Blog posts

Home > Blog

Launching Internal & Non-Exported Deeplinks On Facebook

It was possible to override the main UI of Facebook for Android (FB4a) by launching the activity FbMainTabActivity including some additional extras which result in a new music bar being attached across the bottom of the screen.

read more

ShazLocate! Abusing CVE-2019-8791 & CVE-2019-8792

I found a vulnerability in the popular Shazam application that allowed an attacker to steal the precise location of a user simply by clicking a link! This was probably one of my most underrated vulnerabilities yet..

read more

Downloading any file via Facebook for Android - $750 bounty

The Facebook android app utilises deeplinks throughout the whole application. I stumbled upon a deeplink which opens any given video url in your default media app, expected...

read more

Making the Facebook app more secure - $8500 bounty

Whilst working on the Facebook Bug Bounty Program in June 2018 we had identified an issue with the webview component used in the Facebook for Android application. The vulnerability would allow an attacker to execute...

read more

about me

26 year old multistack developer & security researcher based in Gosport, UK. I like to blog about interesting vulnerabilities I come across, when allowed 🙄

contact me.

Questions | Feedback | Pentesting | Development Enquiries. Get in touch and I'll get back to you as soon as possible!


Software Development Manager @
Saphire Solutions Ltd

email address:



my location:

United Kingdom