# Mobile

[If you found exposed broadcast receiver in android app. Reverse the app and investigate it...it may give you access to private shared pref using object deserialization and may lead to account take over!](https://twitter.com/SecZiko/status/1121869048889970690)

[Android tip: wifi passwords are in /data/misc/wifi/wpa\_supplicant.conf](https://twitter.com/RichFelker/status/1142432319220932609)

![](https://1889062997-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LbWrDBBrbM1WtGeIKRO%2F-LjZjAECDIIRg-FpEc_e%2F-LjZjAkp0Tl0zlXkfZUO%2Fimage.png?alt=media\&token=4f6707b2-4bdb-481a-87fc-bae4c7a28d93)

{% embed url="<https://twitter.com/B3nac/status/1226746962537369600>" %}

{% embed url="<https://twitter.com/0xgaurang/status/1226877803783544832>" %}

[#bugbounty](https://twitter.com/hashtag/bugbounty?src=hash\&ref_src=twsrc%5Etfw) Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting \<iframe/src=/etc/hosts> into input fields. Payout: $4,500! 😎👍 [pic.twitter.com/JvP4jN8Zha](https://t.co/JvP4jN8Zha)— xer0dayz (@xer0dayz) [June 24, 2018](https://twitter.com/xer0dayz/status/1011032672460652546?ref_src=twsrc%5Etfw)

{% embed url="<https://twitter.com/payloadartist/status/1240862080695066624?s=09>" %}

* [When trying to backup an android app without root privileges for vulnerabilities, you need to know the package name but you don't have access to the /data directory. Run --> aapt dump badging abc.ap](https://twitter.com/viperbluff/status/1246235931801247745)
* <https://twitter.com/Hacker0x01/status/1229869424628420608> - AndroidHackingMonth
* [#bugbounty](https://twitter.com/hashtag/bugbounty?src=hash) Pro Tip - Android applications can suffer from LFI and stored XSS just by injecting \<iframe/src=/etc/hosts> into input fields. Payout: $4,500!&#x20;
* [#BugBountyTip](https://twitter.com/hashtag/BugBountyTip?src=hashtag_click) this helped me alot: In case a program has an Android/IOS app, extract endpoints and add those to your wordlists before running directory bruteforce on the subdomains list. You'll be surprised to see the results