deep links Exploiting Deep Links in Android - Part 4 (Mitigation) Preventing Deep Link HijackingWhen it comes to preventing Deep Link Hijacking, the message is simple: stop using Scheme URLs and start using (properly verified) App Links or Intent URLs. [If you're lost maybe you should go back to Part 1] As of August 2021 only about 6% of Android devices
android Exploiting Deep Links in Android - Part 3 So .. what else can we do with deep links? Local File Inclusion (LFI)In part 2 we saw how to achieve LFI via the WebView.loadUrl method. In this part we'll explore an alternative that doesn't require the application to contain a WebView. Let's continue using the ABC Bank Android
android Exploiting Deep Links in Android - Part 2 In this part, we're going to start to answer the question: "What can you do if you can trick a user into clicking a malicious deep link?" Let's go back to the ABC Bank example. ABC Bank has both a web and an Android application, and they use deep links
android Exploiting Deep Links in Android - Part 1 Deep links are an often overlooked way to exploit Android applications. In this series I hope to do a deep dive into their history, common vulnerabilities with real-life examples, possible mitigations, and testing techniques for pentesters and researchers. In this first part, we do a quick overview of the supported
