SecuriTeam Secure Disclosure
SecuriTeam Secure Disclosure (SSD) provides the support you need to turn your experience uncovering security vulnerabilities into a highly paid career. SSD was designed by researchers for researchers and will give you the fast response and great support you need to make top dollar for your discoveries.
AppLock is Most downloaded app lock in Play Store:
- #1 App lock in over 50 countries.
- Over 100 Million users, supporting 24 languages.
- AppLock can lock SMS, Contacts, Gmail, Facebook, Gallery, Market, Settings, Calls and any app you choose, with abundant options, protecting your privacy.
- AppLock can hide pictures and videos, AppLock empowers you to control photo and video access. Selected pictures vanish from your photo gallery, and stay locked behind an easy-to-use PIN pad. With AppLock, only you can see your hidden pictures. Privacy made easy!
The following report describes three ( 3 ) different vulnerabilities found in the AppLock, an Android application, with over 10 Millions of downloads, used to secure pictures, videos and application with a PIN code.
The first vulnerability will show how the pictures and videos are not encrypted but just hidden from the users, and even without root permission we can recover them, even with their original filename.
The second vulnerability shows how an user, with root permission on the device, can easily remove the PIN code from applications or add it to others. He can moreover change the PIN code.
The last, and most critical, vulnerability is a PIN bypass. It is possible, without root permissions and with all applications, settings, etc blocked from the app, reset the PIN code to one of our choice, and the take full control of the application.