Request a Demo Contact Us
Bugcrowd Named a Leader in GigaOm’s Pen Test as a Service Report
Read Now

Finding Sensitive Data in Android Apps

 

Finding Sensitive Data in Android Apps


In this presentation, Nerdwell reviews common developer assumptions about mobile application security and explores ways in which these assumptions can be invalidated. We begin with a review of some new tools that streamline the bug bounty hunter’s Android hacking workflow. After that, we present tools and techniques for accessing, identifying, and extracting sensitive data from Android apps’ internal storage. Then we wrap up with a discussion of how to maximize the security impact of our findings for impactful bug bounty reports.

 

About the Author


Nerdwell is a systems and security engineer with a passion for bug bounty and vulnerability research. He currently works in critical infrastructure protection and has experience supporting technology in a variety of industries, ranging from manufacturing to healthcare. With over 20 years’ experiences, Nerdwell understands firsthand the challenges of building and supporting complex technology solutions securely. In addition to finding bugs and performing security research, Nerdwell enjoys networking and sharing knowledge with fellow hackers.

More resources

LevelUp

Back to Basics: Application Security Practices in Smart Contract Auditing

Learn More
Report

Bugcrowd Named a Leader in GigaOm Radar Report for Penetration Testing as a Service

Read More
LevelUp

Finding Hidden Gems in Old Bug Bounty Programs

Learn More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.