# Mobile

[If you found exposed broadcast receiver in android app. Reverse the app and investigate it...it may give you access to private shared pref using object deserialization and may lead to account take over!](https://twitter.com/SecZiko/status/1121869048889970690)

[Android tip: wifi passwords are in /data/misc/wifi/wpa\_supplicant.conf](https://twitter.com/RichFelker/status/1142432319220932609)

![](/files/-LjZjAkp0Tl0zlXkfZUO)

{% embed url="<https://twitter.com/B3nac/status/1226746962537369600>" %}

{% embed url="<https://twitter.com/0xgaurang/status/1226877803783544832>" %}

[#bugbounty](https://twitter.com/hashtag/bugbounty?src=hash\&ref_src=twsrc%5Etfw) Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting \<iframe/src=/etc/hosts> into input fields. Payout: $4,500! 😎👍 [pic.twitter.com/JvP4jN8Zha](https://t.co/JvP4jN8Zha)— xer0dayz (@xer0dayz) [June 24, 2018](https://twitter.com/xer0dayz/status/1011032672460652546?ref_src=twsrc%5Etfw)

{% embed url="<https://twitter.com/payloadartist/status/1240862080695066624?s=09>" %}

* [When trying to backup an android app without root privileges for vulnerabilities, you need to know the package name but you don't have access to the /data directory. Run --> aapt dump badging abc.ap](https://twitter.com/viperbluff/status/1246235931801247745)
* <https://twitter.com/Hacker0x01/status/1229869424628420608> - AndroidHackingMonth
* [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hash) Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting \<iframe/src=/etc/hosts> into input fields. Payout: $4,500!&#x20;
* [#BugBountyTip](https://twitter.com/hashtag/BugBountyTip?src=hashtag_click) this helped me alot: In case a program has an Android/IOS app, extract endpoints and add those to your wordlists before running directory bruteforce on the subdomains list. You'll be surprised to see the results


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gowsundar.gitbook.io/book-of-bugbounty-tips/mobile.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.