Hello, people
I am mostly a security debugger and so a friend of mine asked me to debug one of his apps, while I was working on it, I was looking into another non market app's pirated source code, here are the few things I noticed.
The app gathers your phone book data. [Google Play Version does't have this permission]
The app gathers your message data. [Google Play Version does't have this permission]
It calls a backup function and also a write block function, this could be used to send malicious/spam sms from your device without your notice.
Kinda Busy analyzing non market apps, will update a case study the risks involved! Cheers!
Gujarati
Sent from my GT-I9070 using Tapatalk now Free
This is why you shouldn't pirate apps.
danilekhok said:
Hello, people
I am mostly a security debugger and so a friend of mine asked me to debug one of his apps, while I was working on it, I was looking into another non market app's pirated source code, here are the few things I noticed.
The app gathers your phone book data. [Google Play Version does't have this permission]
The app gathers your message data. [Google Play Version does't have this permission]
It calls a backup function and also a write block function, this could be used to send malicious/spam sms from your device without your notice.
Kinda Busy analyzing non market apps, will update a case study the risks involved! Cheers!
Click to expand...
Click to collapse
Suprise, suprise!
That reminds me of the statement: If it is for free, you are the product! :silly:
Thanks for warning the new ones but i think most here are familiar with the non-market apps being used as malware. :good:
Related
Hello friends is their any way to link any paid app to be linked in play store so that the pirated paid app can be activated with any android devices
Q) The problem I have downloaded some paid apps for free and the after installing the app says licence failed or invalid licence
I tried titanium backup pro and then I tried the market functions but doesn't worked out
is their any other way
Why u need to use google play store? Freeze it from titanium.. Use mobogenie . it will announce you about update ... Almost play a part like play store.. You will not have any more problems of licence failed... And also use a firewall app to manually watch apps background movement... :banghead::sly:
Sent from my Micromax A110Q using XDA Premium 4 mobile app
I'm pretty sure that isn't possible. I believe when people crack apps they remove the verification features which would remove it from checking your phones unique hash to the app. So when you download the real version it would see your phones hash isn't in the database and henceforth would deny your access. Hope this helps.
I'm not 100% sure but that's usually how things like this work.
no that's Impossible
No you can't link apps that way.
But there is a way to remove license verification.
first of all you need to download a app named 'lucky patcher' and then you can use it to remove license verification
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
applefag said:
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
Click to expand...
Click to collapse
As long as the apps you install are from known sources (i.e. Play Store) you don't need to worry. Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it. Finally for safety reasons never install any apps from unknown sources (i.e. outside of Play Store) unless you trust the developer.
If you still find yourself worrying read this.
applefag said:
Am I worrying too much ?
Click to expand...
Click to collapse
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry. FYI http://en.wikipedia.org/wiki/Security-Enhanced_Linux
kalpetros said:
Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it.
Click to expand...
Click to collapse
Well only if you are sure. Sometimes apps need permissions that aren't justified for some people.
for the open nature of the android ecosystem, it is somewhat normal that you will have to be careful though there are several different techniques, i use this the most.
Root your phone, install xposed framework and install xprivacy. here is a review of what it does http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/ . I know the installation pprocess may seem daunting, but it is easier than you think this module wil allow you to block apps of certain permission. IE. you can block location service for all the apps on your phone so that no app can get your location. There are bunch of other permissions that you can block like access to contact, gallery etc
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
SaffatBokul said:
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
Click to expand...
Click to collapse
Not useful IMO. FYI I remember this article.
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
snapper.fishes said:
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
Click to expand...
Click to collapse
I agree, rooting your phone comprimises your security even if you do it to install security apps.
Primokorn said:
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry.
Click to expand...
Click to collapse
Unfortunately, new apps in Google Play are rarely verified by Google staff, so there is still always a possibility of trojan or other malware.
Hello guys,
This is a news of 1 month ago, but I want to share what we developers have discovered debugging our apps.
There is a new trojan in town, something that is injected in the APKs and starts to download other apps and track you down. It's easy to be found but for developers it's impossible to remove it because it comes from an altered version of the original APK.
It's important to understand that with some work is possible to alter an app and to publish it on third party stores.
I highly suggest to download apps only on google play or amazon. If you really need to download an app, be really careful and scan the apk. If you get a crash check the logcat and if you find something like this "com.walkfreestub" clean your phone immediately.
These are some experiences by the devs:
https://forums.malwarebytes.org/ind...86944448apk-from-mobogenie-allegedly-pou-app/
http://stackoverflow.com/questions/32080414/what-is-com-walkfreestub-causing-crashes-on-android
https://groups.google.com/forum/#!topic/android-security-discuss/YH80_qADG5E
What antivirus is recommend?
injulia said:
What antivirus is recommend?
