“Hulu / ????” App for Android provided by HJ Holdings, Inc. uses a hard-coded API key for an external service ([CWE-798]()).

## Impact

The hard-coded API key may be retrieved via reverse-engineering the application binary.
Note that the application users are not directly affected by this vulnerability.

## Solution

The hard-coded API key has been revoked by the developer on June 7, 2022 and this vulnerability is not exploitable now.
The developer has released “Hulu / ????” App for Android version 3.1.2 without any API key hard-coded.

## Products Affected

* “Hulu / ????” App for Android version 3.0.47 or later, and prior to 3.1.2Read More