Continuing with my mobile pentest studies—and, of course, doing mobile pentests at work—it’s pretty common to run into different mobile apps built with various programming languages. For example, you’ll find apps developed in Java, Kotlin, Flutter, Xamarin, Swift… and a bunch of others. So far, I’ve only worked with Java and Flutter apps, but I’m looking forward to exploring others. What am I getting at here? Basically, what’s the difference between decompiling a Java app and a Flutter app?

A long time ago, I was looking for vulnerabilities in a Brazilian bank through a Bug Bounty platform. During that phase, I managed to report quite a few issues to them and earned a good amount of money. However, that platform was shut down, and I ended up stopping my tests on their systems. Recently, while browsing HackerOne, I noticed that the same bank is now there, but as a VDP this time.