Latest update: June 2025 During a mobile assessment, there will typically be two sub-assessments: The mobile frontend, and the backend API. In order to examine the security of the API, you will either need extensive documentation such as Swagger or Postman files, or you can let the mobile application generate all the traffic for you … Continue reading Proxying Android app traffic – Common issues / checklist (June 2025)
TL;DR - In this post, we'll explore some mobile malware: how to create them, what they can do, and how to avoid them. Are you interested in learning more about how to protect your phone from shady figures? Then this blog post is for you. Introduction We all know the classic ideas about security on … Continue reading Backdooring Android Apps for Dummies
In a previous blogpost, I explained my steps for reversing the flutter.so binary to identify the correct offset/pattern to bypass certificate validation. As a very quick summary: Flutter doesn't use the system's proxy settings, and it doesn't use the system's certificate store, so normal approaches don't work. My previous guide only explained how to intercept … Continue reading Intercepting Flutter traffic on Android (ARMv8)