Click to expand...
Click to collapse
You can try with Malwarebytes :good:
I'm surprised no one has reviewed this app but I'll give it a shot. *edit- attached pics keep going away each time I edit this post. Take a look at the attachments for screenshots.
My Android Tools (free version)
My Android Tools(Pro)
This is an app I stumbled across by chance or mentions in random forum posts and maybe those who've played with it do only a few things such as disable startup items but it's a lot more powerful than that in regards to blocking in-app ads and trackers.
Now, blocking stuff is a multi-prong approach.
You have Adaway for removing the DNS requests for both apps and browser traffic. MAP targets in-app stuff- not browser traffic. That's why you'd do something like Adaway + MinMinGuard/Adblocker XPosed modules. They actually target blocking the code in the app.
something like XPrivacy for sending random info instead of what an app wants from you
And a bunch of apps and XPosed modules to do things like block receivers or in-app ads.
I've whittled it down to Adaway + *Youtube Adaway + *CrappaLinks + My Android Tools(Pro)
*XPosed Modules
from now on I'm calling My Android Tools MAP
First, make a backup of your ROM
Next, make a backup in the About screen in MAP. The optional thing is if you want MAP to open after every app install/upgrade for review of new and updated apps.
*screenshot
The 3 things we'll look at are Services, Broadcast Receivers and Activities.
Services- things that run whenever
Broadcast Receivers - things that respond to system events (boot, connectivity changes, timezone changes, packages added, etc)
Activities - ads and junk that pop up on your screen. Developers add 3rd party sdk's to show pop-ups and stuff. This is how XPosed Modules such as MinMinGuard and Adblocker work
ContentProvider - still haven't figured out if I find stuff here yet. Maybe in Google Play Services it might have some analytics provider but it's basically things that share things with other apps.
*screenshot
Under Services I mainly look at Analytics and Campaign Tracking svcs. It's up to you but these do offer legit tracking analytics to developers.
Google to see what they do
*screenshot
Broadcast Receivers a few apps that do look at a limited selection of these like XPosed module ReceiverStop
mainly I look at 2 of them:
android.intent.action.BOOT_COMPLETED
com.android.vending.INSTALL_REFERRER
*screenshot
Finally, Activities
This is how MinMinguard and the like block things. We're going to block more because MinMinGuard just has a hardcoded list (see above link to its source code. That's what frustrated me about MinMinGuard. If I'm going to block this stuff I'd rather not have a hardcoded list as ad blocking should be equal opportunity if a user is going that route.)
under here it's really about getting familiar with names of ad networks. Here's a hint
I just downloaded a random app to find one with a bunch of fun things.
*screenshot
Great guide, thank you.
royeiror said:
Great guide, thank you.
Click to expand...
Click to collapse
yw, thanks for the nudge to put it together
Also, note disabling some activities core to an app can cause loss of functionality, force closes, icon removed from the app drawer, etc. That's why I toggle showing the long description of things (that <> button) so I know which are main pieces.
Unity is a library for game development so most of it is actually the app if you see that one a lot.
Sometimes I use the search to look for ad, analytic, track, campaign
Official worst app I've seen for ad activities : agar.io
It's one of the Google recommended apps of 2015 and I was able to find and block 35 ad network activities.
I can't imagine what it's like to actually play the app and what info about you gets collected
@jawz101 : There is an older thread where is shared this app along with an guide which stuff to disable: [SHARE] [APP] MyAndroidTools + Guide to disable some Play Services processes Add it to OP...
@Force I'm wary of disabling too many Google Play Services. I mainly look at the analytics and ads stuff but even then I wonder what repercussions any of it has on battery life. Say, if an app calls for a specific function and it's no longer able to retrieve the information would it cause a force close or get hung in some loop and chew up CPU? I dunno.
Anyone having FCs with the latest version?? It doesn't seem to open at all.. I have a note 4 N910C, on 5.1.1 COJ5, rooted, xposed.
i have been using this for many roms and it saves loads of ram and helps your phone/tablet boot up quicker,i read somewhere that it dont work with xposed or mm both are wrong because i use it on AICP MM ROM and have Xposed installed for XinternalSD and have had no problems at all.
I do submit any crashes if they happen and have emailed the dev in the past when crashes happened. I used to get app crashes until several months ago when trying to backup the current config or when clicking the Content Providers menu option but no longer. Sometimes I completely wiped my device to get it to stop crashing. Since it's been updated these past few months those problems don't occur.
