appsec.fyi — Mobile Security

appsec.fyi — Mobile Security https://appsec.fyi/mobile.html Curated Mobile Security resources from appsec.fyi en-us Wed, 22 Apr 2026 18:38:42 +0000 carl@chs.us (Carl Sampson) Root/Jailbreak Detection and SSL Pinning in KMM https://www.appknox.com/blog/kmm-security-root-jailbreak-detection-ssl-pinning https://www.appknox.com/blog/kmm-security-root-jailbreak-detection-ssl-pinning Root/Jailbreak Detection and SSL Pinning in KMM Mobile Security Wed, 22 Apr 2026 12:52:43 +0000 Reversing Android Apps: Bypassing Detection Like a Pro https://www.kayssel.com/newsletter/issue-12/ https://www.kayssel.com/newsletter/issue-12/ Reversing Android Apps: Bypassing Detection Like a Pro Mobile Security Wed, 22 Apr 2026 12:52:43 +0000 Reverse engineering and modifying Android apps with JADX and Frida https://httptoolkit.com/blog/android-reverse-engineering/ https://httptoolkit.com/blog/android-reverse-engineering/ Reverse engineering and modifying Android apps with JADX and Frida Mobile Security Wed, 22 Apr 2026 12:52:42 +0000 Common Vulnerabilities and Exposures Examples in Mobile Apps https://www.corellium.com/blog/mobile-app-security-cves-ios-testing https://www.corellium.com/blog/mobile-app-security-cves-ios-testing Common Vulnerabilities and Exposures Examples in Mobile Apps Mobile Security Wed, 22 Apr 2026 12:52:41 +0000 Bypassing iOS Frida Detection with LLDB and Frida https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup https://tonygo.tech/blog/2025/8ksec-ios-ctf-writeup Bypassing iOS Frida Detection with LLDB and Frida Mobile Security Wed, 22 Apr 2026 12:52:40 +0000 frida-interception-and-unpinning: Scripts to MitM all HTTPS traffic https://github.com/httptoolkit/frida-interception-and-unpinning https://github.com/httptoolkit/frida-interception-and-unpinning frida-interception-and-unpinning: Scripts to MitM all HTTPS traffic Mobile Security Wed, 22 Apr 2026 12:52:40 +0000 Android Reports and Resources https://github.com/B3nac/Android-Reports-and-Resources https://github.com/B3nac/Android-Reports-and-Resources Android Reports and Resources Mobile Security Wed, 22 Apr 2026 12:52:39 +0000 iOS Security Testing - OWASP MASTG https://mas.owasp.org/MASTG/0x06b-iOS-Security-Testing/ https://mas.owasp.org/MASTG/0x06b-iOS-Security-Testing/ iOS Security Testing - OWASP MASTG Mobile Security Wed, 22 Apr 2026 12:52:38 +0000 Android Security Bulletin - March 2026 https://source.android.com/docs/security/bulletin/2026/2026-03-01 https://source.android.com/docs/security/bulletin/2026/2026-03-01 Android Security Bulletin - March 2026 Mobile Security Wed, 22 Apr 2026 12:52:37 +0000 Android Security Bulletin - April 2026 https://source.android.com/docs/security/bulletin/2026/2026-04-01 https://source.android.com/docs/security/bulletin/2026/2026-04-01 Android Security Bulletin - April 2026 Mobile Security Wed, 22 Apr 2026 12:52:37 +0000 Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-117/ https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-117/ Zero-Day Vulnerabilities in Apple WebKit — CSA Singapore Mobile Security Sun, 19 Apr 2026 02:37:07 +0000 Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529 https://www.helpnetsecurity.com/2025/12/15/ios-macos-cve-2025-14174-cve-2025-43529/ https://www.helpnetsecurity.com/2025/12/15/ios-macos-cve-2025-14174-cve-2025-43529/ Update Apple Devices: Actively Exploited CVE-2025-14174 & CVE-2025-43529 Mobile Security Sun, 19 Apr 2026 02:37:07 +0000 CVE-2025-14174: Apple WebKit Memory Corruption Zero-Day https://socprime.com/blog/cve-2025-14174-vulnerability/ https://socprime.com/blog/cve-2025-14174-vulnerability/ CVE-2025-14174: Apple WebKit Memory Corruption Zero-Day Mobile Security Sun, 19 Apr 2026 02:37:06 +0000 Two Serious Vulnerabilities in Latest Android Security Update