Question

You’ve spent the entirety of this book thus far learning to hack web applications. The majority of bug bounty programs offer bounties on their web apps, so mastering web hacking is the easiest way to get started in bug bounties, as it will unlock the widest range of targets.

到目前为止，你已经花费了整个书籍的时间来学习如何黑客入侵 Web 应用程序。大多数赏金计划都在其 Web 应用程序上提供赏金，因此，精通 Web 黑客攻击是开始进行赏金计划的最简单方法，因为它将解锁最广泛的目标范围。

On the other hand, mobile hacking has a few more prerequisite skills and takes more time to get started. But because of the higher barrier to entry, fewer hackers tend to work on mobile programs. Also, the number of mobile programs is rising as companies increasingly launch complex mobile products. Mobile programs can sometimes be listed under the Mobile or IoT sections of the company’s main bug bounty program. This means that if you learn to hack mobile applications, you’ll likely file fewer duplicate reports and find more interesting bugs.

另一方面，移动设备的黑客攻击需要更多的先决条件和更多的时间才能开始。但由于进入门槛更高，较少的黑客倾向于研究移动应用程序。此外，随着公司发布越来越复杂的移动产品，移动应用程序的数量也在增加。移动应用程序有时可以在公司的主要漏洞赏金计划的“移动”或“物联网”部分下列出。这意味着如果您学会了如何攻击移动应用程序，您可能会少提交重复报告并找到更多有趣的漏洞。

Despite the more involved setup, hacking mobile applications is very similar to hacking web applications. This chapter introduces the additional skills you need to learn before you begin analyzing Android apps.

尽管移动应用程序的设置更加复杂，但其与网络应用程序的黑客方法非常相似。本章介绍了在分析 Android 应用程序之前需要学习的额外技能。

Companies with mobile applications typically have both Android and iOS versions of an app. We won’t cover iOS applications, and this chapter is by no means a comprehensive guide to hacking Android applications. But, along with the previous chapters, it should give you the foundation you need to start exploring the field on your own.

具有移动应用程序的公司通常都有 Android 和 iOS 版本的应用程序。我们不会涵盖 iOS 应用程序，这一章也绝不是对 Android 应用程序进行全面攻击指南。但是，与前几章一起，它应该为您提供足够的基础，以便您开始在这个领域进行探索。

---