• LostXOR@fedia.io
    link
    fedilink
    arrow-up
    3
    ·
    9 months ago

    I was thinking more of using a debugger to see the API calls the app is making before SSL, not intercepting them over the network. Getting the secret would be harder but I assume it’s stored somewhere in the app or app data and could be extracted. I’d be surprised if social media apps are storing it in the TPM.

    I guess it comes down to whether it’s easier/cheaper to do all of the above than to just buy a bunch of physical phones.