I am trying to reverse engineer an API of an app. I have already done everything there is to decrypt traffic using Charles and HTTP Toolkit certificates on a rooted Android emulator. However, both Charles and HTTP Toolkit show a weirdly small amount of requests. All of them are decrypted and there is no unknown traffic shown, but the only requests i get are media requests (mostly video thumbnails), one AB config request, then some Facebook and Firebase integration requests and that is it. Seems like the app does not get UI data by making http requests to a server. It might use gRPC, but Charles supports HTTP/2, and even if it did not, i tried Mediator that is aimed at gRPC calls and got nothing. I am not an Android developer so i do not really know about UI rendering on Android, what could it be that there is no data incoming for the app?
Question posted in Facebook API
The official documentation for the Facebook APIs can be found here.
2
Answers
It turns out the app is not using http but rather a raw socket connection with protobuf. Data is also encrypted, so the only way to reverse engineer the API is to disassemble the apk and read the smali. Thanks everyone for your suggestions!
The most plausible explanation would be that the UI components and their logic is already written and available in the application. The Activities (android component where UI logic is written) in your application are then loading the Views (a UI component with a behavior) based on the data it gets from various sources.
If you can deobfuscate the code, try checking the activities for any UI logic.
Another possibility is a Server-Driven UI framework being used, some example frameworks would be Epoxy, Lithos, RIBs (more of an architecture/framework).
Here is an article that I referred to: https://medium.com/basalam/server-driven-ui-in-android-with-compose-bf1885e9343c.
I hope this information is helpful!
Edit: Added reference article.