I came across this Linkedin post today:
My first thought was oh no, this feels like it might be a security nightmare. So I intend to open up the app in Frida to see what I can find. Letās get startedā¦
Downloading AB Wallet
Since Iām running GrapheneOS and not using the Google Play store I downloaded the app from the Aurora Store. When I first open up the app it instantly crashes/closes so we need to figure out if the app sucks or if itās somehow preventing itself from running on my uncommon setup. Pretty sure we can use frida and check logs for this somehow but to even begin using Frida weāre going to have to first build GrapheneOS since ADB root is only available on a userdebug build. I think we should also be able to lock this down with ro.adb.secure=1 somehow too, might be useful if Iām running around with this for a while. I donāt have the time to build GrapheneOS today but Iāve started the download for all the dependencies and repos Iāll need. In the meantime letās take a quick peek at the AB Wallet app logs:
type: logcat
osVersion: google/cheetah/cheetah:16/BP2A.250805.005/2025081400:user/release-keys
flags: dev options enabled
package: ca.ab.gov.digitalwallet:1028, targetSdk 35
buffers: main,system,crash,events,kernel
level: verboseWeāre indeed running into a crash. Letās see if the system logs indicate why:
# TODO: Ensure no private data is leaking in logs before sharing an excerpt here...While doing this I had the idea to weaken the GrapheneOS exploit protections to see if itāll launch and it does! Straight into crashing again but this time with with logs taking up the entire app screen. Progress! Ugh.
Analyzing the APK file
to be continuedā¦
Using Frida
to be continuedā¦
Initial Exploration
to be continuedā¦
Hooks For Fun
to be continuedā¦
to be continuedā¦