Bug Bounty

GPSRP pays researchers for reporting abusiv google playstore apps

Adam Bacchus, Sebastian Porst, and Patrick Mutchler  of the  Android Security & Privacy Team, announced great news of a upcoming data protection and privacy reward program. This week google extends the scope of GPSRP to include all apps in Google Play with 100 million or more installations. These apps can now be rewarded even if the app developers (3rd party) don't have their own vulnerability or bug bounty program.

The GPSRP program, which was originally launched about 1 year ago, is still limited to reporting vulnerabilities only in very popular Android apps in the Google Play Store. Many of them have their own products.

Yes, we did it again!

Due to the last few years we have discovered several problems that bypass the password protection mechanism of ios. In recent weeks we have discovered a new problem affecting the latest ios versions 12.1 and 12.1.1.1.

The vulnerability allows password protection to be bypassed with the pin to allow unauthorized access to sensitive data such as contacts, image libraries and other standard setup applications. The problem affects all Apple iPhone and iPad devices with the ability to call (sim).

The access permission vulnerability is located in the Message menu to answer custom messages in combination with the standard app features available on the ios device. The problem allows you to combine different methods used to access and edit photos in restricted mode.