alt Hacker Newsi have always wondered something about this kind of hacking. How do you guys come up with these ideas. Should I download the top 100 apps from the AppStore or Playstore and try to reverse them or introspect their requests and see if I hit a jackpot. Perhaps I can report a bug bounty and maybe score some credit from the company to whom the app belongs. There are millions of apps across both stores. Perhaps find a way to introspect all of them? No seriously, do you do this full time. Is ethical hacking your job or how does this work? How do you randomly go about finding stuff that nobody has found out before
Replies
when you're reverse engineering a web API used by an app (I've done this for personal integrations and automations) via MITMProxy and/or a device emulator, sometimes API calls show up that make you go "hmmm"
> There are millions of apps across both stores. Perhaps find a way to introspect all of them?
I would be surprised if this method wasn't also being employed, if not by individual hackers, then in the form of growth hacking by companies who sell a means of fixing it.
Still seems like something fun to try.
Sometimes you are their customer and have the ability to verify your own data security.
Normally those companies need an intervention from an authority to do something about it though.
Source: Personal experience.