In this blog, I will explain the process of how I discovered a vulnerability that triggers the mobile application which in turn allows me to take over multiple accounts.
Deep links are a type of link that sends users directly to an app instead of a website or a store. They are used to send users straight to specific in-app locations, saving users the time and energy locating a particular page themselves — significantly improving the user experience.
Deep linking does this by specifying a custom URL scheme (iOS Universal Links) or an intent URL (on Android devices) that opens your app if it’s already installed. Deep links can also be set to direct users to specific events or pages, which could tie into campaigns that you may want to run.
Android has a component called app link to say it exactly it’s called deep link which is specifically developed for triggering any mobile application. As mentioned earlier, even if the app is updated it is possible to hijack it. how
Read the article