AndroBugs Security


We provide advanced security consulting services for your Android Apps. We are proficient in finding vulnerabilities and potential critical security issues in your app. AndroBugs makes sure every component in your app is secure enough and your logic is correct with no security flaws for hackers to exploit. We are giving you a chance to try it now, you may find something in your app that you may have never notice before.

Our Responsibility

Once we have found any vulnerabilities in your apps, we will give you a complete and detailed description to help you solve the potential security issues. If necessary, we will give you the PoC code to demonstrate the effect of the vulnerabilities we have found in your app.

Android App ≠ Web App

For web apps, you can fix the security issues immediately on your server. But for Android apps, your apps may have already been deployed to more than hundreds of thousands of devices by the time you find vulnerabilities.

No Source Code

To protect the code safety of your app, you DO NOT need to give us your Java or C/C++ source code. You only need to give us your Android APK file.

Keeping It Confidential

If we find any vulnerabilities in your Android app, we will keep it confidential and will never publicly disclose it unless you allow us to do.

It All Depends On You

We closely cooperate with you, give you suggestions and complete steps to solve the security issues. But it all depends on you to make the changes or not.

Not Only Security

We not only give you the vulnerabilities mitigation advices, but also give you performance improvement suggestions and preferable settings in your apps.

3rd-party Libraries

How do you know if one day you are hacked by HeartBleed vulnerabilities because you use the 3rd-party library - OpenSSL?
AndroBugs also helps you check the security of the 3rd-party libraries you are using.

No More Hackers

We have several techniques to help your app against Reverse Engineering or being repackaging by hackers.




Our Responsible Disclosure (In only 4 months):

We found security issues in Android products or mobile web apps by the following companies and made responsible disclosure about them.
You can now find our name("AndroBugs" or "Yu-Cheng") on their Security Hall of Fame or Acknowledgement List.
Company Hall of Fame (or Acknowledgement List) Status Additional Information
Google Android https://source.android.com/devices/tech/security/acknowledgements.html Fixed Including Google Chrome and
apps in AOSP.
Facebook https://www.facebook.com/whitehat/thanks/ 2 Fixed Android SDK by Facebook and
Facebook Bug Bounty Payment Website
Twitter https://hackerone.com/twitter/thanks 2 Fixed Twitter Mobile Web and Mobile App
Microsoft http://technet.microsoft.com/en-us/security/cc308589
http://technet.microsoft.com/en-us/security/cc308575
Fixed Including Office Mobile and Bing
Yahoo! Vulnerabilities in Android App by Yahoo! 2 Triaged and Fixing
Alibaba(阿里巴巴) http://security.alibaba.com/top.htm?time=201404 Fixing Security issues in Taobao and Alipay.
Rank top 4 in April, 2014.
Qualcomm https://www.qualcomm.com/connect/contact/security/product-security/hall-of-fame Fixed
Evernote https://evernote.com/security/report-issue/ Fixing
AT&T https://bugbounty.att.com/hof.php Fixed AT&T Q2-14 Top 3 distinguished security researcher.
eBay http://ebay.com/securitycenter/ResearchersAcknowledgement.html Fixed
Yandex http://company.yandex.com/security/hall-of-fame.xml Fixing Yandex is the top website in Russia.
Badoo http://corp.badoo.com/security-board/ 2 Fixed
Sony https://secure.sony.net/hallofthanks Fixed
Sina(新浪微博) http://sec.sina.com.cn/Hero/index?year=2014&month=4 3 Fixing Rank top 8 in April, 2014.
Mail.Ru https://hackerone.com/mailru/thanks 1 Fixed
Baidu(百度) http://www.wooyun.org/bugs/wooyun-2014-054438 Fixing
Tencent(腾讯) A vulnerability in Android SDK by Tencent. Fixing
LINE WhosCall A vulnerability in LINE WhosCall. Fixed
Adobe Two vulnerabilities in Android Apps by Adobe. Fixing
Tumblr https://hackerone.com/androbugs Fixed


How Do We Analyze Your Apps?



Why Is Application Security Crucial?