Millions of users nowadays rely on their smartphones to process sensitive data through apps from various vendors and sources. Therefore, it is vital to assess these apps for security vulnerabilities and privacy violations. Information such as to which server an app connects through which protocol, and which algorithm it applies for encryption are usually encoded as variable values and arguments of API calls. However, extracting these values from an app is not trivial. The source code of an app is usually not available, and manual reverse engineering is cumbersome with binary sizes in the tens of megabytes. Current automated tools, however, cannot retrieve values that are computed at runtime through complex transformations such as string encryption. This talk will discuss our prototype called ValDroid that automatically extracts values in Android applications by utilizing static backward slicing and value models for API calls. Furthermore, it shows how to extract values using dynamic analysis for the purpose of generating a ground truth for the evaluation of ValDroid.