Android Security & Reverse Engineering YouTube Curriculum

Table of Contents

1. Android Exploits & Attacks
2. Android Permissions & Privileges
3. Android Webviews & Javascript Interfaces
4. Android Reverse Engineering & Obfuscation
5. Android Bluetooth Security
6. Payment Systems & ATMs
7. Android Malware & Surveillance
8. Android Hardware Vectors
9. Android GPU Attacks
10. Baseband Attacks
11. Hard-Coded Credentials & Adjacent Attacks
12. Android Kernel Exploits
13. Input Validation & Path Traversal Attacks
14. Android Ecosystem & Supply Chain Security

Android Exploits & Attacks

• Ghost SIM Attack: Hacking Mobile Network Authentication Policies
  • SecTor 2025 By Pedro Cabrera & Miguel Gallego
• TapTrap Animation-Driven Tapjacking on Android
  • USENIX Security 2025 By Philipp Beer, Marco Squarcina, TU Wien, Sebastian Roth, Martina Lindorfer & TU Wien
• Decoding Signal: Understanding the Real Privacy Guarantees of E2EE
  • Black Hat USA 2025 By Ibrahim El-sayed
• Practical Heap Exploitation Against Android’s Scudo
  • Mobile Hacking Lab Con 2026 - by Simon Janz
• Breaking into Mobile Phones for Law Enforcement
  • Mobile Hacking Lab Con 2026 - by Gersi Hajrullahi
• Mobile Security Theater: Common Issues in Mobile Products
  • Mobile Hacking Lab Con 2026 - by Miłosz Gaczkowski
• Countering Forensics Software by Baiting Them
  • DEFCON 33 by Weihan Goh, Joseph Lim & Isaac Soon
• 39C3 - DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
  • 39th Chaos Communication Congress 2025 by Zhongrui Li, Yizhe Zhuang, Kira Chen
• Know Your Customer (KYC) - How reliable is facial recognition in mobile applications?
  • Ekoparty 2025 by Juan Urbano
• God Mode Mobile: Exploiting Mobile Apps With Game Cheats
  • Ekoparty 2025 by Bruno Sena
• Examining Access Control Vulnerabilities in GraphQL: A Feeld Case Study
  • DEFCON 33 by Bogdan Tiron
• Should We Chat, Too? Security Analysis of WeChat’s MMTLS Encryption Protocol
  • Black Hat Asia 2025 by Pellaeon Lin, Mona Wang, Jeffrey Knockel
• Watch Your Phone: Novel USB-Based File Access Attacks Against Mobile Devices
  • Black Hat Asia 2025 By Florian Draschbache,Lukas Maar
• Mini-App But Great Impact: New Ways to Compromise Mobile Apps
  • Black Hat Asia 2025 By Wei Wen, Xiangyu Cao, Jiangchunxi Hou, Zixi Liao, Yingyan Song, Zhongcheng Li, Yijie Zhao, Bin Ma
• The Age of Zygote Injection
  • BSidesLV 2025 by Florentine A
• Who Scans the Scanner? Exploiting Trend Micro Mobile Security
  • BSidesLV 2025 by Lucas Carmo
• Chainspotting 2: The Unofficial Sequel to the 2018 Talk “Chainspotting”
  • OffensiveCon25 by Ken Gannon
• Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface
  • Black Hat USA 2024 By: Qinrun Dai Fan Yang, Haikuo Xie
• Xiaomi The Money : Our Toronto Pwn2Own Exploit & BTS Story
  • DEFCON 32 by Ken Gannon, Ilyes Beghdadi
• Breaking network crypto in popular Chinese keyboard apps
  • DEFCON 32 by Jeffrey Knockel, Mona Wang
• Beyond Android MTE: Navigating OEM’s Logic Labyrinths
  • OffensiveCon24 by Joffrey Guilbon, Max, Mateusz Fruba and Georgi Geshev
• Privacy Detective: Sniffing Out Your Data Leaks for Android
  • Black Hat Asia 2024 By Zhengyang Zhou,Yiman He, Ning Wang, Xianlin Wu & Feifei Chen
• SystemUI As EvilPiP: The Hijacking Attacks on Modern Mobile Devices
  • Black Hat Asia 2024 By WeiMin Cheng & Yue Li
• Attacking Debug Modules In The Android Ecosystem
  • Black Hat Asia 2024 by Lewei Qu
• The Living Dead: Hacking Mobile Face Recognition SDKs with Non-Deepfake Attacks
  • Black Hat USA 2023 by By: Wing Cheong Lau , Kaixuan Luo , Xianbo Wang
• Hacking & Securing Android Applications
  • OWASP 2023 Global AppSec DC by Daniel Llewellyn
• SigMorph: Covert Communication Exploiting Android Signing Schemes
  • Nullcon Goa 2023 by by Ayan Saha And Achute Sharma
• Android Parcels: The Bad, the Good and the Better
  • Black Hat Europe 2022 by Hao Ke, Bernardo Rufino, Maria Uretsky, Yang Yang
• Unix Domain Socket: A Hidden Door Leading to Privilege Escalation in the Android Ecosystem
  • Black Hat Asia 2022 By: Dongxiang Ke, Lewei Qu, Han Yan & Daozheng Lin
• TiYunZong Exploit Chain to Remotely Root Modern Android Devices
  • Black Hat USA 2020 by Guang Gong
• Android Bug Foraging
  • DEF CON 28 Safe Mode AppSec Village by Pedro Umbelino ,João Morais
• Simple Spyware: Android’s Invisible Foreground Services
  • Black Hat Europe 2019 by Thomas Sutter and Bernhard Tellenbach
• TR19: Hitting the Gym: The Anatomy of a Killer Workout
  • TROOPERS19 by Dimitrios Valsamaras

