android
AI-Powered Pentesting: A Deep Dive into Android Intent Redirection
This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.
Sun 31 August 2025
Know Your App's Data Habits: A Deep Dive into Our Comprehensive Privacy Analysis
Ostorlab's Privacy Scan automatically detects mismatches between what your app's privacy policy s...
Tue 27 May 2025
Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter
In this Article, we define a secure implementation of mobile biometric authentication and provide...
Tue 20 June 2023
GodFather Android Malware Analysis
In This article, we analyze the GodFather Android malware, which continues to appear in various f...
Fri 14 April 2023
Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops
This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.
UI call coverage release for dynamic security testing
Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.
Latest posts
Ostorlab Nuggets in June issue 5
Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….
Thu 27 May 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.
Tue 18 May 2021
5 things every mobile security professional should know about WebViews
This article is about WebViews and the security notions we need to have in mind when using these component in both Android and iOS.
Tue 18 May 2021
Finding and Validating Hardcoded Keys and Secrets
Hardcoded secrets are easy to find and might open a gate to sensitive data or privileged access. This makes them a great target for Bug Bounty hunters and Attackers.
Fri 30 October 2020
Ostorlab Insecure Application
This article describes the usage of Ostorlab Insecure Application.
Mon 14 October 2019
New Features and Roadmap
The last few months, Ostorlab team has been hard at work adding exciting new features. Some of these have already hit production, or will do so in the upcoming weeks and months.
Thu 20 September 2018
Critical attack surface of mobile applications
the Attack Surface of mobile applications.
Wed 17 January 2018