Call me paranoid but I recently gave a dev a bad review of his software from playstore which got me thinking that if he wanted to, since devs some times communicate with reviewer without having given them your email, he could create an update that would target my phone based on my email. Assuming my email is used on my phone.
Is it possible?
My understanding is that apps require your permissions to do anything that could be considered a safety hazard, like accessing your contact list or full internet access. Check what permissions have changed for the update before you install. Of course there is always the possibility of subversive code within any program.... I haven't heard of any problems like that yet.....
Sent from my PC36100 using xda app-developers app
i doubt this, but anything is possible I'm sure with enought effort and hackery.
---------- Post added at 03:21 PM ---------- Previous post was at 03:09 PM ----------
i doubt this, but anything is possible I'm sure with enought effort and hackery.
Sending you an email? I don't think that can bypass GMail's alerts and receive the apk in the background.
Although there are other ways of performing unethical activities.
Go see the app's data usage. If it's not an app that needs Internet so much than the data usage must be very low. But if the data usage goes very high and u donno how then that could be something fishy.
That can also be actual normal usage. You have to reason it right.
Sent from my GT-I9103 using xda app-developers app
lmali92 said:
Sending you an email? I don't think that can bypass GMail's alerts and receive the apk in the background.
Although there are other ways of performing unethical activities.
Go see the app's data usage. If it's not an app that needs Internet so much than the data usage must be very low. But if the data usage goes very high and u donno how then that could be something fishy.
That can also be actual normal usage. You have to reason it right.
Sent from my GT-I9103 using xda app-developers app
Click to expand...
Click to collapse
What I mean by "email" is I've written reviews in the past, I then get an email to my gmail account that is the same gmail id on my phone that I also use for playstore. The email from the dev I just addresses my review. This has happened more than once. So that tells me that when you review an app the dev some how gets your email.
So, I'm thinking I write a bad review, dev gets pissed, pissed enough to create an update to the software that targets any user that has a specified "email" on the device. The update says "bug fixes" but along with bug fixes he targets any device that has the target email.
I have no idea if this is possible but I don't see why not if he knows my email and can get the software on my phone with an update.
Again, I know it's a little paranoid, I'm just wondering if it's possible, theoretticly.
DomoDom said:
What I mean by "email" is I've written reviews in the past, I then get an email to my gmail account that is the same gmail id on my phone that I also use for playstore. The email from the dev I just addresses my review. This has happened more than once. So that tells me that when you review an app the dev some how gets your email.
So, I'm thinking I write a bad review, dev gets pissed, pissed enough to create an update to the software that targets any user that has a specified "email" on the device. The update says "bug fixes" but along with bug fixes he targets any device that has the target email.
I have no idea if this is possible but I don't see why not if he knows my email and can get the software on my phone with an update.
Again, I know it's a little paranoid, I'm just wondering if it's possible, theoretticly.
Click to expand...
Click to collapse
I really doubt this would happen, Developers cant get your email from leaving a review, at least not from the developer panel.. there are many times I would have loved to email and help people that just cant be bothered to email me for support so leave a 1 star rating.
If the app was paid for then they could get your email through google checkout by looking for your transaction.
<rant>As a developer I hate not being able to reply to ratings and reviews, nearly all the 1 star and 2 star reviews of my apps are stupid things that are easy to fix but the reviewer is far to lazy to ask for help. And alot seem to think you can reply to reviews, I get alot that say they need help but not leave any way to contact them </rant>
Sent from my MB860 using XDA Premium HD app
zacthespack said:
I really doubt this would happen, Developers cant get your email from leaving a review, at least not from the developer panel.. there are many times I would have loved to email and help people that just cant be bothered to email me for support so leave a 1 star rating.
If the app was paid for then they could get your email through google checkout by looking for your transaction.
<rant>As a developer I hate not being able to reply to ratings and reviews, nearly all the 1 star and 2 star reviews of my apps are stupid things that are easy to fix but the reviewer is far to lazy to ask for help. And alot seem to think you can reply to reviews, I get alot that say they need help but not leave any way to contact them </rant>
Sent from my MB860 using XDA Premium HD app
Click to expand...
