Looking at mobile app API examples and the shortcomings of their security posture.

Leaking all app data

Using Client-side Filtering

APIs need securing properly, not just via obscurity.

Photo by Markus Spiske on Unsplash

Some APIs are so…

Locating and exploiting custom application protection methods.

Photo by Morning Brew on Unsplash

We rely on the app developers to adequately protect the data we put into their apps.

Circumventing certificate pinning on Android with smali patches.

If you don’t verify the server is the legitimate one, how do you know user…

Binary patching Android applications to bypass security mechanisms.


Assembly language for the dex format, used by Android’s Dalvik virtual machine.

  1. Bypassing these checks at runtime when executing the app using tools such as Frida; attach the tool to the app process to inject code to manipulate the behaviour. …

Modifying the input arguments and return values of native functions.

The Target

Using Frida to explore libraries during runtime

Exploring Runtime Lifecycle Libraries

Dynamic exploration using frida-trace and CLI

Dynamic Inspection

  1. Understand which native functions are being used and ideally at which stage of the app execution (where and when).
  2. Perform enumeration of native functions for a given library.
  3. Hook into a native function when it is called to change its behaviour, for example by changing the arguments or the return value.


Native library static inspection and the JNI


Sometimes decompilation of the code back to Java class files is not enough.

The Mobile Security Guys

Random posts about mobile security and testing techniques from a bunch of mobile professionals.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store