<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
	<channel>
		<title>Apk on Crusader Research</title>
		<link>https://crusaderproxy.com/research/en/tags/apk/</link>
		<description>Recent content in Apk on Crusader Research</description>
		<generator>Hugo</generator>
		<language>en-US</language>
		
		
		
		
			<lastBuildDate>Sun, 05 Jul 2026 00:00:00 +0000</lastBuildDate>
		
			<atom:link href="https://crusaderproxy.com/research/en/tags/apk/index.xml" rel="self" type="application/rss+xml" />
			<item>
				<title>Tearing the APK apart: the static pass that finds a critical before you set a proxy</title>
				<link>https://crusaderproxy.com/research/en/posts/reading-the-apk-static-analysis/</link>
				<pubDate>Sun, 05 Jul 2026 00:00:00 +0000</pubDate>
				<guid>https://crusaderproxy.com/research/en/posts/reading-the-apk-static-analysis/</guid>
				<description>&lt;p&gt;Most mobile write-ups treat static analysis as the boring prelude — decompile, skim, &amp;ldquo;note any hardcoded secrets,&amp;rdquo; then get to the real work of intercepting traffic. That framing is why testers miss criticals that were sitting in a zip file the whole time. The dynamic pass only shows you what the app does &lt;em&gt;while you drive it&lt;/em&gt;. The static pass shows you the endpoints behind feature flags, the components every other app on the device can reach, and the one Firebase URL that turns into a report before you&amp;rsquo;ve opened a proxy.&lt;/p&gt;</description>
			</item>
	</channel>
</rss>
