<Thread> 2 days ago, India launched a mobile app "to fight against the #COVID19"
I installed the app and I have 1 hour in front of me, let's see what I can find.
I installed the app and I have 1 hour in front of me, let's see what I can find.
The app is available on the Playstore. First step is to install and use the app as a normal user play.google.com/store/apps/det… 2/
They detected that my device was rooted. Let's bypass that! 3/ 
I decompiled the apk and search the string the error message "due to security restrictions". This string appears only 1 time in the SplashActivity. Make sense 4/
Side note: I have no idea what I'm doing at the moment 😁 5/
The pop up is shown if the v1.a(v0_1) returns 0. Time to fire Frida. 6/
Sorry I made a break to analyse a French thing ^^ I'm back 7/
My Frida code is not working and it's too late to debug it. I'll go for the easy route, I'll remove the root detection code from the apk 😁 8/
I bypassed the SplashActivity and recompiled the app. No more root detection 9/
Now, they want my phone number and I always have a problem when I try to login. Let's see if I can bypass that 10/
Somehow they detected that I monitored the network requests made by the app and throw me this error. Searching how 11/
I'll check that later tomorrow 12/
Lol
The WebviewActivity of the app can be used to open any url. There is no validation... Not the end of the world but it can be useful 😏 14/
Time to sleep 😴, I'll continue this thread later
I wanted to check something before going to bed. I can use this "issue" to access my authToken. I will record a small video
It can be considered as a security issue 😁