Android Permissions & Privileges

• Bypassing Intent Destination Checks, LaunchAnyWhere Privilege Escalation
  • DEFCON 33 by Qidan He
• The Permission Slip Attack, Leveraging a Confused Deputy in Android with ‘pSlip’
  • Shmoocon 2025 by Edward Warren
• Bypassing Android Permissions From All Protection Levels
  • DEFCON 30 by Nikita Kurtin
• Permissionless Android Universal Overlays
  • InsomniHack 2023 by Dimitrios Valsamaras
• Still Vulnerable Out of the Box: Revisiting the Security of Prepaid Android Carrier Devices
  • DEFCON 31 by Ryan Johnson
• Hacking Android Foreground Services Escalation Of Privileges
  • Nullcon Goa 2022 by Rony Das
• Dissecting Huawei Mobile Devices
  • HEXACON2022 by Maxime Peterlin & Alexandre Adamski
• Re-route Your Intent for Privilege Escalation: A Universal Way to Exploit Android PendingIntents in High-profile and System Apps
  • Black Hat Europe 2021 by En He
• Start Arbitrary Activity App Components as System User: Vulnerability Affecting Samsung Android Devices
  • Black Hat Asia 2022 by Ryan Johnson, Mohamed Elsabagh, Angelos Stavrou
• (UN)protected Broadcasts in Android 9 & 10
  • Black Hat Asia 2021 by Ryan Johnson
• Vulnerable Out of the Box - Evaluation of Android Carrier Devices
  • DEF CON 26 by Ryan Johnson & Stavrou

Android Webviews & Javascript Interfaces

• Tracking You Across Apps and the Web Hydra-Style
  • Black Hat USA 2025 By Malte Wessels
• Deeplinks, URIs, and WebViews:URI Validation Pitfalls and Consequences
  • Mobile Hacking Lab Con 2026 - by Lyes Mouloudi
• AutoSpill: Zero Effort Credential Stealing from Mobile Password Managers
  • Black Hat Europe 2023 by By: Ankit Gangwal , Shubham Singh , Abhijeet Srivastava
• The Tangled Webview - Javascriptinterface Once More
  • Black Hat Asia 2021 by Ce Qin
• Using Android WebViews to Steal All the Files
  • Shmoocon 2020 by Jesson Soto Ventura

