• Information Security Analyst, Mail.Ru Group
• Bug Bounty Hunter: Airbnb, Semrush, Yandex
• Dean of the Information Security faculty at GeekBrains
• Degree in Information Security from Bauman Moscow State University
Mobile applications are increasingly implementing the OAuth 2.0 protocol.
Despite this, vulnerabilities in mobile OAuth 2.0 implementations are still
found even in the products of large companies.
This report will look at vulnerabilities specific to mobile OAuth 2.0. It will
also show the most common and critical vulnerabilities of the usual OAuth 2.0,
protection mechanisms and common mistakes of developers.