https://www.phonearena.com/news/two-serious-vulnerabilities-make-the-latest-android-security-update-one-you-cant-ignore_id176416 https://www.phonearena.com/news/two-serious-vulnerabilities-make-the-latest-android-security-update-one-you-cant-ignore_id176416 Two Serious Vulnerabilities in Latest Android Security Update Mobile Security Sun, 19 Apr 2026 02:22:18 +0000 LANDFALL: New Commercial-Grade Android Spyware (CVE-2025-21042) https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ LANDFALL: New Commercial-Grade Android Spyware (CVE-2025-21042) Mobile Security Sun, 19 Apr 2026 02:22:18 +0000 Awesome Android Reverse Engineering: Curated List https://github.com/user1342/Awesome-Android-Reverse-Engineering https://github.com/user1342/Awesome-Android-Reverse-Engineering Awesome Android Reverse Engineering: Curated List Mobile Security Thu, 16 Apr 2026 21:04:06 +0000 Android App Reverse Engineering 101 https://www.ragingrock.com/AndroidAppRE/ https://www.ragingrock.com/AndroidAppRE/ Android App Reverse Engineering 101 Mobile Security Thu, 16 Apr 2026 21:04:05 +0000 Exploiting Android Fingerprint Authentication https://medium.com/@ashishf6/exploiting-android-fingerprint-authentication-25dd9263bd74 https://medium.com/@ashishf6/exploiting-android-fingerprint-authentication-25dd9263bd74 Exploiting Android Fingerprint Authentication Mobile Security Thu, 16 Apr 2026 21:04:04 +0000 Android Keystore Pitfalls and Best Practices https://stytch.com/blog/android-keystore-pitfalls-and-best-practices/ https://stytch.com/blog/android-keystore-pitfalls-and-best-practices/ Android Keystore Pitfalls and Best Practices Mobile Security Thu, 16 Apr 2026 21:04:03 +0000 Frida's Impact on Mobile Security and How to Fight Back https://medium.com/@talsec/hook-hack-defend-fridas-impact-on-mobile-security-how-to-fight-back-145dea12daf3 https://medium.com/@talsec/hook-hack-defend-fridas-impact-on-mobile-security-how-to-fight-back-145dea12daf3 Frida's Impact on Mobile Security and How to Fight Back Mobile Security Thu, 16 Apr 2026 21:04:02 +0000 From an Android Hook to RCE: $5000 Bounty https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty https://blog.voorivex.team/from-an-android-hook-to-rce-5000-bounty From an Android Hook to RCE: $5000 Bounty Mobile Security Thu, 16 Apr 2026 21:04:02 +0000 iOS Reverse Engineering: Defeating Anti-Debug and Extracting Hidden Flag https://dev.to/jr_carreiro/ios-reverse-engineering-defeating-anti-debug-and-extracting-a-hidden-flag-58mb https://dev.to/jr_carreiro/ios-reverse-engineering-defeating-anti-debug-and-extracting-a-hidden-flag-58mb iOS Reverse Engineering: Defeating Anti-Debug and Extracting Hidden Flag Mobile Security Thu, 16 Apr 2026 21:04:01 +0000 DarkSword iOS Exploit Chain Adopted by Multiple Threat Actors - Google https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain DarkSword iOS Exploit Chain Adopted by Multiple Threat Actors - Google Mobile Security Thu, 16 Apr 2026 21:04:00 +0000 Inside DarkSword: A New iOS Exploit Kit - iVerify https://iverify.io/blog/darksword-ios-exploit-kit-explained https://iverify.io/blog/darksword-ios-exploit-kit-explained Inside DarkSword: A New iOS Exploit Kit - iVerify Mobile Security Thu, 16 Apr 2026 21:03:59 +0000 DarkSword iOS Exploit Kit: 6 Flaws and 3 Zero-Days for Full Takeover https://thehackernews.com/2026/03/darksword-ios-exploit-kit-uses-6-flaws.html https://thehackernews.com/2026/03/darksword-ios-exploit-kit-uses-6-flaws.html DarkSword iOS Exploit Kit: 6 Flaws and 3 Zero-Days for Full Takeover Mobile Security Thu, 16 Apr 2026 21:03:59 +0000 Exploiting Content Providers in Android Applications https://redfoxsecurity.medium.com/exploiting-content-providers-in-android-applications-a75cbda2a5c7 https://redfoxsecurity.medium.com/exploiting-content-providers-in-android-applications-a75cbda2a5c7 