Hello !
I’m new to android pentesting i’m reading about it and i’m very interested to try bug bounty for android app.
But I would like to know :
- Does a password or cryptographic key in storage are a vulnerability if we have to access the smartphone to get it ? like doing a backup or with rooted smartphone ?
- Does the leak of a cryptographic key is a vulnerability if I used frida to get it ? is it really possible for applications to keep theses keys secret even if frida is used ?
Thanks !