The images offer a rare glimpse inside murky enterprises that artificially generate social media likes, comments and shares for less than a cent a click.
I was thinking more of using a debugger to see the API calls the app is making before SSL, not intercepting them over the network. Getting the secret would be harder but I assume it’s stored somewhere in the app or app data and could be extracted. I’d be surprised if social media apps are storing it in the TPM.
I guess it comes down to whether it’s easier/cheaper to do all of the above than to just buy a bunch of physical phones.
I was thinking more of using a debugger to see the API calls the app is making before SSL, not intercepting them over the network. Getting the secret would be harder but I assume it’s stored somewhere in the app or app data and could be extracted. I’d be surprised if social media apps are storing it in the TPM.
I guess it comes down to whether it’s easier/cheaper to do all of the above than to just buy a bunch of physical phones.