Here, I learned how to find a deep link vulnerability in AllSafe, which is . AllSafe (an intentionally vulnerable Android app) This app is frequently used by cybersecurity professionals and beginners to learn ethical hacking techniques. It's important to note that the vulnerability I discovered poses a serious risk, as it can lead to account takeover, unauthorized access to sensitive data or features, headless attacks, and phishing and redirect attacks. Therefore, I'm sharing this for educational purposes.

Here are the steps:

1. I import the AllSafe APK file into the JADX-GUI tool. The goal is to dissect the app so I can read the code inside it

2. So I immediately opened it and checked the AndroidManifest.xml file. There, I looked for the intent-filter section. I found an entry named DeepLinkTask with the URL allsafe://infosecadventures/congrats. That's the entry point.

3. Once I knew the address, I opened the code in DeepLinkTask.java, and sure enough, there was the logic that asks for a key. If the key doesn't match, we won't see the "Congratulations" message.

4. I tried looking for the key in the strings.xml file (where developers usually put text). Lo and behold, it was actually there. I found a long string (a UUID) that looked like the key. So I copied the string.

5. Finally, I opened the terminal and used an ADB command to force my way in through that door using the key I had found earlier. The command looks like this: [adb -s emulator-5554 shell am start -a android.intent.action.VIEW -d "https://allsafe?key=ebfb7ff0-b2f6-41c8-bef3-4fba17be410c" infosecadventures.allsafe]. And boom! "Congratulations" immediately appears on the emulator.