Tag

android

Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.

Security

Introducing Ostorlab Security Testing Benchmarks: Real Vulnerabilities, Real Impact

The first open-source benchmark suite featuring 93 realistic vulnerable mobile apps that mirror a...

Mon 22 September 2025

Security

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android applicatio...

Sun 31 August 2025

Product

Know Your App's Data Habits: A Deep Dive into Our Comprehensive Privacy Analysis

Ostorlab's Privacy Scan automatically detects mismatches between what your app's privacy policy s...

Tue 27 May 2025

In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.

In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.

Latest posts

Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops

This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.

Thu 27 October 2022

UI call coverage release for dynamic security testing

Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.

Wed 01 September 2021

Ostorlab Nuggets in June issue 5

Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….

Thu 27 May 2021

Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB

This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.

Tue 18 May 2021

5 things every mobile security professional should know about WebViews

This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.

Tue 18 May 2021

Finding and Validating Hardcoded Keys and Secrets

Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.

Fri 30 October 2020

Ostorlab Insecure Application

This article describes the usage of Ostorlab Insecure Application.

Mon 14 October 2019


Previous
1 of 2