Articles by


Ostorlab has open-sourced two Flutter applications, designed to be intentionally insecure for testing and educational purposes. The apps, one native to iOS and the other a Java/C++/Flutter app, highlight a variety of common mobile app vulnerabilities. Available under the Apache-2.0 license, they serve as practical resources for understanding Flutter security.


zCamera, 100M+ installation app, from remote compromise to data leaks

This article is a technical deep dive, showing how a 100M+ installation image application can expose its user’s images and suffer from remotely exploitable vulnerabilities ranging from SQL injection and intent redirect to arbitrary file download.

Tue 04 July 2023


AI-powered recommendations and fixes, Improved Flutter Detection, and much more

The new release brings a new AI Engine for improved recommendations, powerful new additions to Flutter detection and much more.

Mon 26 June 2023