android
Javascript Interface Exposure
Ostorlab's Pentest Engine identified a JavaScript bridge exposure in an Android WebView, allowing unauthenticated native method invocation via deep links. This case study details how the engine bypassed insecure Intent handling to manipulate the native UI, validating a potent social engineering vector while confirming the effectiveness of the underlying sandbox.
Wed 07 January 2026
Top Mobile App Security Testing Platforms 2026
Navigate the market for the Top Mobile App Security Testing Platforms 2026 by focusing on the cri...
Mon 05 January 2026
Understanding Android's FLAG_SECURE for Screen Security
What Android’s FLAG_SECURE does, how it prevents screenshots and screen recordings of sensitive a...
Mon 29 December 2025
Ostorlab AI Pentest Engine / How it Works?
Technical deep dive into Ostorlab AI Pentest Engine inner working, from threat intelligence, risk...
Mon 27 October 2025
Going Beyond: Ostorlab AI Engine Discovers Unknown Vulnerability Classes
Ostorlab’s reasoning-driven AI engine breaks past rule-based limits to surface previously unknown and hard-to-detect vulnerabilities—including WebView Safe Browsing bypasses, SQLi via projections, WebCrypto key exfiltration, and JWT verification ordering flaws—delivering deeper, smarter, complementary security coverage.
Introducing Ostorlab Security Testing Benchmarks: Real Vulnerabilities, Real Impact
The first open-source benchmark suite featuring 93 realistic vulnerable mobile apps that mirror actual CVE and bug bounty findings - not theoretical textbook examples.
Latest posts
AI-Powered Pentesting: A Deep Dive into Android Intent Redirection
This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android application for Intent Redirection vulnerabilities. Follow the engine's journey from static analysis and initial findings to rigorous dynamic validation, demonstrating its ability to not only identify potential threats but also to meticulously discard false positives.
Sun 31 August 2025
Know Your App's Data Habits: A Deep Dive into Our Comprehensive Privacy Analysis
Ostorlab's Privacy Scan automatically detects mismatches between what your app's privacy policy says and what it actually does. This comprehensive analysis of policy text, permissions, code, and UI elements helps mobile developers avoid compliance violations and build user trust through accurate privacy practices.
Tue 27 May 2025
Secure Mobile Biometric Authentication: Best Practices and Implementation Guidelines for Kotlin, Swift, and Flutter
In this Article, we define a secure implementation of mobile biometric authentication and provide detailed implementations in the 3 main modern mobile languages, namely Kotlin for Android, Swift for iOS, and Dart for Flutter multiplatform applications.
Tue 20 June 2023
GodFather Android Malware Analysis
In This article, we analyze the GodFather Android malware, which continues to appear in various formats and primarily targets banking and cryptocurrency applications to steal money and sensitive information for the users.
Fri 14 April 2023
Build you CI/CD pipeline for Mobile Applications with Jenkins, Github Actions and Azure Devops
This article will cover the main challenges when implementing a CI/CD pipeline for mobile applications. We will also provide examples of how you can implement a CI/CD pipeline for Android and iOS applications in the most used Mobile CI/CD tools.
Thu 27 October 2022
UI call coverage release for dynamic security testing
Ostorlab released the UI call coverage in the analysis environment to show the UI flow exercised during the dynamic security testing.
Wed 01 September 2021
Ostorlab Nuggets in June issue 5
Health Tech, Compromises and attacks, Instrumentation, Black Hat conferences, eBPF and more….
Thu 27 May 2021
Universal bypass of SSL Pinning ... from theory to a full working PoC with LLDB
This article is about bypassing SSL pinning without needing to. Sounds confusing? We will go over the theory, build a full PoC using LLDB in Python and finally extend it to other cool tasks.
Tue 18 May 2021