Android Reverse Engineering & Obfuscation

• Translating Mobile App Security Lessons To The Flutter Stack
  • BSidesMunich 2025 by Samuel Hopstock
• The Complexity Of Reversing Flutter Applications
  • Nullcon Berlin 2024 by Axelle Apvrille
• Beyond Java: Obfuscating Android Apps with Native Code
  • TROOPERS23 by Laurie Kirk
• Runtime Riddles: Manipulation Points in the Android Source
  • DEFCON 31 by Laurie Kirk
• The ART of Runtime Based Obfuscation in Android
  • Kernelcon 2023 by Laurie Kirk
• Unmasking the Godfather - Reverse Engineering the Latest Android Banking Trojan
  • Strange Loop Conference 2023 by Laurie Kirk
• Dissecting the Modern Android Data Encryption Scheme
  • Recon 2023 by Maxime Rossi and Damiano Melotti
• Endoscope: Unpacking Android Apps with VM-Based Obfuscation
  • Black Hat USA 2023 By: Fan Wu , Xuankai Zhang
• ADBHoney: Low interaction honeypot designed for Android Debug Bridge
  • Android Security Symposium 2020 by Gabriel Cirlig
• Securing the System: Reversing Android Pre-Installed Apps
  • Black Hat USA 2019 by Maddie Stone
• CVE-2019-3568 What’s Up with WhatsApp A Detailed Walk Through of Reverse Engineer
  • Jailbreak Security Summit 2019 by Maddie Stone

Android Bluetooth Security

• Fighting Cavities: Securing Android Bluetooth by Red Teaming
  • OffensiveCon25 by Jeong Wook Oh, Rishika Hooda and Xuan Xing
• Deep into Android Bluetooth Bug Hunting: New Attack Surfaces & Code Patterns
  • Black Hat Europe 2022 by Zinuo Han
• Stealthily Access Android Phones: Bypass the Bluetooth Authentication
  • Black Hat USA 2020 by Sourcell Xu and Xin Xin

Payment Systems & ATMs

• Evolution of NFC Threats
  • Mobile Hacking Lab Con 2026 - by Lukas Stefanko
• Contactless Overflow Code Execution in Payment Terminals & ATMs
  • DEFCON 31 by Josep Rodriguez
• Turning my virtual wallet into a skimming device
  • DEFCON 31 by Borgogno, Barrionuevo
• How an android application can drain your wallet
  • Bsides Lisbon 2022 by Dimitrios Valsamaras
• Mining and Exploiting (Mobile) Payment Credential Leaks in the Wild
  • Black Hat USA 2021 by Wing Cheong Lau, Shangcheng Shi & Xianbo Wang

