.png)
1 year ago
72 BOOK THIS SPACE FOR AD
ARTICLE ADIn the Android, application it is a package called apk(android package kit), it is similar to a zip-like format to extract the data from apk, we use apktool and JADX-GUI.
JADX-GUI is a very awesome tool to extract the data from apk and view the decompiled code. If we normally extract the data file, we couldn’t able to read. It is a hard thing to read. Using JADX we can able to easily understand code.
Every app had the strings.xml, which is a file used to store the strings in the application package.
How I found the API Key disclosure issue!
Download the apk file from the internet(which app you want to test)2. Open JADX -> File ->Add File -> Click the test.apk It takes some time to decompile it (depending on your system environment)
3. Scroll Down the left side can able to see Resources -> resources.arsc -> res -> values -> strings.xml
4. Sometimes it may have API Keys, AWS Keys, Default passwords, admin creds, etc
Note:-
If you find any API Key please refer to this git repository to explain the impact
Linkedin : Barath Stalin
Bengali (Bangladesh) · 
English (United States) ·