For reference, I succeeded adding instrumentation to an existing release APK. So I’m no longer flying blind. Will document things in a blog post soon.
Now I’m back to figuring out how to exploit the vulnerabilities, it’s less straightforward than I thought.
A Mastodon instance for info/cyber security-minded people.