MIT: Independent Activities Period: IAP

IAP 2014

Reverse engineering private backend APIs in mobile applications (Dropbox)

Chris Varenhorst

Jan/30 Thu 05:00PM-07:30PM 4-237

Enrollment: Unlimited: No advance sign-up

Come see how easy it is to reverse engineer the "private" APIs used by your favorite mobile apps to talk to their backend, and learn about how to design APIs in ways that mitigate common flaws. Two main approaches will be discussed: 1) man in the middling running applications to observe the calls being used and 2) decompiling Android APKs to extract various "secrets". While no actual secrets will be revealed, you will learn why there's really no such thing as a private API and why that's okay.

Sponsor(s): Student Information Processing Board, Electrical Engineering and Computer Science
Contact: Chris Varenhorst,