The exterior safety researcher neighborhood performs an integral position in making the Google Play ecosystem protected and safe. By this partnership with the neighborhood, Google has been capable of collaborate with third-party builders to repair 1000’s of safety points in Android functions earlier than they’re exploited and reward safety researchers for his or her exhausting work and dedication.
So as to empower the subsequent era of Android safety researchers, Google has collaborated with business companions together with HackerOne and PayPal to host a lot of Android App Hacking Workshops. These workshops are an effort designed to teach safety researchers and cybersecurity college students of all ability ranges on how one can discover Android utility vulnerabilities by a sequence of hands-on working classes, each in-person and digital.
By these workshops, we’ve seen attendees from teams equivalent to Merritt Faculty’s cybersecurity program and alumni of Hack the Hood go on to report real-world safety vulnerabilities to the Google Play Safety Rewards program. This reward program is designed to determine and mitigate vulnerabilities in apps on Google Play, and preserve Android customers, builders and the Google Play ecosystem protected.
At this time, we’re releasing our slide deck and workshop supplies, together with supply code for a custom-built Android utility that means that you can check your Android utility safety abilities in a wide range of seize the flag fashion challenges.
These supplies cowl a variety of methods for locating vulnerabilities in Android functions. Whether or not you’re simply getting began or have already discovered many bugs – likelihood is you’ll study one thing new from these challenges! In case you get caught and want a touch on fixing a problem, the options for every can be found within the Android App Hacking Workshop right here.
As you’re employed by the challenges and study extra concerning the methods and ideas described in our workshop supplies, we’d like to hear your suggestions.
Extra Assets:
- If you wish to study extra about how one can put together, launch, and run a Vulnerability Disclosure Program (VDP) or uncover how one can work with exterior safety researchers, try our VDP course right here.
- In case you’re a developer seeking to construct safer functions, try Android app safety finest practices right here.
