This session on Android serialization vulnerabilities will revisit two vulns found in Android (CVE-2014-7911, CVE-2015-3837), which allowed for privilege escalation, and will present vulns found in third-party SDKs (CVE-2015-2000/1/2/3/4/20), which allowed for arbitrary code execution in apps which used them. But what has been done to prevent similar vulns? The session will answer this question.