mobile app

This post will describe how I discovered a security flaw in Pod Point’s mobile app API endpoints. It covers bypassing certificate pinning with Frida, and demonstrate how attackers can steal full names, addresses, charging history, and more by simply having a registered account that anyone can obtain. Pod Point Pod Point is a UK based company established in 2009 that provides electric vehicle charging equipment to both businesses and individuals. It also operates what’s called the “Pod Point Network” where customers can use charge points across the country with a mobile app....

UPDATE (20-Mar-2022): MagiskHide has been dropped from Magisk 24.3. Checkout my blog post on comparing root detection for 24 banking apps where I also use Frida to spawn apps. For mobile app analysis, using a rooted device with Magisk and Frida has become my bread and butter. I’m aware that emulators exist (which I also use) but solutions, such as Android Studio or Genymotion fail to offer the same level of performance as a physical device....