Click to collapse
Well I can assure I've been contacted after posting a review. Also recently the devs have post responses to reviews that appear right below the review. Also they are purchased apps most of the time.
You do bring up a good point. Its not entirely fair to post a review without contact the dev first. In my case it was an issue about the hidden costs once you buy an app.
DomoDom said:
Well I can assure I've been contacted after posting a review. Also recently the devs have post responses to reviews that appear right below the review. Also they are purchased apps most of the time.
You do bring up a good point. Its not entirely fair to post a review without contact the dev first. In my case it was an issue about the hidden costs once you buy an app.
Click to expand...
Click to collapse
Yes they are rolling out the ability to directly reply but its only for the 'top' devs at the moment.
If they are paid its likely they found your transaction and contacted you.
Yes i think more people need to stop and email the dev (we infact offer every level of support going. Live chat/forum/email and yrt it still happens) often the issue is fixable and a mistake by the dev.
However that of cause isnt always the case
Sent from my GT-N7000 using xda premium
Just write another review telling him to **** off
Sent from my HTC One X using xda app-developers app
The main question is, if you gave him a bad enough review that will make him want to revenge, why do you still have his app on your device ?
Sent from my GT-N7100 using xda app-developers app
CreepyDroid said:
The main question is, if you gave him a bad enough review that will make him want to revenge, why do you still have his app on your device ?
Sent from my GT-N7100 using xda app-developers app
Click to expand...
Click to collapse
I think the main question is in fact what I asked, is it possible for a dev to write code that can target a phone that uses a specific email and does nothing to any other phone. Common sense tells me it would be possible, zero coding sense tells me to ask, I just wanted to hear from someone with more knowledge than me if it can be done.
I don't actually "know" that he would do anything and maybe he would just blow it off as he received several similar reviews to mine. Again, it got me thinking as to whether it could be done. That's all.
DomoDom said:
I think the main question is in fact what I asked, is it possible for a dev to write code that can target a phone that uses a specific email and does nothing to any other phone. Common sense tells me it would be possible, zero coding sense tells me to ask, I just wanted to hear from someone with more knowledge than me if it can be done.
I don't actually "know" that he would do anything and maybe he would just blow it off as he received several similar reviews to mine. Again, it got me thinking as to whether it could be done. That's all.
Click to expand...
Click to collapse
Can it be done? Yes. Is it easy, practical or ethical? Not in the least. It would rely on many factors that I will not get into. But it can be done. I wouldn't worry to much about a developer doing it. They would lose too much if it was found. Developers get bad reviews all the time.
Sent from Arkham
Thanks
Good point.
Sent from my GT-I8150 using xda premium
Related
Okay so I recently purchased an app on the market called "Soccer Score Centre" the developer is "Pants Software" and his website is "www.pantssoftwaree.com" So I purchased this app and it didn't quite work as it said it would. I wasn't getting goal notifications or any alerts on my nexus one. I checked other peoples comments on the market and some had the same issue. I sent developer an email letting him know it want working and he replied within a few hours about looking into the issue for me. well a week later I hadnt receive any response or fix to the issue and thats okay I understand that devs are busy but I already paid for this app and honestly i didn't feel I have gotten what I paid for.
So since this was international I couldn't refund the app and I wasn't even asking for a refund so I decided to post on the market my issue with the app so others can see, I mean I have every right to post my issue with an app and rate it how ever the hell I want on the comment are for any app so others can be aware that this is a common issue. I always respect the hard work and dedication of a dev so I never post something untrue or harshly negative. I posted this: "App since to have issues with goal alerts and notification, and its still doesn't have MLS"
thats it! nothing wrong with that....well here is the email I receive from the developer this morning:
Hi XXXX,
I see you must have gotten bored putting poor comments on other score score apps so decided to return to ours and give out your low ratings - so are you really that disappointed with EVERY football score app, if so I'd suggest that you get an iPhone or perhaps just not download any apps.
Or are you from a competitor like Bernd from Livescore said.
I've already given you a refund previously and yet you repurchased, rest assured you won't be getting another.
Regards.
