Blog Infos
Author
Published
Topics
, ,
Published

This blog is for EDUCATIONAL PURPOSES only as it exposes common vulnerabilities in Android applications. DO NOT try this on real applications.

TL;DR

Do not download APKs from random websites, as they might have injected bytecode and potentially steal the data from device.

Paid Features with Billing
Problem
Static Code Analysis

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

 

Premium feature as a flag in SharedPreferences

 

Smali

What is Smali Code Android

Here is the snippet of the beginning of the onCreate method from MainActivity in Smali:

 

 

Job Offers

Job Offers


    Android Build Engineer

    Pinterest
    San Francisco, CA | Seattle, WA
    • Full Time
    apply now

    Android Developer

    Small and Modern GmbH
    Hamburg, Remote (Germany)
    • Full Time
    apply now

    Senior Android Developer (Remote)

    Komoot
    Europe
    • Full Time
    apply now
Load more listings

OUR VIDEO RECOMMENDATION

,

Leveling Up Your Tests

We all know about TDD and Unit Testing, and even screenshot testing, but sometimes we do not need to embrace a new paradigm to make our tests better. These are several techniques I have adopted…
Watch Video

Leveling Up Your Tests

Jobs

Code Injection
invoke-static {p0}, Landroidx/preference/e;->a(Landroid/content/Context;)Landroid/content/SharedPreferences;
move-result-object v0
const-string v1, "preferencePremium"
const/4 v2, 0x1
invoke-interface {v0}, Landroid/content/SharedPreferences;->edit()Landroid/content/SharedPreferences$Editor;
move-result-object v0
invoke-interface {v0, v1, v2}, Landroid/content/SharedPreferences$Editor;->putBoolean(Ljava/lang/String;Z)Landroid/content/SharedPreferences$Editor;
invoke-interface {v0}, Landroid/content/SharedPreferences$Editor;->apply()V
view raw gistfile1.smali hosted with ❤ by GitHub

This code snippet is the same as

SharedPreferences.Editor editor = sharedPref.edit();
edit.putBoolean("preferencePremium", true);
edit.apply();
How To Prevent?

YOU MAY BE INTERESTED IN

YOU MAY BE INTERESTED IN

blog
It’s one of the common UX across apps to provide swipe to dismiss so…
READ MORE
blog
In this part of our series on introducing Jetpack Compose into an existing project,…
READ MORE
blog
Nowadays authentication has become common in almost all apps. And many of us know…
READ MORE
blog
Collections are a set of interfaces and classes that implement highly optimised data structures.…
READ MORE

Leave a Reply

Your email address will not be published.

Fill out this field
Fill out this field
Please enter a valid email address.

Menu