Unauthorized Device Command and Control
How an Exported Activity processed untrusted Intent extras without validation, allowing malicious application to trigger device actions.
Read More →
Blog
Blogs
From WebView to Remote Code Injection January 22, 2026
| by Lyes Mohammed How a Misconfigured JSInterface
Intro to Android WebViews and deep links…and how to exploit them
Android WebView is a system component that allows applications to render web content directly inside a native app, and it...
Read More →
Great write‑up, Qt — this was a really satisfying read. The way you chained the JSInterface abuse, OTA mechanics, and…