First of all I don't know what hell he is talking about "competitor" or who the hell is "Bernd" but I am just a regular android user with a nexus one who downloaded this app, paid for it, didn't get his moneys worth and posted my comments on the market like everyone else does and now I get this harassing email and on top of that a few minutes after I receive this email I received about 12 spam emails from unknown sources and sites I have never heard of or signed up with and some were located in the UK, where this developer is from. So is it a coincidence I receive this angry email from him, and then I get spam emails a few minutes after all from the same location (UK)? I think not. Well I think this is BS that a developer has the right to take your email and use it for fraudulent purposes, only because he didnt like a comment about his app. I am still getting spam in my inbox and who know what else he is using my email for. Anyone know how I can report this to Google or the android team?
That's crazy, can't you report him to some scam watch, or spammer government set up agency? In Aus we have scamwatch.gov.au for example.
That's a massive violation to use your email to sign up for spam. What a really disturbed person they must be.
Personally I would reply to him, explain what you've said here and tell him you will be looking to report him to anyone you can and bad mouth his poor customer service to anyone that will listen.
I would then change your score to 1 star and explain the developer has actually started spamming you etc.
I already mentioned it to him and we went back and forth on emails. very rude dev he kept saying how I bad mouth other devs and he didnt even have proof and then tried sending me a link to an android market listing where you can see your own comments and he didnt even have the right one. I was respectful to him but overall he is an a**hole with a negative 10 star rating in my books
We should report that developer.
Sent an email to Google and have them look into this developer.
Sent from my PC36100 using XDA App
I've bought this app and exchanged a number of emails with the developer and have found him to be very helpful and professional. Looking at the feedback for the app on the Market would support this - so I find it difficult to believe the OP claims. Indeed searching across XDA I can see posts from other users who have had similar good experiences with the dev.
Perhaps people should check the app feedback for themselves before reacting to any unsubstantiated claims....
Just thought some people not following their twitter might want to know:
@SamsungFirmware: BAD NEWS MAYBE WE HAVE TO CLOSE OUR WEBSITE! BECAUSE COPYRIGHT! We are checking it out.
This was posted an hour ago
UPDATE:
@SamsungFirmware: We missed a Disclaimer about our website.. We fix it all tonight and hope we keep running!
UPDATE:
Updates from their twitter:
@SamsungFirmware: Samsung wants my domain... Because of the name. samsung-firmware.com is already down they have the same problem.
@SamsungFirmware: We are busy with a new domain so site could be offline soon again YEAH
@SamFirmware: Site DOWN Why because we change it to www.SamFirmware.webs.com Later we go to www.SamFirmware.com
In the last post you can see they changed their twitter name
Sent from my SAMSUNG-SGH-I897 using XDA App
ronandi said:
Just thought some people not following their twitter might want to know:
@SamsungFirmware: BAD NEWS MAYBE WE HAVE TO CLOSE OUR WEBSITE! BECAUSE COPYRIGHT! We are checking it out.
This was posted an hour ago
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
this is bad news indeed!
Looks like they have to go... underground
Quick everyone, Start downloading and archiving it all before it is too late!
ronandi said:
Just thought some people not following their twitter might want to know:
@SamsungFirmware: BAD NEWS MAYBE WE HAVE TO CLOSE OUR WEBSITE! BECAUSE COPYRIGHT! We are checking it out.
This was posted an hour ago
Sent from my SAMSUNG-SGH-I897 using XDA App
Click to expand...
Click to collapse
Not sure how its a copy writing issue, they aren't making any money off samsungs property (roms). They aren't editing them and releasing them as a samsung property....should be interesting.
Sent from my GT-I9000 using Tapatalk
Clienterror said:
Not sure how its a copy writing issue, they aren't making any money off samsungs property (roms). They aren't editing them and releasing them as a samsung property....should be interesting.
Sent from my GT-I9000 using Tapatalk
Click to expand...
Click to collapse
I've asked if they can provide any more details at this time. Will post if I find out more.
Sent from my SAMSUNG-SGH-I897 using XDA App
You don't have to do anything wrong to get a letter from a company lawyer. If some exec gets a bug up his butt and sics his legal department on you, right and wrong have nothing to do with it.
dc41 said:
You don't have to do anything wrong to get a letter from a company lawyer. If some exec gets a bug up his butt and sics his legal department on you, right and wrong have nothing to do with it.
