A technical guide to Android app obfuscation and security. Learn what ProGuard and R8 actually hide from attackers, why taint analysis still works on obfuscated code, and what genuinely protects your app.

Oversecured reports now include AI-generated summaries, attack scenarios, and remediation guidance — helping security teams triage and fix mobile vulnerabilities faster.

A technical guide to Android deep link security. Learn how intent filter misconfigurations lead to account takeover, and how mobile application security testing with SAST and DAST finds these vulnerability chains.

A technical guide to taint analysis in mobile app security testing. Learn how source-to-sink data flow tracking finds real Android vulnerabilities that pattern-matching tools miss.

A technical guide to authenticated mobile app security testing. Learn what DAST misses when it stops at the login screen, and how automated login agents reach the attack surface that matters most.

A practical buyer’s guide to mobile app security testing tools. Compare SAST, DAST, CI/CD integration, false positive rates, and 11 key criteria for choosing the right platform.

Oversecured identifies hardcoded cloud credentials and a cross-site scripting flaw in popular AI companion apps, exposing backend infrastructure and allowing code injection into private conversations

Security audit of shift scheduling and workforce management apps finds flaws that expose Plaid banking tokens, allow fake messages under the employer's brand, and let attackers silently delete shift notifications

Oversecured has identified vulnerabilities in several popular mental health apps with tens of millions of downloads. The flaws could turn these apps into unintended data sources for surveillance, including personal conversations with AI

Discover how Mercari, Japan's largest marketplace app, transformed their mobile security program with Oversecured, uncovering critical vulnerabilities missed by previous tools and achieving reliable automated scanning at scale.

Mobile app security has become significantly harder over the past few years. Modern mobile applications rely on dozens of third-party SDKs, complex authentication flows, background services, deeplinks, and constant interaction with device-level APIs.

We continually refine and enhance the Oversecured Mobile Application Vulnerability Scanner through regular analysis of mobile applications. This helps us to optimize our analysis techniques and proactively mitigate potential vulnerabilities from malicious exploitation.

Oversecured found and resolved significant mobile security vulnerabilities in Xiaomi devices. Our team discovered 20 dangerous vulnerabilities across various applications and system components that pose a threat to all Xiaomi users. The vulnerabilities

Oversecured Apps Care At Oversecured, our core mission is to make the Internet safer for everyone.

This article introduces MavenGate, a supply chain attack method that can let attackers hijack Java and Android dependencies by taking over abandoned domains or project identities. It explains how this weakness appears in common Maven and Gradle workflows, why default dependency resolution can make projects vulnerable, and how malicious code could be injected into apps or build pipelines. The piece also shows the scale of the issue through Oversecured’s research and outlines practical defenses teams can use to reduce the risk.

Android security checklist: Content Providers

For several years, Oversecured has been the best way to discover vulnerabilities in Android and iOS mobile apps. We are always carrying out research and improving the quality of our detection. In the

Developers for Android do a lot of work with files and exchange them with other apps, for example, to get photos, images, or user data.

At Oversecured, we scan thousands of apps every month. We observe that some vulnerabilities now come up much less frequently than they did a few years ago. But the same cannot be said

WebView is a web browser that can be built into an app, and represents the most widely used component of the Android ecosystem; it is also subject to the largest number of potential

Oversecured has once again uncovered high-severity vulnerabilities, this time in the TikTok app. The app contained one vulnerability to theft of arbitrary files with user interaction and three to persistent arbitrary code execution.

When an Android app needs access to sensitive resources on the device, the app developers make use of the permissions model. While the model can be quite simple to use, developers often make

As mentioned in the first part of this series, Oversecured spent two weeks finding security bugs in Samsung’s built-in apps. In this part, we will go over bugs that could have allowed an

Almost every Android app dynamically loads code from native .so libraries or .dex files. There are also some special libraries like Google Play Core to simplify this process. text

After spending two weeks looking for security bugs in the pre-installed apps on Samsung devices, we were able to find multiple dangerous vulnerabilities. In this blog, we will be going over them.

When it comes to vulnerabilities in WebViews, we often overlook the incorrect implementation of WebResourceResponse which is a WebView class that allows an Android app to emulate the server by returning a response

In today’s blog, we’ll discuss memory corruption vulnerabilities in Android apps and how they can be exploited. At the end of the article, we’ll show how we found such a vulnerability in PayPal

Do you want to check your mobile apps for such types of vulnerabilities? Oversecured mobile apps scanner provides an automatic solution that helps to detect vulnerabilities in Android and iOS mobile apps.

Oversecured found dangerous vulnerabilities in the Evernote app for Android, which could have allowed access to user accounts to be intercepted by a hostile app installed on the same device.

All intents on Android are divided into two big categories: explicit and implicit. Explicit intents have a set receiver (the name of an app package and the class name of a handler component)

The Google Play Core Library is a popular library for Android that allows updates to various parts of an app to be delivered at runtime without the participation of the user, via the...

This vulnerability resembles Open Redirect in web security. Since class Intent is Parcelable, objects belonging to this class can be passed as extra data in another Intent object. Many developers make use of...

There are apps for Android that have the ability to add extra functionality by using external modules. Some load native libraries or third-party dex or app files, but in this article we will...