Android Malware & Surveillance

• Breaking Chains: Hacking Android Key Attestation[Malware Research]
  • Black Hat USA 2025 by Alex Gonzalez
• Into the Vo1d Hunting a Botnet Hidden in TV Boxes
  • Bsides Lisbon 2025 by André Tavares
• From Impersonation to Exploitation: A look at Mobile Malware Campaigns
  • BSides Capetown 2025 by Brent Shaw & Dr Roboto
• Hunting potential C2 commands in Android malware via Smali string comparison and control flow
  • Virus Bulletin Conference 2025 by - JunWei Song
• Carding is Dead, Long Live Carding
  • DEFCON 33 by - Federico Valentini, Allesandro Strino
• Operation BlackEcho: Voice Phishing Using Fake Financial and Vaccine Apps
  • Black Hat Asia 2025 by Hyeji Heo, Sungchan Jang, Byungwoo Hwang, Jinyong Byun, Kuyju Kim
• Defending Against The Shadows: GoldDigger And The New Rules Of Mobile Threats
  • BSides Joburg 2025 by Christoff Jacobs
• Keynote: The Mobile Malware Maze
  • BruCON 0x0F by Axelle Apvrille
• Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea
  • Black Hat Europe 2024 by Kristina Balaam, Kyle Schmittle & Alemdar Islamoglu
• When Malware Becomes Creative - Dimitrios Valsamaras and José Leitão
  • BSides Lisbon 2024 by Dimitrios Valsamaras and José Leitão
• Revisiting Stealthy Sensitive Information Collection from Android Apps
  • Black Hat Asia 2023 by Guangdong Bai, Guangshuai Xia, Qing Zhang
• Monitoring Surveillance Vendors: In-the-Wild Android Full Chains in 2021
  • Black Hat USA 2022 by Xingyu Jin, Richard Neal, Christian Resell, Clement Lecigne
• PRC’s Use of Mobile Surveillance for Tracking the Uighur population in China and Abroad
  • CYBERWARCON 2022 by Kristina Balaam
• A Deep Dive into Privacy Dashboard of Top Android Vendors
  • Black Hat Europe 2021 by Bin Ma, Xiangxing Qian, Wei Wen & Zhenyu Zhu
• A Mirage of Safety Bug Finding & Exploit Techniques of Top Android Vendor’s Privacy Protection Apps
  • Black Hat Asia 2021 by Huiming Liu & Xiangqian Zhang
• Can You Hear Me Now? Remote Eavesdropping Vulnerabilities in Mobile Messaging Applications
  • Black Hat USA 2021 by Natalie Silvanovich
• #HITBLockdown002 D1T1 - Zen: A Complex Campaign of Harmful Android Apps - Łukasz Siewierski
  • Hack In The Box Security Conference Lockdown 2021 by Łukasz Siewierski
• Android malware targeting Belgian Financial apps
  • BruCON 0x0D 2021 by Jeroen Beckers
• Vulnerabilities discovered in Android stalkerware
  • Ekoparty 2021: Mobile Hacking by Lukas Stefanko
• Android COVID-19 threats
  • Ekoparty 2020: Mobile Hacking Village by Lukas Stefanko
• BAD BINDER: Finding an Android in the Wild 0day
  • OffensiveCon20 by Maddie Stone
• Chamois: The Most Impactful Android Botnet of 2018
  • Security Analyst Summit 2019 by Maddie Stone

Android Hardware Vectors

• Hardwear.io NL 2025: Overflow not needed: faulting a smartphone SOC into a ROP chain at EL3
  • Hardwear.io NL 2025 by Charles Christen and Léo Benito
• Unveiling the Mysteries of Qualcomm’s QDSP6 JTAG: A Journey into Advanced Theoretical Reverse Engineering
  • Black Hat Asia 2025 by Alisa Esage
• 39C3 - Reverse engineering the Pixel TitanM2 firmware
  • 39th Chaos Communication Congress 2025 by willem
• Hardwear.io NL 2025: Glitching Google’s TV Streamer From Adb To Root
  • Hardwear.io NL 2025 by Niek Timmers
• Extracting the unseen: Real-world RAM acquisition and analysis from Android devices
  • SANS DFIR Europe SUMMIT 2025 by Alex Coley
• Hardwear.io NL 2025: EL3vated Privileges: Glitching Google Wifi Pro From Root To EL3
  • Hardwear.io NL 2025 by Cristofaro Mane
• Hardwear.io NL 2024: Google Nest Wifi Pro Bypassing Android Verified Boot
  • Hardwear.io NL 2024 by Sergei Volokitin
• Becoming The Evil Maid: Hacking Android Disk Encryption For Fun And Profit
  • BSidesMunich 2024 by David Gstir
• Dissecting The Modern Android Data Encryption Scheme
  • Hardwear.io NL 2023 by Maxine Rossi
• Physical Attacks Against Smartphones
  • DEFCON 31 by Christopher Wade
• Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip
  • Black Hat USA 2022 by: Damiano Melotti , Maxime Rossi Bellom
• The Hidden RCE Surfaces That Control the Droids
  • Black Hat ASIA 2022 by: By: Qidan He & Juntao Wu
• Breaking The Impossible: Bypassing Android’s Secure Hardware Backed Attestation
  • BSides Basingstoke 2022 by Joseph Foote

