Discover and read the best of Twitter Threads about #AppPrivacy
Most recents (1)
#AppPrivacy #Android
If you are interested in what data Android Apps push out to AppsFlyer, it might be a good idea to utilize @fridadotre to hook the 'af*' methods of class 'com.appsflyer.AFLogger'.
The screenshot shows an example of the app 'Bild'
1/n
If you are interested in what data Android Apps push out to AppsFlyer, it might be a good idea to utilize @fridadotre to hook the 'af*' methods of class 'com.appsflyer.AFLogger'.
The screenshot shows an example of the app 'Bild'
1/n
The screenshot contains to events, related to outbound http requests.
1) The one starting with "url:", which contains a request URI
2) The next event starting with "data:", which contains the **unecrypted** content, which is sent out ("appsflyerkey" redacted)
2/n
1) The one starting with "url:", which contains a request URI
2) The next event starting with "data:", which contains the **unecrypted** content, which is sent out ("appsflyerkey" redacted)
2/n
If you inspect the corresponding HTTPS request, the actual data is encrypted (at least it should be).
So if you have to proof the the data from "AFLogger" is contained in the request, you have to decrypt the body content
3/n
So if you have to proof the the data from "AFLogger" is contained in the request, you have to decrypt the body content
3/n
