[gtaylor]

This isn't specific to Android, as you can pull symbols out of many kinds of binaries with some work.

Being silly with you credentials can hurt you, regardless of the platform or using a compiled or interpreted environment.

[majiaguan]

I believe this vulnerability is existing for IOS apps, too. Trustlook they may only focus on Android

[jug6ernaut]

This vulnerability exists with EVERY client application. It is just much easier to obtain the applications with android(as opposed to IOS) which is the only reason i can assume Trustlook focused on android.

This isnt as much a "vulnerability" as it is a complete miss understanding of security and the technology they are using. Everything on the client side should be assumed as obtainable.