s
shazzvenom

Shahzeb Akhtar

@shazzvenom

Mobile App Security Researcher,Android iOS Penetration Tester,Bug Bounty Hunter

Pakistan
English
About me
Mobile security researcher specializing in Android & iOS penetration testing and binary vulnerability research. I find real vulnerabilities through static and dynamic analysis — APK/IPA decompilation, Frida instrumentation, ADB intent fuzzing, traffic interception, and AArch64 binary inspection. Past findings: hardcoded credentials, exposed Firebase keys, unauthenticated exported components, weak crypto in financial SDKs, OAuth plaintext leaks. I deliver clear, reproduction-ready vulnerability reports. Active on Google VRP, Intigriti & HackerOne.... Read more

Skills

s
shazzvenom
Shahzeb Akhtar
Offline • 
Average response time: 1 hour

See my services

Software Testing
I will audit your android or ios app for security vulnerabilities
From$25 / projectMore details
Software Testing
I will perform android and ios mobile app penetration testing
From$25 / projectMore details

Work experience

Independent Mobile Security Researcher

Mobile Academics • Self-employed

Feb 2024 - Present2 yrs 3 mos

I conduct professional security audits of Android and iOS mobile applications and OS-level binaries for responsible disclosure on Google Android VRP, Intigriti, and HackerOne. Key projects completed: • Botim Messenger (Android v4.8.1 + iOS v4.7.1): Full static and dynamic security audit. 141 total vulnerabilities found (Android: 101, iOS: 40) including hardcoded Firebase API keys confirmed live, unauthenticated exported components exploitable via ADB intent fuzzing, plaintext PayBy/KYC OAuth credential leakage via logcat, WebView JavaScript bridge injection, and ByteDance/Pangle tracker exfiltration confirmed via live traffic capture. Professional DOCX reports generated. • Talabat (Android + iOS v13.38.0): Static analysis of a major MENA food delivery platform. 55 total findings including exposed Braze API keys, Google Maps key (base64 encoded — zero protection), full Firebase credential chain, Incognia behavioral biometrics SDK with background location collection, Chinese SDK presence (Tencent/Baidu) undisclosed to users, and unprotected Checkout.com payment activity exported without permission guard. • Noon iOS (com.noon.buyerapp): 26 findings including hardcoded Google API keys, full Firebase credential exposure, React Native JS bundle exposure, and Storybook left in production build. • iOS 26.3 Kernelcache (xnu-12377.82.2, ARM64e PAC): Static binary analysis of Apple's production kernelcache. Identified 7 ranked vulnerability leads including AppleAVD heap overflow, IOSurface integer overflow class (same CVE class as CVE-2022-32917), AGX GPU driver integer overflow, and AVE2 zero-click encoder overflow. 316 kexts and 694 IOUserClient subclasses inventoried. • Android 16 AOSP System Binaries: Deep static analysis of AOSP Android 16 (AArch64) system image across 35+ analysis phases. ~18 vulnerabilities identified including libsonic.so heap overflow, libexif integer overflow, vold privilege escalation chain, libstagefright ASLR bypass via format string leaks,