Mobile Security → Android
Your phone draws dozens of windows onto one sheet of glass — and a single permission lets one app paint on top of all the others. …
A deep link is a URL that opens a specific screen inside an app, and any app can register to handle one. Custom-scheme links (myap…
Android apps message each other with Intents, and components marked "exported" are doors any app can knock on. The trouble starts …
A WebView is a browser the app embeds and bridges into its own code — and that bridge is where it goes wrong. addJavascriptInterfa…
Most mobile findings are not clever — they are an app writing a session token, a password, or a card number to disk in cleartext a…
Android is a stack of deliberate trade-offs sitting on a Linux kernel: a register-based runtime (ART) that turns your .dex into na…