Modifying Resource Files Leads to Privilege Escalation

• Fire up JADX and open up the base.apk file

• Now you can see the source code and the apk data like the resources files

• After searching for keywords like "admin" in the LoginActivity if ound this

  
• this guy using a boolean value from resources to hide some functionalities

• Go to res/values/stings.xml and notice "is_admin" is equal to no

  
• Now Using code editors like sublime change it to yes and save the project

  
• Now Change the name of directory to

• Use APKTOOL to build our updated version and use sign tool to sign the application

  

• And that's it you just remove the old version from phone and install your updated version instead

• the signed apk will be insecurebankv2.s.apk

• Notice Now there is a functionality for registration added