https://blog.azzahid.com/ Blog about mobile security, Android/iOS, Python, and technology 2026-05-08T04:49:56+00:00 Zahid https://blog.azzahid.com/ Jekyll © 2026 Zahid /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-04-27T00:00:00+00:00 2026-04-27T00:00:00+00:00 https://blog.azzahid.com/posts/abusing-companion-bal-exemption-for-ads/ Zahid

Most Android abuse, in volume, is for ads. Adware accounted for 62% of mobile threat detections in 2025. Most of those detections are the same thing: an app puts a full-screen view on top of whatever the user is doing, long enough to register an ad impression and get paid. That full-screen view is an Android Activity, the framework’s term for a single UI screen. The app showing it is not in th...

2026-01-31T00:00:00+00:00 2026-01-31T00:00:00+00:00 https://blog.azzahid.com/posts/android-runs-elf-files-everything-else-is-just-layers/ Zahid

If you’ve ever wondered how apps written in Python, JavaScript, or C++ can run on Android when everyone says “Android is for Java and Kotlin,” you’re asking the right question. The answer isn’t complicated, but it does require understanding what Android actually does at its core. Android Is Just Another Operating System Strip away the framework, the APIs, and the developer tools, and Androi...

2025-10-09T00:00:00+00:00 2025-10-09T00:00:00+00:00 https://blog.azzahid.com/posts/android-app-virtualization/ Zahid

Application-level virtualization in Android is an advanced technology that allows users to run multiple instances of the same app on a single device. Essentially, one app acts as a host, creating isolated virtual spaces where guest apps run as if they were separate. To Android itself, there is no distinction between the host and guest apps. This mechanism is primarily used to enable scenario...

2025-09-01T00:00:00+00:00 2025-09-01T00:00:00+00:00 https://blog.azzahid.com/posts/zero-config-mobile-security-testing-gateway/ Zahid

Traditional mobile security testing requires configuring proxy settings on each device, manually switching between intercepted and normal modes, and reconfiguring settings when passing devices between team members. This creates overhead and breaks testing flow. This article presents a network-level solution that eliminates device configuration entirely. A containerized router acts as an intell...

2025-08-31T00:00:00+00:00 2025-08-31T18:45:45+00:00 https://blog.azzahid.com/posts/frida-browser-websocket/ Zahid

With Frida v15, WebSocket support was introduced, creating an opportunity to run Frida directly inside the browser. Traditionally this was not possible because Frida relies on D-Bus, and D-Bus requires operating system sockets, which are not available in browser environments. The common workaround has been to use proxy servers. These proxies translate messages between the browser and Frida, bu...