TechEcho

The security measures are not there to secure you from seeing the requests, they are there to stop people using the app getting hacked with man in the middle attacks, no? I think they know they need to also make sure their API is secure as well.

> but I’m not quite sure of the reasoning behind the root checking process<p>I'm surprised the author didn't pick up on the class/package names: a quick Googling of "Paydiant" shows that this is likely all a result of a third-party loyalty/payment integration they've used: <a href="http://www.paydiant.com/" rel="nofollow">http://www.paydiant.com/</a>

Would proguard be able to prevent (or at least make much more difficult) this kind of reverse engineering?

what is a good dalvic decompiler at the moment? are you using smali/baksmali for re-compilation?

The endpoints look a lot nicer than what the UK app uses (which is just some Java enterprise thing)

Would proguard be able to prevent (or at least make much more difficult) this kind of reverse engineering?

what is a good dalvic decompiler at the moment? are you using smali/baksmali for re-compilation?

The endpoints look a lot nicer than what the UK app uses (which is just some Java enterprise thing)

Reverse Engineering the Subway Android App

5 comments

Reverse Engineering the Subway Android App

5 comments