Well, used to be. Nowadays when I see what the "hello world" app code looks like in Android Studio, I feel unwell, close it and uninstall it. What has happened to lightweight 50 KB APKs anyway? R.I.P.

I decompiled the Java code from the app and studied it - luckily the code was not optimized/obfuscated and no native code was involved, making the Android app quite future proof and available for hacking/modding :)

The main thing I wanted to solve was the lack of HTTPS support.

I created SMALI patches for the relevant features I wanted to fix:

• Overloaded the Settings Activity to add a HTTPS toggle
• Integrated the apartment UI configuration files into the APK so it doesn't need to be manually copied to /sdcard
• Added PLC ID autodetection so the apartment UI configuration can be automatically adjusted on first run - besides the ID, nothing differs by apartment type - all HVAC features that differ between them etc. are obtained from the PLC each time (and the neat thing is, I know the exact IP of the PLC out of the 2 that needs to be queried for that, so I could just replace the broadcast IP address with the specific IP and it would always get me the right ID)
• Overloaded the HttpGet & HttpPost classes to always force HTTPS when enabled and to add Basic Auth headers - the same password would be submitted for both Django web app login and the Basic Auth login requirement.
• Fixed some Android OS version related bugs to make the app that was originally designed for OS 4.2 compatible with up to Android 13

On the server side, I added Basic Auth password protection for the whole HTTP server to "cover up" the fact that a very old Django version is running the show and used certbot to deploy Let's Encrypt which I must say has worked flawlessly for many years now diligently renewing the certificate when needed.