Some corrections + additions:
We think we are wrong about the certificate pinning part, we can still see requests made by the app but they get blocked by the server if using an http inspector tool. Something else is going on.
Our rabbit reponses are currently REALLY slow, mine…
Guess who’s back on android phones? That’s right! Our little rabbit friend!
We have fought through:
⁃ “IMEI checks”
We discovered these literally don’t exist and you still can just use any string as IMEI
⁃ Other header checks
These are obfuscated across a few files and even…