Other Links
Mobile Penetration Testing
Android Network Traffic Capture
Android Security
Android App Security Testing
Android Exploitation
Android Reports and Resources
Android App Security
Android App Security (PDF)
TV Password Extraction
Android App Security Testing
Exploit-DB Research Papers
Great Android Security Resources
Facebook Android Backdoor Vulnerability
Learn Java
Android App Penetration Testing Checklist
Video: Android App Penetration Testing
Introduction to Android Penetration Testing
Introduction to Android Phone Penetration Testing
Google Play App Security Bounty
Mobile App Penetration Testing
Don’t Stop at One Vulnerability
Android Hacking Part 1
Android Hacking Part 3
Reverse Engineering
Bytecode Viewer
Drozer
Frida
Frida Codeshare
Frida Scripts
Frida Scripts for Android
Frida Snippets
Awesome Frida
Other Frida Snippets
r2frida Cheatsheet
Frida 101 for Android
Frida Code Snippets for Android
Video: Frida for Android
Exploring Native Functions with Frida
Android Hacking Tips and Tricks with Frida
Reverse Engineering the Nike App
Getting Started with Frida on Android
Hacking with Frida
FridaTrace API Monitor
Frida Fuzzer
Dex to Jar
JD-GUI
Objection Framework
Objection Mobile Exploration
Objection
Installing Objection
Radare2 Tutorial
A Journey to Radare2
Radar2 Basics
r2frida
Radar2 Book
r2frida Wiki
r2frida
Reports
Android Reports and Resources
SQL Injection
SQL Injection Report
SSL Pinning
Android Security – SSL Pinning
Webviews
Bypassing the CSP iframe sandbox
Attacks on Webviews
Hacking Android Phones with a JavaScript Link
Exploiting Webviews
XSS
UXSS in Webviews
Bypassing the CSP iframe sandbox
Instructions
These instructions are outdated and are no longer used:
adb -e shell ./frida-server -l 192.168.56.x:5556 frida://192.168.56.x:5556 r2 frida://192.168.56.x:5556/appname
Read the r2 frida help instead:
r2 “frida://?”
Last updated: August 2025
This project is under continuous development and will be updated regularly.
By: mu6tx
http://4ytkgrg4sn3ss4gpvzgiu4m7avfvpoa6on2ryabib6fqwoltxtaqqead.onion/
بسم الله الرحمن الرحيم
⚡️ضمن عملية “فجر الحرية”
نعلن عن اختراق موقع المنظمة اليهودية الإسرائيلية “Veahavta”
[×] https://veahavt.co.il/dca.php
#فجر_الحرية_السيبراني
#DCA_ردع_العدوان_السيبراني
#Arabian_Ghosts
#Anonymous_KSA
#LazaGrad_Hack
#Team1945
#Lulzsec_Black
#Cyber_Jund
#Mr_Hamza
#SYLHET_GANG_SG
#jokeir_07x
#فيلق_جند_الشام_المقاومة_السيبرانية
#وحدة_الظل_السيبرانية
#وحدة_الصقر
🩸🩸🅰️
