Code Execution via Java & Kotlin Deserialization in Android Application

Android Webview has multiple security configuration that may lead to security vulnerabilities. <br /> We'll take a deep dive into those webview configs, breakdown vulnerable configs and leverage semgrep to identify those pattern.

Content provider APIs are powerful way to expose data to internal or external apps within Android ecosystem. However, there are lot of ways these APIs are implemented with flaws that leads to serious data leakage and even Remote code execution.