Click to expand...
Click to collapse
That's true. But out of curiosity I've been looking up forms of copy write laws, and they all basically deal with either taking someone's work and putting your name on it exclusively, or selling it or both, or a combination of the two. Besides that the rest applies to copying music which is obviously considered illegal but that is still kind of a gray area. And of course copying games and programs.....but that's targeted towards paid games/apps. So as far as "Copy write infringement" by definition it holds no water. Then again if someone can sue NC Soft for making Linage II too addicting and actually successfully start a lawsuit anything could happen rofl.
I can see why they would get in copyright hot water over what they do. All the work that they host is technically property of Samsung and their partners after all. I would hate for them to be killed off, as their releases have helped us a lot. Samsung should think twice about this though, because I bet without the glimmer of hope shown by the GPS improvements in JH2, there would have been a lot more returns Samsung would be dealing with.
New update from their twitter:
@SamsungFirmware: We missed a Disclaimer about our website.. We fix it all tonight and hope we keep running!
Sent from my SAMSUNG-SGH-I897 using XDA App
Well, either they've taken it down for updating, or it's down completely, either way I can't get to it right now.
From facebook:
Samsung-Firmware Webs SITE IS DOWN. WE HAVE TROUBLE WITH SAMSUNG. WE ARE WORKING ON NEW DOMAIN,
way to have your **** together... >.<
It figures, the day that I decide I'm going to update. Hope they can get it back up soon.
Updates from their twitter:
@SamsungFirmware: Samsung wants my domain... Because of the name. samsung-firmware.com is already down they have the same problem.
@SamsungFirmware: We are busy with a new domain so site could be offline soon again YEAH
@SamFirmware: Site DOWN Why because we change it to www.SamFirmware.webs.com Later we go to www.SamFirmware.com
In the last post you can see they changed their twitter name as well
Sent from my SAMSUNG-SGH-I897 using XDA App
rajendra82 said:
I can see why they would get in copyright hot water over what they do. All the work that they host is technically property of Samsung and their partners after all. I would hate for them to be killed off, as their releases have helped us a lot. Samsung should think twice about this though, because I bet without the glimmer of hope shown by the GPS improvements in JH2, there would have been a lot more returns Samsung would be dealing with.
Click to expand...
Click to collapse
So if they are getting in trouble due to basically posting roms from samsung and nothing else what do you call it when people modify their original code to make custom roms? Are they going to jail because not only are they posting samsung property their modifying without samsungs permission.
This is probably a trademark issue, since their domain included Samsung in its name. If it was a copyright issue, they couldn't just change the domain name and continue operating.
Sent from my Nexus One using XDA App
Clienterror said:
So if they are getting in trouble due to basically posting roms from samsung and nothing else what do you call it when people modify their original code to make custom roms? Are they going to jail because not only are they posting samsung property their modifying without samsungs permission.
Click to expand...
Click to collapse
Dont forget that what xda does is illegal too, but its been tolerated by the companies so far because of the positive effects xda has on the popularity of the smartphones from these companies.
I dont think that samsung has a problem with what these website does, but purely of the use of her brandname. For example: the first time i heard of samsung-firmwares i thought it was something official by samsung. After visiting xda i learned it was not.
So the reason is just that samsung doesnt want to be associated with this website, because of the experimental stuff. You will get lot of stupid people complaining to samsung about broken smartphones.
So I have this person every app I post to the android play store he comments negitive and gives it one star. Is there a way to get a person banned from my apps ?
Sent from my HTC_Amaze_4G using xda app-developers app
If your app is in the google play store, then it sounds like that person is breaking the Comment Posting Policy.
Don't post fake reviews intended to boost or lower ratings.
Click to expand...
Click to collapse
I'd report him - instructions for doing so are also in the aforementioned link.
The link to report potential violations is down:
We're sorry, but the information you've requested cannot be found. Please try searching or browsing the Help Center.
Click to expand...
Click to collapse
post-mortem said:
The link to report potential violations is down:
Click to expand...
Click to collapse
Yea I just saw that they need to have a report page for this this person has hit every single app that I have.
