Centered on user data security and privacy, we conduct research and open our tech capabilities to developers, building an information‑security fortress for partners and users and safeguarding OPPO device security.
This article examines the complexity of the Bluetooth protocol stack, focusing on Android’s Host layer vulnerabilities, and provides detailed analyses of three critical CVEs—CVE‑2020‑27024 (SMP), CVE‑2021‑0918 (GATT), and CVE‑2021‑39805 (L2CAP)—including protocol overviews, code excerpts, and exploitation paths.
Researchers dissect the DirtyPipe (CVE‑2022‑0847) Linux kernel flaw affecting Android, explaining its uninitialized flag bug in splice, the patch changes, and detailed exploitation techniques that modify read‑only .so files to achieve arbitrary writes, bypass SELinux, and ultimately obtain root privileges.
This article analyzes a high‑risk Android Intent‑redirection vulnerability discovered in a smart‑terminal app, explains how attackers can gain system privileges to launch arbitrary activities, and outlines concrete mitigation steps for developers and security professionals.
This article compiles ten recent security incidents—including Android malware families, Wi‑Fi router flaws, IoT firmware analysis, and privacy‑compliance updates—providing concise descriptions and direct links to the original reports for each threat.
This article explains Java's reflection mechanism, details how deserialization flaws in libraries like Apache Commons Collections and Fastjson allow attackers to craft malicious objects that trigger arbitrary command execution, and provides practical proof‑of‑concept steps and mitigation recommendations.
This roundup highlights the latest critical security flaws—from Chrome zero‑day exploits and Android malware to GitLab RCE attacks—alongside important privacy compliance news such as new personal data protection laws and major fines for Apple and Google.
This article examines three Android 11 security vulnerabilities—CVE‑2021‑0485’s picture‑in‑picture resizing flaw, CVE‑2021‑0521’s unprotected package‑visibility API, and CVE‑2021‑0645’s storage‑access bypass—detailing their causes, code examples, and the patches Google released to mitigate them in practice.
The 2021 Pan‑Terminal Security Workshop, jointly organized by the China Computer Federation and OPPO at Xi'an Jiaotong University, gathered leading academics and industry experts to discuss AI‑driven security, kernel protection, and blockchain finance, offering livestream access and video recordings for the research community.
This guide walks you through the fundamentals of fuzz testing, demonstrating how to install, configure, and use popular tools like AFL and Honggfuzz on Ubuntu to detect buffer overflows, illegal memory accesses, and other security vulnerabilities in C programs, complete with code examples and result analysis.
At the 2021 ACM China Turing Conference in Hefei, leading academics and industry experts presented cutting‑edge research on AI‑driven security, mobile OS vulnerability detection, IoT sensor risks, ARM confidential computing, and zero‑trust frameworks, highlighting how emerging technologies reshape secure mobile and industrial ecosystems.