Exploiting Content Providers in Android Applications Mobile Security Sat, 11 Apr 2026 16:45:54 +0000 SQL injection vulnerabilities in Owncloud Android app https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/ SQL injection vulnerabilities in Owncloud Android app Mobile Security Sat, 11 Apr 2026 16:45:53 +0000 Android, SQL and ContentProviders - Why SQL injections aren't dead yet https://blog.ostorlab.co/android-sql-contentProvider-sql-injections.html https://blog.ostorlab.co/android-sql-contentProvider-sql-injections.html Android, SQL and ContentProviders - Why SQL injections aren't dead yet Mobile Security Sat, 11 Apr 2026 16:45:52 +0000 iOS Universal Links - HackTricks https://book.hacktricks.wiki/en/mobile-pentesting/ios-pentesting/ios-universal-links.html https://book.hacktricks.wiki/en/mobile-pentesting/ios-pentesting/ios-universal-links.html iOS Universal Links - HackTricks Mobile Security Sat, 11 Apr 2026 16:45:52 +0000 MASTG-TEST-0070: Testing Universal Links https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0070/ https://mas.owasp.org/MASTG/tests/ios/MASVS-PLATFORM/MASTG-TEST-0070/ MASTG-TEST-0070: Testing Universal Links Mobile Security Sat, 11 Apr 2026 16:45:51 +0000 Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped https://evanconnelly.github.io/post/ios-oauth/ https://evanconnelly.github.io/post/ios-oauth/ Mobile OAuth Attacks - iOS URL Scheme Hijacking Revamped Mobile Security Sat, 11 Apr 2026 16:45:50 +0000 Exploiting Android WebView Vulnerabilities https://redfoxsec.com/blog/exploiting-android-webview-vulnerabilities/ https://redfoxsec.com/blog/exploiting-android-webview-vulnerabilities/ Exploiting Android WebView Vulnerabilities Mobile Security Sat, 11 Apr 2026 16:45:50 +0000 Android security checklist: WebView - Oversecured Blog https://blog.oversecured.com/Android-security-checklist-webview/ https://blog.oversecured.com/Android-security-checklist-webview/ Android security checklist: WebView - Oversecured Blog Mobile Security Sat, 11 Apr 2026 16:45:49 +0000 WebView addJavascriptInterface Remote Code Execution - WithSecure Labs https://labs.withsecure.com/publications/webview-addjavascriptinterface-remote-code-execution https://labs.withsecure.com/publications/webview-addjavascriptinterface-remote-code-execution WebView addJavascriptInterface Remote Code Execution - WithSecure Labs Mobile Security Sat, 11 Apr 2026 16:45:48 +0000 Exploiting Insecure Android WebView with JavaScript Interface https://medium.com/@youssefhussein212103168/exploiting-insecure-android-webview-with-javascript-interface-a4d3abf9ec09 https://medium.com/@youssefhussein212103168/exploiting-insecure-android-webview-with-javascript-interface-a4d3abf9ec09 Exploiting Insecure Android WebView with JavaScript Interface Mobile Security Sat, 11 Apr 2026 16:45:47 +0000 Mobile Security Framework - MobSF Documentation https://mobsf.github.io/docs/ https://mobsf.github.io/docs/ Mobile Security Framework - MobSF Documentation Mobile Security Sat, 11 Apr 2026 16:45:46 +0000 MobSF: Mobile Security Framework (GitHub) https://github.com/MobSF/Mobile-Security-Framework-MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF MobSF: Mobile Security Framework (GitHub) Mobile Security Sat, 11 Apr 2026 16:45:46 +0000 Deep Linking Vulnerabilities - Application Security Cheat Sheet https://0xn3va.gitbook.io/cheat-sheets/android-application/intent-vulnerabilities/deep-linking-vulnerabilities https://0xn3va.gitbook.io/cheat-sheets/android-application/intent-vulnerabilities/deep-linking-vulnerabilities Deep Linking Vulnerabilities - Application Security Cheat Sheet Mobile Security Sat, 11 Apr 2026 16:45:45 +0000 Android Intent Redirection: A Hacker's Gateway to Internal Components