What are some of your apps? If they're good, I'm sure some generous people could counteract one spammer pretty quickly.
Sent from my M886 using Tapatalk 2
been fighting with another dev that for the second time has gotten my account banned..... The dev name is qualityapps.org he sends google fake dcma reports like today 3 apps got yanked back to back then banned I submitted a appeal with proof to google and didn't get over turned. So pissed and fed up with google not having customer support number for devs.
Sent from my HTC_Amaze_4G using xda app-developers app
You might want to consider hiring a lawyer, though I know that's never an exciting option. Proof is proof, though, and if Google gets a letter from a laywer, their legal team will have to get involved.
wow. does the Play Store have problems with this generally? I would have hoped android devs would get along better. I want to publish an app so I'll keep my eyes open if it happens to me.
AaronBronander said:
wow. does the Play Store have problems with this generally? I would have hoped android devs would get along better. I want to publish an app so I'll keep my eyes open if it happens to me.
Click to expand...
Click to collapse
Basically if a dev has a app like call of duty (we know how many of those are out) and you are at the top of the chart they will submit a DCMA report and get it removed off the market or get you banned so there app gets more downloads. This will be my third time signing up to google.
So I have been working on this app for awhile now and I want to know if there will be enough support behind it to make it worth it to even publish on the play store.
What my app does:
It is a study tool for the AP US History course (the type you take in college). It cycles through the questions and for every question it gives you 4 possible answers, and you select the one you think is correct just like a multiple choice test. After, you press "check answer" and it will tell you if you got the answer right or wrong, if you got it wrong it will give you the option to try the question again or skip it. You can also go back to previous questions if you accidentally skipped a question and wanted to go back. I looked at the play store and there really is no app that I believe would help as much as mine. I took AP US History this last year and it is a VERY rigorous course, but I built what I learned in that course into my app. Now, you can get study books to help prepare for the AP tests and all but those range from $30-$50 (Depending on how in-depth they are), but my app, which I hope will provide the same material, will only be $1 or $2 if I publish it.
Why I am coming to you guys for advice:
I do think my app is good and well written but then I think that there will not be a large market for my app, and if I am only gonna get a couple of sales, I was just gonna put it out for free. Now I have worked diligently on this app and would like to be paid for it, but only if the market is there. So would any of you be interested in buying this app if it were on the store? (I can also make different apps for different subjects as well if you would like me to do that)
If you are interested and would like to see my app before you make your decision, PM me and I can send you a sample version which only has 5 questions (the final build will have 100+) but it will give you a good idea of how the app works and feels. Please give me your feedback on this XDA!
This is a quick demo of my app:
http://www.youtube.com/watch?v=Iw30bkwUvkI&feature=youtu.be
(It only looks slow because it is running on the emulator and not an actual phone)
Guess that answers my question...lol
you can make it a little more interesting by making a ranking out something, like "user got a9.5", people always like to compete
Sent from my LG-P500 using xda app-developers app
zeratos said:
you can make it a little more interesting by making a ranking out something, like "user got a9.5", people always like to compete
Sent from my LG-P500 using xda app-developers app
Click to expand...
Click to collapse
well i did add a system where it tells you how many you have correct and incorrect but i dont think that is exactly what you mean
Just my 2 cents...
Put this out for free...get the platform rock solid and bug free. THEN expand! Get it touch with like minded people and they can supply material from their courses and text books. I think at the moment this app will struggle to make you Much money due to its small target audience (who also happen to be students, and most students hate spending money
BUT... If you get it solid, make it easy to add/update new subject matter....it could work....just think...maybe schools might use it to help get kids to study as kids hate to get off their phone and hit the books. Maybe Universities/colleges would like to put a version out for all their courses...
Anyway you see what I'm getting at....
That was probably 4 cents worth....
Sent from my GT-I9300 using xda premium
OK guys I'm new here (kinda) , I searched the forum, read etc and haven't come across any of the above mentioned issue.
Now my reason for not naming the above game is because I do not want other users to go doing anything they shouldn't.
I'm not sure if this is really really serious or its just a feature I didn't read in the App (xposed/xprivacy). Anyways I'll get to the point!
I recently found out I can access another users account (on a popular game) when xposed is installed and activated.
