com.twitter.android.WidgetSettingsActivity extend PreferenceActivity and export.
By entering the appropriate extra intent can call any of its internal fragment.
So do not export...

**Summary:**
XSS via start ContentActivity using 'html' parameter.

**Description (Include Impact):**
Arbitrary applications on Android can run the exported activities ContentActivity,...

urandom talks

Collection of Some Good research Documentation. Contribute to avicoder/WriteUp development by creating an account on GitHub.

OASAM is the acronym of Open Android Security Assessment Methodology and its purpose is to become a reference framework on Android application vulnerability assessments. - b66l/OASAM

Most competent web developers have learned a thing or two about how to handle cross-site scripting and cross-site request forgery, the two main attack vectors for compromising the front end of a web application. These attacks take advantage of the … Read…