We provide advanced security consulting services for your Android Apps. We are proficient in finding vulnerabilities and potential critical security issues in your app. AndroBugs makes sure every component in your app is secure enough and your logic is correct with no security flaws for hackers to exploit. We are giving you a chance to try it now, you may find something in your app that you may have never notice before.
Once we have found any vulnerabilities in your apps, we will give you a complete and detailed description to help you solve the potential security issues. If necessary, we will give you the PoC code to demonstrate the effect of the vulnerabilities we have found in your app.
For web apps, you can fix the security issues immediately on your server. But for Android apps, your apps may have already been deployed to more than hundreds of thousands of devices by the time you find vulnerabilities.
To protect the code safety of your app, you DO NOT need to give us your Java or C/C++ source code. You only need to give us your Android APK file.
If we find any vulnerabilities in your Android app, we will keep it confidential and will never publicly disclose it unless you allow us to do.
We closely cooperate with you, give you suggestions and complete steps to solve the security issues. But it all depends on you to make the changes or not.
We not only give you the vulnerabilities mitigation advices, but also give you performance improvement suggestions and preferable settings in your apps.
How do you know if one day you are hacked by HeartBleed vulnerabilities because you use the 3rd-party library - OpenSSL?
AndroBugs also helps you check the security of the 3rd-party libraries you are using.
We have several techniques to help your app against Reverse Engineering or being repackaging by hackers.
|Company||Hall of Fame (or Acknowledgement List)||Status||Additional Information|
|Google Android||https://source.android.com/devices/tech/security/acknowledgements.html||2 Fixed
3 Triaged and Fixing
|Including Google Chrome and
apps in AOSP.
|https://www.facebook.com/whitehat/thanks/||2 Fixed||Android SDK by Facebook and
Facebook Bug Bounty Payment Website
1 Triaged and Fixing
|Twitter Mobile Web|
|Fixed||Including Office Mobile and Bing|
|Yahoo!||Vulnerabilities in Android App by Yahoo!||2 Triaged and Fixing|
|Alibaba(阿里巴巴)||http://security.alibaba.com/top.htm?time=201404||Fixing||Security issues in Taobao and Alipay.
Rank top 4 in April, 2014.
|AT&T||https://bugbounty.att.com/hof.php||Fixed||AT&T Q2-14 Top 3 distinguished security researcher.|
|Yandex||http://company.yandex.com/security/hall-of-fame.xml||Fixing||Yandex is the top website in Russia.|
|Sina(新浪微博)||http://sec.sina.com.cn/Hero/index?year=2014&month=4||3 Fixing||Rank top 8 in April, 2014.|
|Mail.Ru||A vulnerability in Android App by Mail.Ru.||1 Fixing|
|Tencent(腾讯)||A vulnerability in Android SDK by Tencent.||Fixing|
|LINE WhosCall||A vulnerability in LINE WhosCall.||Fixed|
|Adobe||Two vulnerabilities in Android Apps by Adobe.||Fixing|
|1||Vulnerability in Facebook app allows hackers to steal access tokens and hijack accounts|
|2||Hole In WhatsApp For Android Lets Hackers Steal Your Conversations|
|3||Evernote||Evernote Android Insecure Password Change (one-click setup)|