I tried it two times and it actually works (I didn't do anything to the account but I was curious).
Now my question is, could this be a bug in the game or something? M thinking this could be a real big issue if gotten in the wrong hands.
I will report it to the devs of the game but I want to know first etc.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Best thing to do is follow industry standard and practice responsible disclosure. Generally a secure, private message notifying your discovery to the developers that have made the potential mistake is the first step to take.
If they don't respond kindly and promptly explaining how they're working to resolve the issue, then it would be best to inform them that you're going to be responsible in informing the app's distributors (play store?) to have them figure out if it's a serious problem enough to disable distribution until the bug is fixed.
If after that you've still not seen any honest progress in mitigating the vulnerability, call the press, those vultures love rotting flesh for the front page.
What is Responsible Disclosure? http://forum.xda-developers.com/showthread.php?t=2338337
Thanks dude! Will do as u suggested, however I posted in their forum asking them to contact me as I'm on my phone n isn't close to a pc n it's really hard to navigate their website on the phone.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Understandable. If you can, see if their team has a direct contact anywhere I their site when you have a desktop to work with. play store usually has a contact link for app Developers too. I'd like to think most software teams are at least responsible enough for reputations sake and will give their due diligence depending on severity, but I've not a clue. Someone brings me a tip like this and I'd be all ears, but some of the projects I work with deal with a bit more sensitive data (unless this app you're talking about had in app billing, which would make this much more serious. Legal implications for improper handling of consumer financial data can be quite serious unless you're on wall street.)
Well, it DOES have in-app purchase! I went ahead and checked out again, I realise it can (continually) access only one set account based on Xprivacy 's "global fake account", settings, when I go manual and change uses random settings, it does not access that said account, from further test I realise accessing another players account has to do with the email address, because when I unchecked the other features it does not work (it takes me to a new game instead) I'm not sure how the devs of Xprivacy provide or Crete the "global fake account" but it has something to do with accessing the app, if someone is really determine n decide to modify/rewrite Xprivacy I believe it can be used to access anyone's account based on If u know who actually plays that game, easiest way is to just go on play store see who comment and find some way to get their email address!
Edit: I also emailed them with pictures of the users account and how I accessed it, I didn't mentioned Xprivacy as I was uncertain if I should. Do u think I should?
Btw I still don't get any reply and that was from about 12 hours ago.
Sent from my SGH-T999V using XDA Premium 4 mobile app
wow
geminixx said:
Well, it DOES have in-app purchase! I went ahead and checked out again, I realise it can (continually) access only one set account based on Xprivacy 's "global fake account", settings, when I go manual and change uses random settings, it does not access that said account, from further test I realise accessing another players account has to do with the email address, because when I unchecked the other features it does not work (it takes me to a new game instead) I'm not sure how the devs of Xprivacy provide or Crete the "global fake account" but it has something to do with accessing the app, if someone is really determine n decide to modify/rewrite Xprivacy I believe it can be used to access anyone's account based on If u know who actually plays that game, easiest way is to just go on play store see who comment and find some way to get their email address!
Edit: I also emailed them with pictures of the users account and how I accessed it, I didn't mentioned Xprivacy as I was uncertain if I should. Do u think I should?
Btw I still don't get any reply and that was from about 12 hours ago.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Awesome it's great to see that there is always someone to test those boundaries, as its people like myself that always take it for granted that, when someone says a game is safe we take it as "Gospel" so to speak, that it actually is.I found this thread a genuinely interesting read and I learned that not everything is as plain as the nose on my face...thanks guys!
geminixx said:
Well, it DOES have in-app purchase! I went ahead and checked out again, I realise it can (continually) access only one set account based on Xprivacy 's "global fake account", settings, when I go manual and change uses random settings, it does not access that said account, from further test I realise accessing another players account has to do with the email address, because when I unchecked the other features it does not work (it takes me to a new game instead) I'm not sure how the devs of Xprivacy provide or Crete the "global fake account" but it has something to do with accessing the app, if someone is really determine n decide to modify/rewrite Xprivacy I believe it can be used to access anyone's account based on If u know who actually plays that game, easiest way is to just go on play store see who comment and find some way to get their email address!
