Author

OPPO Amber Lab

Centered on user data security and privacy, we conduct research and open our tech capabilities to developers, building an information‑security fortress for partners and users and safeguarding OPPO device security.

Articles

Likes

Views

Comments

Latest from OPPO Amber Lab

63 recent articles

OPPO Amber Lab

Oct 20, 2023 · Mobile Development

How Hybrid Apps Communicate: Mechanisms, Risks, and Secure Practices

This article explains the core principles of Hybrid app communication between WebView and native code, outlines common implementations such as Google’s JavaScriptInterface and JSBridge, identifies critical security risks, presents a real‑world vulnerability example, and offers practical mitigation and reverse‑engineering guidance.

Hybrid AppJSBridgeJavaScriptInterface

0 likes · 11 min read

How Hybrid Apps Communicate: Mechanisms, Risks, and Secure Practices

OPPO Amber Lab

Sep 27, 2023 · Information Security

Uncovering Android Sensor Types, Permissions, and Hidden Security Vulnerabilities

This article explains the variety of sensors built into modern Android smartphones, how developers access them via the SensorManager API, the required permissions, and analyzes several memory, logic, and side‑channel vulnerabilities that expose user privacy and system integrity.

AndroidPermissionsSensors

0 likes · 16 min read

Uncovering Android Sensor Types, Permissions, and Hidden Security Vulnerabilities

OPPO Amber Lab

Sep 26, 2023 · Fundamentals

Join the 18th China Linux Kernel Conference: Call for Papers & Event Details

The 18th China Linux Kernel Developers Conference (CLK) will take place on October 28, 2023 in Shenzhen, featuring a call for papers on topics such as hardware architectures, scheduling, memory management, storage, networking, virtualization, performance, testing, and more, with submission deadlines from September 22 to October 10.

ConferenceLinux kernelSubmission

0 likes · 4 min read

Join the 18th China Linux Kernel Conference: Call for Papers & Event Details

OPPO Amber Lab

Sep 15, 2023 · Mobile Development

Master Android Fragments: Basics, Lifecycle, Communication & Common Vulnerabilities

This article introduces Android Fragments—explaining their purpose, core functions, static and dynamic integration methods, detailed lifecycle stages, various communication patterns, and a typical security flaw involving arbitrary URL handling—providing developers and security researchers with practical insights and mitigation ideas.

AndroidFragmentLifecycle

0 likes · 10 min read

Master Android Fragments: Basics, Lifecycle, Communication & Common Vulnerabilities

OPPO Amber Lab

Aug 25, 2023 · Fundamentals

Unlocking AMR: Parsing AOSP and Vendor Audio Formats with 010 Editor

This article explains how to analyze AOSP's generic container format and vendor‑specific AMR audio files using 010 Editor, covering the format's background, file header magic numbers, data frame structure, and a practical template implementation that aids reverse engineering and fuzzing.

010 EditorAMRaudio format

0 likes · 11 min read

Unlocking AMR: Parsing AOSP and Vendor Audio Formats with 010 Editor

OPPO Amber Lab

Aug 18, 2023 · Information Security

How to Build TA‑to‑TA Communication in Qualcomm’s QSEE Trusted Execution Environment

This guide explains the fundamentals of Trusted Execution Environments, introduces ARM TrustZone and Qualcomm's QSEE, and provides step‑by‑step instructions—including IDL creation, service implementation, and client integration—to establish secure TA‑to‑TA communication with practical code examples and troubleshooting tips.

arm trustzoneqseesecure enclave

0 likes · 10 min read

How to Build TA‑to‑TA Communication in Qualcomm’s QSEE Trusted Execution Environment

OPPO Amber Lab

Aug 11, 2023 · Information Security

How Android’s Shadow Call Stack Strengthens Kernel Security

This article explains Android's Shadow Call Stack (SCS) security mechanism, its hardware dependencies, enabling methods, and how it protects return addresses on AArch64 kernels, illustrated with code examples and real‑world deployment results.

Android SecurityKernel HardeningLLVM

0 likes · 6 min read

How Android’s Shadow Call Stack Strengthens Kernel Security

OPPO Amber Lab

Aug 1, 2023 · Information Security

AI, Bluetooth, and Database Fuzzing: Key Insights from ACM China Turing 2023

The 2023 ACM China Turing Conference in Wuhan gathered leading experts to discuss AI‑driven security, Bluetooth protocol flaws, database fuzz testing, mobile LLM threats, and proactive privacy computing, highlighting emerging challenges and collaborative solutions for trustworthy intelligent systems.

AI securityBluetooth vulnerabilitiesdatabase fuzzing

0 likes · 7 min read

AI, Bluetooth, and Database Fuzzing: Key Insights from ACM China Turing 2023

OPPO Amber Lab

Jul 28, 2023 · Information Security

How Mismatched Parcelable Read/Write Leads to Android Exploits and How to Fix Them

This article examines how inconsistencies between Parcelable serialization and deserialization in Android's Binder/Parcel mechanism can cause data misalignment, enabling attackers to craft malicious Bundles that bypass checks, and outlines various exploitation scenarios and mitigation strategies introduced in recent Android releases.

AndroidBinderExploit

0 likes · 17 min read

How Mismatched Parcelable Read/Write Leads to Android Exploits and How to Fix Them

OPPO Amber Lab

Jul 21, 2023 · Information Security

How ServiceFuzzer Enhances Android Native Service Security with libFuzzer

This article explains how Android native services can be securely fuzzed using libFuzzer and the ServiceFuzzer framework, detailing the architecture, instrumentation, and practical improvements that boost code‑coverage and vulnerability detection while addressing the limitations of traditional native service fuzzing.

AndroidNative ServicesServiceFuzzer

0 likes · 14 min read

How ServiceFuzzer Enhances Android Native Service Security with libFuzzer