Budget Insight is a banking data aggregator. Public, well-document and complete APIs are pretty rare in the banking context, so reverse-engineering is part of our daily work, whether we deal with an obscure web framework or with a mobile banking app using an obfuscated API.
We're growing our mobile app reverse-engineering team and are looking for someone with skills and experience on Android or iOS. Apps routinely contain certificate verification, obfuscation, multi-factor authentication.
- observe and understand network calls made by banking apps to their internal APIs
- use Python to call discovered APIs
- autonomy and curiosity
- disassemble an app
- use a packet analyzer
- debug smali code (for Android) is an asset