I have a compiled Android APK but no source code. My goal is to understand exactly how the app builds its authentication token and sends it to the remote API, so that I can replicate this process in a separate service. You’ll start by decompiling the APK, exploring its structure, and mapping the call chain that creates and transmits the token. Feel free to work with JADX, ApkTool, Ghidra, or any workflow you’re comfortable with—the choice of tooling is entirely up to you as long as the outcome is clear and verifiable. Once you have isolated the logic, I need: • A concise technical report describing the classes, methods, and endpoints involved in token generation and transmission. • Well-commented decompiled code (or pseudo-code where decompilation fails) that highlights the critical sections. • A reproducible example—Postman collection, curl script, or short Python snippet—that sends a valid token to the target API, proving the flow is understood. Acceptance criteria: the example must authenticate successfully against the same endpoint the app uses, and your report should let another engineer trace every step without reopening the APK.