[Android application pentesting] does these things are vulerabilities?

Neolex · August 8, 2018, 11:44am

Hello !
I’m new to android pentesting i’m reading about it and i’m very interested to try bug bounty for android app.
But I would like to know :

Does a password or cryptographic key in storage are a vulnerability if we have to access the smartphone to get it ? like doing a backup or with rooted smartphone ?
Does the leak of a cryptographic key is a vulnerability if I used frida to get it ? is it really possible for applications to keep theses keys secret even if frida is used ?

Thanks !

RobertElitecdd27710 · December 28, 2021, 1:30pm

your information is very interesting and good question but i am not idea.

Topic		Replies	Views
Advice - A learning path for MOBILE pentesting / bug bounty programs Mobile Hacking (iOS & Android)	0	2804	March 16, 2020
Commonly found IoT Vulnerabilities IoT Hacking	4	5181	May 9, 2018
Researcher Resources: Mobile Focused Mobile Hacking (iOS & Android)	3	11368	May 5, 2023
Fairly new security researcher in need of YOUR HELP! Please read! Starter Zone	7	1902	March 28, 2019
Ring ring! Hello, Mobile Testers? Bugcrowd Announcements & News	8	3201	February 5, 2020