top | item 34447925

(no title)

estel | 3 years ago

The suggestion might be that Trustcor received an internal build of the SDK because of their close links to the company. Perhaps the developer who worked on the mobile app also worked for the company behind the SDK?

Rachel’s suggestion in the thread is that the other examples of this SDK that have been observed obfuscated are much more recent, and that perhaps obfuscation was something the company has started doing more recently.

discuss

lolinder|3 years ago

Yes, which could explain the lack of obfuscation but would not explain the source code modifications that hard code a MsgSafe certificate and URLs.