Edit: I also emailed them with pictures of the users account and how I accessed it, I didn't mentioned Xprivacy as I was uncertain if I should. Do u think I should?
Btw I still don't get any reply and that was from about 12 hours ago.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Xprivacy forces your 'phone' to report bunk settings, which xPrivacy also allows you to manually set. So if this is a vulnerability in this particular app, where the app developers are relying on what they previously thought was solid and unmanipulable data from the users' phone.... then there's certainly potential for abuse, and potential for this vulnerability to be fairly widespread. It seems like an honest mistake on the part of the game developers because most situations the data that xprivacy is allowing manipulation to is in most cases static and unique per phone/user. You very well may have opened up pandora's box... Authentication to an app with purchasing power shouldn't rely solely on supposedly static strings within the android system...
Well either they don't take it seriously or they don't reach to my mail as yet cuz nobody replied to my email or my forum post, I'm thinking it's cuz I leave out the app I used to get the access, I dunno what else to do so imo just leave it... Or maybe email them one more time...
Sent from my SGH-T999V using XDA Premium 4 mobile app
Thanks flower! Always willing to help out! I do enjoy bug testing! Lol its my fave pass time!
Sent from my SGH-T999V using XDA Premium 4 mobile app
geminixx said:
Thanks dude! Will do as u suggested, however I posted in their forum asking them to contact me as I'm on my phone n isn't close to a pc n it's really hard to navigate their website on the phone.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
You are possibly violating CFAA (a felony) but continuing to access data on their servers. I would stop accessing their sevices/using the app, and alert them. If you have issues contacting them, I can act as an intermediary, most companies will respond to me.
jcase said:
You are possibly violating CFAA (a felony) but continuing to access data on their servers. I would stop accessing their sevices/using the app, and alert them. If you have issues contacting them, I can act as an intermediary, most companies will respond to me.
Click to expand...
Click to collapse
They contact me on their forum, and what would they charge me for? I didn't do it deliberately. And I wouldn't give u any information cuz I don't know u anyways.
Sent from my SGH-T999V using XDA Premium 4 mobile app
geminixx said:
They contact me on their forum, and what would they charge me for? I didn't give u any information didn't do it deliberately. And I would cuz I don't know u anyways.
Sent from my SGH-T999V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
I recently found out I can access another users account (on a popular game) when xposed is installed and activated.
I tried it two times and it actually works (I didn't do anything to the account but I was curious).
Click to expand...
Click to collapse
intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer
Click to expand...
Click to collapse
Source: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
jcase said:
Source: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
Click to expand...
Click to collapse
Thank u for your info mate but if you realise I POSTED ABOUT IT OUT OF CONCERN! I tested to see if it was INDEED what I suspected! If ur a Dev (I'm not but I know because I do alot of beta testing) I'm sure u would no ALOT of people report false positive.
And HOW would I be able to explain in details as to how I was able to access it if it was done my mistake in the first place? That's what ur normally asked to do isn't it? Hmmmm
So me checking to make sure it wasn't isn't any violation as u call it. I'm not abusing anything...
Sent from my SGH-T999V using XDA Premium 4 mobile app
geminixx said:
Thank u for your info mate but if you realise I POSTED ABOUT IT OUT OF CONCERN! I tested to see if it was INDEED what I suspected! If ur a Dev (I'm not but I know because I do alot of beta testing) I'm sure u would no ALOT of people report false positive.
And HOW would I be able to explain in details as to how I was able to access it if it was done my mistake in the first place? That's what ur normally asked to do isn't it? Hmmmm
So me checking to make sure it wasn't isn't any violation as u call it. I'm not abusing anything...
Sent from my SGH-T999V using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Yes I am a developer, working in the mobile security field (hence being a moderator of this forum). Yes, it was a violation of CFAA. If the company wants to be an vindictive, they certainly could get you charged for it (unlikely). Your post was (and is) fully welcome here, and exactly what we want to see. You possibly stepped too far the first time you accessed it, you certainly stepped too far the second time. If you do this or not, I personally don't care, I was merely offering you (accurate) advice.
K
Sent from my SGH-T999V using XDA Premium 4 mobile app