Finding Sensitive Data in Android Apps
In this presentation, Nerdwell reviews common developer assumptions about mobile application security and explores ways in which these assumptions can be invalidated. We begin with a review of some new tools that streamline the bug bounty hunter’s Android hacking workflow. After that, we present tools and techniques for accessing, identifying, and extracting sensitive data from Android apps’ internal storage. Then we wrap up with a discussion of how to maximize the security impact of our findings for impactful bug bounty reports.
About the Author
Nerdwell is a systems and security engineer with a passion for bug bounty and vulnerability research. He currently works in critical infrastructure protection and has experience supporting technology in a variety of industries, ranging from manufacturing to healthcare. With over 20 years’ experiences, Nerdwell understands firsthand the challenges of building and supporting complex technology solutions securely. In addition to finding bugs and performing security research, Nerdwell enjoys networking and sharing knowledge with fellow hackers.
More resources
Get Started with Bugcrowd
Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.