About

I am Senior Director and Chief Security Researcher at JD.com Group, with a focus on building large-scale security, risk control, and AI-driven defense capabilities. I founded Xiezhi Security Lab (also known as Dawn Security Lab) and now also lead advertising and marketing risk control initiatives, covering advanced security research, advertising anti-fraud, threat intelligence, strategic security infrastructure, and AI for security. I also serve as a doctoral management trainee mentor and TGT (Tech Genius Team) mentor at JD.com, supervising multiple PhDs and top technical talents.

I am also working on OpenCyvis, an open-source AI phone built as an auditable and user-controlled alternative to black-box commercial AI phones. OpenCyvis keeps both the agent stack and model choice open: developers can inspect the code, choose their own AI model, run local models, and control where their data goes. The project connects my interests in mobile security, AI agents, automation, and controllable AI-native systems.

Previously, I led Pinduoduo's security team and built its security infrastructure from the ground up. Before that, I was at the Keen Security Lab of Tencent, focusing on cutting-edge vulnerability research and mobile security. I am the winner of Pwn2Own 2016, Mobile Pwn2Own 2016 and 2017, having successfully pwned the newest macOS and Android systems and earning the Master of Pwn title. I was an early founding member of Blue Lotus, Asia's first CTF team to reach the DEF CON Finals, and a founding member of Zhejiang University's AAA CTF Team and Cybersecurity Association.

My research has been presented at Black Hat, DEF CON, and CanSecWest. I am a multiple-time Pwn2Own champion and the recipient of the 2022 Pwnie Award for Best Privilege Escalation Bug. I have been credited by Google, Samsung, Apple, and Huawei for discovering hundreds of critical CVEs, and have published at ACM ISSTA, USENIX, and other leading venues. I am a committee member and judge of the international hacking competition GeekPwn, and an Executive Committee Member of the China Computer Federation (CCF) Technical Committee on Security and Privacy.

Mobile Security Vulnerability Research Android / iOS IoT Security Software Supply Chain Ad Fraud / Anti-cheat AI Security Fuzzing CISSP

Publications & Talks

  1. From Breakthrough to Completeness: ARKDecompiler — The Decompiler for HarmonyOS Next. Black Hat USA Arsenal, Las Vegas. 2026. BH Arsenal
  2. BadResolve: Bypassing Android's Intent Checks to Resurrect LaunchAnywhere Privilege Escalations. CanSecWest, Vancouver. 2025.
  3. Dead Made Alive Again: Bypassing Intent Destination Checks and Reintroducing LaunchAnyWhere Privilege Escalation. DEF CON 33, Las Vegas. 2025. DEF CON
  4. Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC. Black Hat USA, Las Vegas. 2024. BH USA
  5. Uncovering and Mitigating the Impact of Code Obfuscation on Dataset Annotation with Antivirus Engines. ISSTA 2024, Vienna. 2024. CCF-A
  6. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. SANER 2024, Finland. 2024. CCF-B
  7. Detecting Novel Malware Classes with a Foundational Multi-Modality Data Analysis Model. Data Intelligence. 2024.
  8. PMDET: A new fuzzing-based detection tool for Android Parcel Mismatch bugs. Black Hat Asia Arsenal, Singapore. 2024. BH Arsenal
  9. RIDE: Efficient Highly-Precise Systematic Automatic Bug Hunting in Android Systems. Black Hat USA Arsenal, Las Vegas. 2022. BH Arsenal
  10. Mystique in the House: The Droid Vulnerability Chain that Owns All Your Applications. CanSecWest, Vancouver. 2022.
  11. The Hidden RCE Surfaces That Control the Droids. Black Hat Asia, Singapore. 2022. BH Asia
  12. La La Land: Theory and Practice on Large-Scale Static Bug Hunting for Android Systems. MOSEC, Shanghai. 2022.
  13. DroidCorn: A Practical New Framework for Blackbox Android Binary Fuzzing. MOSEC, Shanghai. 2020.
  14. Pwning the Nexus of Every Pixel. CanSecWest, Vancouver. 2017.
  15. Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root. Black Hat USA, Las Vegas. 2016. BH USA
  16. Escaping the Sandbox by Not Breaking it. DEF CON, Las Vegas. 2016. DEF CON
  17. Don't trust your eyes — Apple Graphics is compromised! CanSecWest, Vancouver. 2016.
  18. Hey Your Parcel Looks Bad — Fuzzing and Exploiting Parcel-ization Vulnerabilities in Android. Black Hat Asia, Singapore. 2016. BH Asia
  19. Shooting the OSX El Capitan Kernel Like a Sniper. REcon, Montreal. 2016.
  20. Hacking Phones from 2013 to 2016. Seoul, Korea. 2016.
  21. Vulnerabilities in the third-party SDKs of Android applications. HITCON, Taipei. 2015.

