This is the second in a series of articles that looks at hacking & securing this app:

Hacking

Let’s look at two very similar vulnerabilities; if we have a little look in AndroidManifest.

<activity android:name=".WebViewActivity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />…

This is the first in a series of articles, we’re going to look at how to hack and then secure this app:

Attacking

The first challenge is getting through the login screen:

So let’s have a look in the code that’s to do with the login screen. We can see this:

Using safe to run to secure your Android apps from URL vulnerabilities

For full documentation on safe to run URL validation:

https://safetorun.github.io/safe_to_run/docs/verifyurls

Risks & Mitigations

The risk from URLs are often subtle and hard to conclusively solve — the risks are prevalent any time that web connections or web pages are loaded from a source outside of your control. Let’s look at a few examples

Javascript bridges

What, why and how?

What?

Emulator detection is the ability to tell when your application is running on an emulator rather than a real device, but why would you want to do this?

Why?

Reverse engineers, pentesters and hackers tend to like running your app on an emulator can be make it far easier reveal what…

Introducing the first release of safe to run — a library to help protect your application

If you’re just after the link:

Health warning

No library or app can guarantee not running on a rooted phone because of the nature of rooted phones, and any tamper detection could be removed or changed in reality — this app should work with most attackers, and make it hard enough to…

The first flutter byteconf started today with three workshops. Here’s what I learnt

I was excited about ByteConf flutter for a while, and the first three workshops had some great bits in it. I’ve been working on professional flutter projects for just over a year now, but the pace of change in Flutter land and the project deadlines means a lot of things…

Daniel Llewellyn

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store