Android GPU Attacks

• 39C3 - Build a Fake Phone, Find Real Bugs: Qualcomm GPU Emulation and Fuzzing with LibAFL QEMU
  • 39th Chaos Communication Congress 2025 by Romain Malmain
• Walkthrough of an N day Android GPU driver vulnerability
  • BSides Perth 2025 by Angus
• The Way to Android Root: Exploiting Your GPU on Smartphone
  • Black Hat USA 2024 By: Xiling Gong, Google Xuan Xing, Eugene Rodionov
• The Way To Android Root: Exploiting Smartphone GPU
  • DEFCON 32 by Xiling Gong, Eugene Rodionov
• Make KSMA Great Again: The Art of Rooting Android Devices by GPU MMU Features
  • Black Hat USA 2023 By: Yong Wang
• Bad io_uring: A New Era of Rooting for Android
  • Black Hat USA 2023 By: Zhaofeng Chen , Kang Li , Zhenpeng Lin , Xinyu Xing
• New Phones, Software & Chips = New Bugs?
  • OffensiveCon23 by Martijn Bogaard
• Evils in the Sparse Texture Memory: Exploit Kernel Based on Undefined Behaviors of Graphic APIs
  • Black Hat Europe 2023 by By: Xingyu Jin , Tony Mendez , Richard Neal
• Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
  • Black Hat USA 2022 by Jon Bottarini, Xingyu Jin, Richard Neal

Baseband Attacks

• Uncovering ‘NASty’ 5G Baseband Vulnerabilities through Dependency-Aware Fuzzing
  • Black Hat USA 2025 by Ali Ranjbar, Tianchang Yang, Saaman Khalilollahi ,Kanika Gupta , Syed Rafiul Hussain
• No Signal, No Security: Dynamic Baseband Vulnerability Research
  • OffensiveCon25 by Daniel Klischies and David Hirsch
• Overcoming State: Finding Baseband Vulnerabilities by Fuzzing Layer-2
  • Black Hat USA 2024 by Dyon Goos
• How to Hack Shannon Baseband (from a Phone)
  • OffensiveCon23 by Natalie Silvanovich
• Over the Air, Under the Radar: Attacking and Securing the Pixel Modem
  • Black Hat USA 2023 by Xiling Gong , Farzan Karimi , Eugene Rodionov , Xuan Xing
• Embedded Threats
  • OffensiveCon23 by Markus Vervier
• A walk with Shannon: A walkthrough of a pwn2own baseband exploit - Amat Cama
  • InsomniHack 2018 by Amat Cama

Hard-Coded Credentials & Adjacent Attacks

• How we hacked a multinational corp for $200 with whats in our pockets
  • BSidesNYC 0x05 by - Tim Shipp
• Hacking Furbo: A Pet Project
  • DEFCON 33 by - Julian and Calvin Star
• Double Tap at the Blackbox: Hacking a Car Remotely Twice with MiTM
  • Black Hat Asia 2025 By Yingjie Cao & Xinfeng Chen
• Hacking Trains
  • Nullcon Berlin 2024 by Jaden Furtado
• Hacking Arcades for Fun
  • BSides Las Vegas 2024 by Ignacio Navarro
• Open, Sesame!" Unlocking Bluetooth Padlocks With Kind Requests - Miłosz Gaczkowski & Alex Pettifer
  • BSides London 2023 by Miłosz Gaczkowski & Alex Pettifer

