Hi client,
My work with this android app:
- Decode apk, catch api list ( 1- 2 day)
- fake token / copy token / fake user (1 day)
- fake request and raw http request ( 2 day)
- test activity / change view flow crash ( 2 day)
- online / offline mode check ( 2 day)
- check login submit database submit / sync flow ( 2 day)
Daily report for checking
Promise your missing security in app will not be public