Centered on user data security and privacy, we conduct research and open our tech capabilities to developers, building an information‑security fortress for partners and users and safeguarding OPPO device security.
This article introduces the Google‑maintained honggfuzz fuzzing engine, explains how to integrate it into the Android AOSP build, run multi‑threaded fuzzing on devices, and dives into the core source modules, coverage sharing mechanisms, and the extensive mutation strategies that power its effectiveness.
This article analyzes the BLUFFS vulnerability disclosed at ACM CCS 2023, detailing how the legacy Bluetooth security mechanism (LSC) allows attackers to manipulate authentication and key‑generation parameters, leading to forward‑secrecy and future‑secrecy breaches, and evaluates the impact across devices supporting Bluetooth 4.2‑5.4.
This article explains how Android AIDL and HIDL services are generated, outlines systematic steps to enumerate services, filter Java implementations, and automate information gathering, then details common memory‑corruption bug patterns and demonstrates real CVE‑2023‑21008 and CVE‑2023‑20766 exploits, concluding with a risk assessment.
This article explains how Android malicious anti‑kill techniques exploit foreground services to keep processes alive, outlines the Low Memory Killer mechanism, details process priority values, presents real CVE examples, and offers mitigation strategies for developers and security researchers.
The 2024 China Academy of ICT deep‑observation summit in Shanghai unveiled OPPO’s new white paper on trustworthy mobile application technology, highlighting how large language models enhance smart terminal security, outlining industry trends, and outlining future directions for secure, intelligent mobile ecosystems.
At the 7th Cloud Security Alliance Greater China Conference, OPPO’s security chief outlined the challenges of global smart‑device compliance and shared a BSIMM‑based framework for building robust enterprise security systems that bridge legal, technical, and operational hurdles.
This article explains the fundamentals of Android Binder services, categorizes Origin, AIDL, HIDL, and Vendor types, describes methods for locating services, and details common vulnerability patterns such as uninitialized memory, out-of-bounds reads/writes, and type confusion, illustrated with real CVE cases and mitigation insights.
This article details the methodology for discovering and analyzing Android local socket service vulnerabilities, outlines prerequisite skills, explains service classifications, demonstrates data‑handling function tracing, and presents a CVE‑2023‑35694 case study, highlighting common flaw types and mitigation insights.
This article explains the Bluetooth SIG’s random MAC address technology, details the three BLE address types and Android’s implementation, then analyzes three Android BLE security CVEs that exploit IRK handling and address exposure, highlighting privacy implications and mitigation challenges.
This article explains the architecture, core principles, and implementation details of Syzkaller, the coverage‑guided kernel fuzzing framework, and shows how it is set up and runs on Android devices to discover kernel vulnerabilities efficiently.
