We provide advanced security consulting services for your Android Apps. We are proficient in finding vulnerabilities and potential critical security issues in your app. AndroBugs makes sure every component in your app is secure enough and your logic is correct with no security flaws for hackers to exploit. We are giving you a chance to try it now, you may find something in your app that you may have never notice before.

Our Responsibility

Once we have found any vulnerabilities in your apps, we will give you a complete and detailed description to help you solve the potential security issues. If necessary, we will give you the PoC code to demonstrate the effect of the vulnerabilities we have found in your app.

Android App ≠ Web App

For web apps, you can fix the security issues immediately on your server. But for Android apps, your apps may have already been deployed to more than hundreds of thousands of devices by the time you find vulnerabilities.

No Source Code

To protect the code safety of your app, you DO NOT need to give us your Java or C/C++ source code. You only need to give us your Android APK file.

Keeping It Confidential

If we find any vulnerabilities in your Android app, we will keep it confidential and will never publicly disclose it unless you allow us to do.

It All Depends On You

We closely cooperate with you, give you suggestions and complete steps to solve the security issues. But it all depends on you to make the changes or not.

Not Only Security

We not only give you the vulnerabilities mitigation advices, but also give you performance improvement suggestions and preferable settings in your apps.

3rd-party Libraries

How do you know if one day you are hacked by HeartBleed vulnerabilities because you use the 3rd-party library - OpenSSL?
AndroBugs also helps you check the security of the 3rd-party libraries you are using.

No More Hackers

We have several techniques to help your app against Reverse Engineering or being repackaging by hackers.

Our Responsible Disclosure:

We found security issues in Android products or mobile web apps by the following companies and made responsible disclosure about them.
You can now find our name("AndroBugs" or "Yu-Cheng") on their Security Hall of Fame or Acknowledgement List.
Company Hall of Fame (or Acknowledgement List) Additional Information
If you do not want your company listed here, please contact us.
Google Android Including Google Chrome and
apps in AOSP.
Facebook Android SDK by Facebook and
Facebook Bug Bounty Payment Website
Twitter Twitter Mobile Web
Including Office Mobile and Bing
Alibaba(阿里巴巴) Security issues in Taobao and Alipay.
Rank top 4 in April, 2014.
AT&T Rank top 10 in 2Q2015 & 2Q2014.
Yandex Including iOS app by Yandex.
Sina(新浪微博) Rank top 8 in April, 2014.
Tencent(腾讯) A vulnerability in Android SDK by Tencent.
Wickr Several vulnerabilities in Wickr Android.
Tesla Motors
LINE WhosCall A vulnerability in LINE WhosCall.

Why Is Application Security Crucial?