A 21 y.o. sophomore (also a former secondary vocational school student) from China. Expected to be unavailable in a short period due to health issues.
Blog: https://blog.canyie.top/
Bugs & Vulnerabilities:
- Android: contributed to CVE-2024-0044 (PoC & writeup), CVE-2024-31318, CVE-2024-43080, CVE-2024-43081, CVE-2024-43088, CVE-2024-43090, CVE-2024-43762, CVE-2024-49733, CVE-2024-49741, CVE-2024-49743, CVE-2024-49744, CVE-2025-0100, CVE-2025-22432, CVE-2025-26464, CVE-2025-32323, CVE-2025-48524, CVE-2025-48545
- Huawei: CVE-2025-31175
(This list may be out of sync. Search "canyie" in Android acknowledgements for all!)
Research Outputs:
- Parcel Mismatch Demystified: Addressing a Decade-Old Security Challenge in Android
The 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025)
Also see my blog which contains many informal research articles.
Acknowledgements & Rankings:
- As of 2025/06/28 I am currently ranked #23 in the world on the entire Google Bug Hunters platform, #7 in the 2024 year, and #4 in the entire Android Program.
- Nickname "canyie" on Android Security Acknowledgements, Google Bug Hunters Leaderboard, Xiaomi Security Center, and Huawei Bug Bounty Program
Disclaimer: Although I'm a member of LSPosed Team, all repositories hosted by this account are owned by myself. They are maintained by me alone and have no affiliation with the LSPosed team nor are they part of the LSPosed community.