In this blog post, we’ll explore how a minor engineering error can result in significant revenue loss. To illustrate this, we’ll use Netflix as a case study.
**Often, understanding the fundamentals of the tech domain proves more beneficial than relentlessly focusing on topics like trees and graphs.**
Netflix halted password sharing in India approximately a year ago to bolster their revenue. This decision was made because people were sharing passwords with friends and family, resulting in a loss of potential new premium subscribers.
for more info about stopping password shairing you can visit this news article.
Returning to the focus of our blog, let’s examine how overlooking small details in technology and quality assurance can create backdoors in an application, potentially leading to significant revenue loss. This is precisely what Netflix aimed to prevent by implementing the strategy mentioned earlier.
Code Source:
I’ve decompiled the source code of Netflix using the APK available on the Play Store. Upon reviewing the code, I’ve made several observations that confirm my ability to bypass their password sharing warning screen. As a result, I’ve been able to use my friend’s account for an extended period.
Note: I’ve notified the Netflix support team about this issue, but it appears that they either lack interest in addressing it or may struggle to identify the problem themselves. Therefore, I’ve decided to write a brief technical blog about it.
Observable in Android:
As observable is lifecycle Aware & if fragment/activity moves to pause state then it will not be listen in parent .
As far as i have gone through code i can see Whenever user selects any profile on below screen
Users redirected to home screen & if he is using other user’s password & both are not on same wifi network then the user will see below screen [Expected]
However, if a user somehow navigates to the “News & Hot” or any other tab, they can bypass the previously mentioned warning screen. It’s noticeable that the warning screen, which is active on the home screen, becomes inactive in this scenario. Although the logic for displaying the warning screen is still executed, it fails to block the user from proceeding beyond this screen because of expected observable behaviour.
Now question comes how can user lands to “News & Hot” or any other Tab ?
Upon selecting a profile, the screen transitions to the home screen with an animation that lasts a few milliseconds. During this brief interval, if the user performs a “secret action” made possible by a small technical oversight by the Netflix tech team, Netflix becomes unlocked for use.To know the secret action drop me mail : imitiyaz125@gmail.com or can connect me on LinkedIn .
Netflix team don’t hesitate to reach out to me if you need any help from me to fix this issue😎 .
I am willing to buy subscription but as of now can’t as i know little tech to use it for free.
observable code reference:
I’m about to continue watching “Hiramandi” using a friend’s account. :
