Being a cat-and-mouse game, would the reaction from the app-owner be to shift the computation to methods that are not discernable by dissection of the app?
For example having the app be purely a data collection tool which then streams it to the server to do all computation?
No. Any sane engineering team would have built it that way in the first place, so they almost certainly don't have the competence to change it now, or possibly even to understand your question.
I think that would be the case if the employer was doing this on purpose.
I would bet this is more a case of business goals being met by dev teams in the quickest and easiest way possible, without anyone providing legal or regulatory oversight to ensure the implementation is complying with required laws.
That's not any kind of justification or excuse though!
Not so fast, Frida can be detected.. you need to deal with those detection vectors first.
I'd not be surprised if the next version of the app included an "integrity proctection" added officially in order to "protect couriers' security".. these can be bypassed, but it shows that exposing your tools is not always a wise move.
For example having the app be purely a data collection tool which then streams it to the server to do all computation?
reply