Android Kernel Exploits

• How to Fuzz Your Way to Android Universal Root: Attacking Android Binder
  • OffensiveCon24 by Eugene Rodionov,Zi Fan Tan and Gulshan Singh
• LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules
  • Black Hat Asia 2024 By Chao Ma, Han Yan & Tim Xia
• Game of Cross Cache: Let’s win it in a more effective way
  • Black Hat Asia 2024 By Le Wu & Qi Zhang
• Driving Forward in Android Drivers: Exploring the future of Android kernel hacking.
  • Shmoocon 2024 by Seth Jenkins
• Exploiting Samsung: Analysis of an in-the-wild Samsung Exploit Chain
  • Ekoparty 2022 by Maddie Stone
• Elevating The TrustZone To Achieve A Powerful Android Kernel Exploit
  • Nullcon Goa 2022 by Tamir Zahavi
• Racing Against the Lock: Exploiting Spinlock UAF in the Android Kernel
  • OffensiveCon23 by Moshe Kol
• ExplosION: The Hidden Mines in the Android ION Driver
  • Black Hat Asia 2022 by Le Wu, Xuen Li, Tim Xia
• Lost in Conversion: Exploit Data Structure Conversion with Attribute Loss to Break Android Systems
  • USENIX Security 2023 by Rui Li
• Attacking the Samsung Galaxy A Boot Chain
  • OffensiveCon24 by Maxime Rossi Bellom, Damiano Melotti, Raphael Neveu, Gabrielle Viala
• Bug Hunting S21’s 10ADAB1E FW
  • OffensiveCon22 by Federico Menarini and Martijn Bogaard
• Breaking Samsung’s Root of Trust: Exploiting Samsung S10 Secure Boot
  • Black Hat USA 2020 by By Cheng-Yu Chao, Hung Chi Su and Che-Yang Wu

Input Validation & Path Traversal Attacks

• My Other ClassLoader is Your ClassLoader Reloaded: Reviving Parcelable Objects
  • Nullcon Berlin 2025 by Dimitrios Valsamaras
• QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share
  • Black Hat Asia 2025 By QuickShell: Sharing is Caring About an RCE Attack Chain on Quick Share
• Breaking into Android IPC Mechanisms Through Advanced AIDL Fuzzing
  • Bsides Ahmedabad 2025 by Rajanish Pathak & Hardik Mehta
• My other ClassLoader is your ClassLoader: Creating evil twin instances of a class:
  • No Hat 2024 by Dimitrios Valsamaras
• Dirty Stream Attack, Turning Android Share Targets Into Attack Vectors
  • Black Hat Asia 2023 by Dimitrios Valsamaras
• Path traversal attacks on Android
  • Ekoparty 2023: Mobile Hacking Village by Lukas Stefanko
• Bugfinding & Exploit Techniques Android File Transfer Apps
  • DEF CON 27 by Xiangqian Zhang

Android Ecosystem & Supply Chain Security

• Android Security and Countersurveillance With GrapheneOS
  • BSides Seattle 2026 by Andrew Lebedinsky
• Doppelgänger Devices: Investigating Fake iPhones & Security Implications
  • BSides Joburg 2025 by Ansie Brough
• Hack, Patch, Repeat: Insider Tales from Android’s Bug Bounty
  • BSidesSF 2025 by Maria Uretsky, Camillus Cai
• Vulnerabilities in the eSIM download protocol
  • Black Hat Europe 2024 by Abu Shohel Ahmed, Tuomas Aura
• 38C3 - Ultrawide archaeology on Android native libraries
  • 38th Chaos Communication Congress 2024 by Rokhaya Fall, Luca Di Bartolomeo (cyanpencil)
• Keys to the City: The Dark Trade-Off Between Revenue and Privacy in Monetizing SDKs
  • hack.lu 2024 by Dimitrios Valsamaras and José Leitão
• When Exploits Aren’t Binary - Keynote
  • BSides Canberra 2023 by Maddie Stone
• A Very Powerful Clipboard Analysis of a Samsung in-the-wild exploit chain
  • Ekoparty 2022 by Maddie Stone
• 0-day In-the-Wild Exploitation in 2022…so far.
  • FIRST 2022 by Maddie Stone
• HITB2021AMS KEYNOTE 2: The State Of Mobile Security
  • Hack In The Box Security Conference Amsterdam 2020 by Zuk Avraham