I’m quite new into hacking in general. I was thinking about an area to start as a serious researcher and noticed not only from people talking but also from Bugcrowd’s Priority One Report 2019 that the focus on Mobile Hacking is pretty small (even the size of the particular forum is small when compared to the one dedicated to web apps), although the bounties seem to be raising in value. The submissions of Web-based bugs seem to dominate around 90% of the overall activity.
The reference to this information can be checked on pages 4 and 7 of the report.
Far from being discouraged by that I started to wonder whether this would not be a good thing for one who has enough dedication to Mobile App bug hunting. The “market” seems to be quite saturated when it comes to Web-App bug hunting (although not in its maximum, I realize), so just maybe some value can be extracted from Mobile. Why jump in an area such as Web-Apps when everyone seems to be doing just that? From what I could gather in my limited experience in the field, the barrier to entry in Mobile App bug hunting seems to be higher (which might actually be a good thing).
My question is: Why is it that so few people go for Mobile App pentesting / bug hunting? Is it because it’s harder? Is it because you actually have to understand how things work at a low/coding level instead of just firing automated vulnerability scans all over?