Honors & Awards

  • Pwnie Award — Best Privilege Escalation, Black Hat USA, Las Vegas. 2022.
  • Pwn2Own Champion & Master of Pwn, Tokyo and Vancouver. 2016, 2017.
  • Pwnie Award Nominee, Black Hat USA, Las Vegas. 2017.
  • JD Group Hackathon — 1st Prize. 2025.
  • JD Group CCO Highest Special Award. 2024.
  • Tencent Company-Level Technical Breakthrough Award (highest technical honor). Tencent.
  • Google Security Hall of Fame — Top 10 in Android Category.
  • Samsung Security Hall of Fame — Ranked #6 (2021, 2022).
  • Huawei Security Hall of Fame — Ranked #3 (2020).

Professional Service

  • Competition Judge, GeekPwn & GeekCon (international top security competition)
  • Executive Committee Member, China Computer Federation (CCF) Technical Committee on Security and Privacy
  • Mentor, JD.com TGT (Tech Genius Team) — Top Global Talent Program
  • Cyber Security Committee Member, Beijing 2022 Winter Olympics
  • Tencent Cloud TVP (Most Valuable Professional). 2025.
  • Judge, Tencent Cloud Hackathon

Education

  • Zhejiang University — B.Eng. in Computer Science and Technology
  • Hong Kong University of Science and Technology — Visiting Scholar, Department of Software Engineering. Advisor: Prof. Shing Chi Cheung.

Selected Coverage

CVE Research

Credited by Google, Apple, Samsung, Huawei, Oppo, and others for discovering hundreds of critical vulnerabilities across Android, iOS, macOS, Chrome, and major vendor ecosystems.

CVE-2015-3854, CVE-2015-3855, CVE-2015-3856, CVE-2015-6612, CVE-2015-6620, CVE-2015-6622, CVE-2016-0811, CVE-2016-3832, CVE-2016-6705, CVE-2016-8395, CVE-2016-8399, CVE-2016-6768, CVE-2016-6788, CVE-2016-8395, CVE-2017-0325, CVE-2017-0337, CVE-2017-0382, CVE-2017-0427, CVE-2017-0476, CVE-2017-0544, CVE-2017-13246, CVE-2017-0861, CVE-2017-0866, CVE-2017-13167, CVE-2017-13324, CVE-2017-15868, CVE-2017-2692, CVE-2017-2693, CVE-2016-5197, CVE-2016-1815, CVE-2016-1860, CVE-2016-4697, CVE-2016-7714, CVE-2016-7624, CVE-2016-7625, CVE-2016-7620, CVE-2017-2416, CVE-2018-9143, CVE-2018-9139, CVE-2018-9140, CVE-2018-9142, CVE-2018-9141, CVE-2018-10500, CVE-2018-10497, CVE-2018-10499, CVE-2018-10498, CVE-2019-14783, CVE-2019-16253, CVE-2019-16509, CVE-2019-17628, CVE-2021-0515, CVE-2021-0691, CVE-2021-39734, CVE-2021-25492, CVE-2021-25493, CVE-2021-25494, CVE-2021-25495, CVE-2021-25496, CVE-2021-25497, CVE-2021-25498, CVE-2021-25418, CVE-2021-25510, CVE-2021-25511, CVE-2021-25485, CVE-2021-25450, CVE-2021-23243, CVE-2021-0691, CVE-2021-0515, CVE-2021-0393, CVE-2022-33704, CVE-2022-33703, CVE-2022-39862, CVE-2022-28791, CVE-2022-30743, CVE-2022-36857, CVE-2022-30731, CVE-2022-30715, CVE-2022-39857, CVE-2022-24931, CVE-2022-22263, CVE-2022-22264, CVE-2022-20146, CVE-2022-20172, CVE-2025-32321, CVE-2025-8192