HOW I HACKED BILLION ANDROID USERS SOCIAL AND 3rd PARTY ACCOUNT | A STORY ABOUT 5000$ BUG

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

In this blog, I will explain the process of how I discovered a vulnerability that triggers the mobile application which in turn allows me to take over multiple accounts.

DEEPLINK

Deep links are a type of link that sends users directly to an app instead of a website or a store. They are used to send users straight to specific in-app locations, saving users the time and energy locating a particular page themselves — significantly improving the user experience.

Deep linking does this by specifying a custom URL scheme (iOS Universal Links) or an intent URL (on Android devices) that opens your app if it’s already installed. Deep links can also be set to direct users to specific events or pages, which could tie into campaigns that you may want to run.

Attack

Android has a component called app link to say it exactly it’s called deep link which is specifically developed for triggering any mobile application. As mentioned earlier, even if the app is updated it is possible to hijack it. how

Read the article