https://medium.com/@0x3adly/android-intent-redirection-a-hackers-gateway-to-internal-components-ebe126bbb2e0 https://medium.com/@0x3adly/android-intent-redirection-a-hackers-gateway-to-internal-components-ebe126bbb2e0 Android Intent Redirection: A Hacker's Gateway to Internal Components Mobile Security Sat, 11 Apr 2026 16:45:44 +0000 From Browser to Breach: One-Click Android Deep Link Exploitation https://medium.com/@mustafamohammed789mm/from-browser-to-breach-one-click-android-deep-link-exploitation-b8906c8538a6 https://medium.com/@mustafamohammed789mm/from-browser-to-breach-one-click-android-deep-link-exploitation-b8906c8538a6 From Browser to Breach: One-Click Android Deep Link Exploitation Mobile Security Sat, 11 Apr 2026 16:45:43 +0000 Unsafe use of deep links - Android Developers Security https://developer.android.com/privacy-and-security/risks/unsafe-use-of-deeplinks https://developer.android.com/privacy-and-security/risks/unsafe-use-of-deeplinks Unsafe use of deep links - Android Developers Security Mobile Security Sat, 11 Apr 2026 16:45:43 +0000 Android Pentest: Deep Link Exploitation https://www.hackingarticles.in/android-pentest-deep-link-exploitation/ https://www.hackingarticles.in/android-pentest-deep-link-exploitation/ Android Pentest: Deep Link Exploitation Mobile Security Sat, 11 Apr 2026 16:45:42 +0000 A Comprehensive Guide to iOS Jailbreak Detection Bypass https://www.appknox.com/blog/ios-jailbreak-detection-bypass https://www.appknox.com/blog/ios-jailbreak-detection-bypass A Comprehensive Guide to iOS Jailbreak Detection Bypass Mobile Security Sat, 11 Apr 2026 16:45:41 +0000 Bypassing iOS Security Suite: Jailbreak Detection Explained and Tested https://www.appknox.com/blog/ios-security-suite-jailbreak-bypass https://www.appknox.com/blog/ios-security-suite-jailbreak-bypass Bypassing iOS Security Suite: Jailbreak Detection Explained and Tested Mobile Security Sat, 11 Apr 2026 16:45:35 +0000 Frida CodeShare: iOS Jailbreak Detection Bypass https://codeshare.frida.re/@liangxiaoyi1024/ios-jailbreak-detection-bypass/ https://codeshare.frida.re/@liangxiaoyi1024/ios-jailbreak-detection-bypass/ Frida CodeShare: iOS Jailbreak Detection Bypass Mobile Security Sat, 11 Apr 2026 16:45:35 +0000 iOS Jailbreak Detection Bypass with Frida - Full Guide https://www.corellium.com/blog/ios-jailbreak-detection-bypass https://www.corellium.com/blog/ios-jailbreak-detection-bypass iOS Jailbreak Detection Bypass with Frida - Full Guide Mobile Security Sat, 11 Apr 2026 16:45:34 +0000 Android 15 Vulnerabilities: A Comprehensive Security Research Analysis https://medium.com/@babatech009/android-15-vulnerabilities-a-comprehensive-security-research-analysis-98b433b4383c https://medium.com/@babatech009/android-15-vulnerabilities-a-comprehensive-security-research-analysis-98b433b4383c Android 15 Vulnerabilities: A Comprehensive Security Research Analysis Mobile Security Sat, 11 Apr 2026 16:45:33 +0000 December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited https://socradar.io/blog/december-2025-android-security-bulletin/ https://socradar.io/blog/december-2025-android-security-bulletin/ December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited Mobile Security Sat, 11 Apr 2026 16:45:32 +0000 Android Security Bulletin - December 2025 https://source.android.com/docs/security/bulletin/2025-12-01 https://source.android.com/docs/security/bulletin/2025-12-01 Android Security Bulletin - December 2025 Mobile Security Sat, 11 Apr 2026 16:45:32 +0000 Intent redirection vulnerability in third-party SDK exposed millions of Android wallets https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/ https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/ Intent redirection vulnerability in third-party SDK exposed millions of Android wallets Mobile Security Sat, 11 Apr 2026 16:45:31 +0000