You may want to try reinstalling the app, clearing its data, rebooting, etc to see if something fixed your app crash. Make sure your device I is rooted and the My Android Tools app does indeed have root privileges. Given the nature of the app it may take some error submissions and logcats sent to the dev.
Good to see that somebody reviewed and created a thread for this great app.
Just one question here (if someone could help out) - unlike other apps, Skype seems to be way too stubborn. By mistake I once turned off the connectivity change broadcast receiver. Now, no matter what I do I cannot toggle this receiver back on. WHY? I tried pretty much everything. Rebooting, enabling the receiver from within SD Maid pro, tried making a backup of MAT and then editing this backup manually to remove the tweak for skype but it all failed. With other apps I can toggle their receiver, activities and everything however I see fit and the toggles remain put. With Skype, however, it's a fail. Any help?
Let x
Great tutorial.
As you seem to be very clever with MyAndroidTools, do you have any idea how to spot the services to disable with MyAndroidTools, in order to kill UC news inside the 11.4.5.1005 UC browser last release :
For more or less one week, UC browser has become unusable for Android nowadays with forcing every user with b******* news, foxnews search engine, star magazine search engine, googlenews search engine, yahoo search engine, uc browser search engine, 9app, music player and many more.
Do you think MyAndroidTools could be able to strangle this overwhelming flow of stupidity ?
If yes, there are so much possible items among Services (run whenever), ...
What could be a method to spot the tap and turn it off?
thx
is there any FOSS alternative?
Can't locate in the Play store?
Has the app been removed from the play store? If so is there any chance you could make the file available here? This has been a favorite app of mine for quite sometime. Would hate to see it fade into oblivion.
Guys this was a one-stop app for me...can somebody make the apk here??
Sivabalan said:
Guys this was a one-stop app for me...can somebody make the apk here??
Click to expand...
Click to collapse
I don't know if I would be violating any XDA rules or not. For sure this app is no longer available on the Play store and the developer unfortunately didn't respond to my email. If I can be assured that I'm not violating any XDA rules, I'll gladly share. PS, I love this app I use it for so many things
Bobbaloo said:
I don't know if I would be violating any XDA rules or not. For sure this app is no longer available on the Play store and the developer unfortunately didn't respond to my email. If I can be assured that I'm not violating any XDA rules, I'll gladly share. PS, I love this app I use it for so many things
Click to expand...
Click to collapse
Buddy it's available in apk mirror portal.
App was removed from Play Store how to get the Pro now?
I bought it but if it's in my library its a pita to search a misplaced tap and you back to the top of the list
How I can get this app? It's no longer in the AppStore. I bought the Pro Version.
Bobbaloo said:
I don't know if I would be violating any XDA rules or not. For sure this app is no longer available on the Play store and the developer unfortunately didn't respond to my email. If I can be assured that I'm not violating any XDA rules, I'll gladly share. PS, I love this app I use it for so many things
Click to expand...
Click to collapse
I bought it on google play and suddenly it disappeared. I contacted the creator and he wrote me he violated some rules (?) of google play and they cutted off his account, but he send me the full apk. But I don't know if I can share it here and if he wants to share the full version. Anyway it's still possible to find it on some websites (apkmirror and something else).
I'm satisfied with it, expecially after I lost money buying autorun manager pro (the developer is not releasing new version, he said he's not interested in it anymore).
Anyway, if someone has any alternative to suggest to My Android Tools Pro it would be good.
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
The Answer Has been moved to a thread dedicated to security question and other advices to modify safely our Android Devices
Here is the post
Raiz said:
It absolutely doesn't, please don't download them, those are mostly commercial sh*t apps full of ads that plays with the fears of users.
Android Security advice :
• Just don't install apps that you don't trust (apk files and weird looking Google play apps)
• Never share your passwords with somebody not trusted, use a different one for each of you accounts.
Find more here :
https://forum.xda-developers.com/general/security
General security and privacy:
• a VPN isn't a magic app that allows you to go completely invisible, even I can find who you are simply by using your latest Instagram post, the government doesn't have money to spend spying on you anyway
• Public WiFi internet browsing is like taking a bath naked around other people, everybody can see what you're doing and can interact with your browsing by sending you pop up messages on your browser. In that case the VPN is useful. But please don't use anything other than your WiFi network to pay online.
• Change password at least once a year
• For God sake be careful on what you share on social medias !
• If someone blackmails you, just ignore him even if he show you he has your real password/footage of you doing nasty things, most of the time they haven't and tries to scare you. But take action on your account, just don't answer them.
• Not having any of your IRL infos online is a good idea, but it tends to be more and more difficult because of Google assistant, and other Google services that are super intrusive (I mean even with your YouTube Google know your tastes better than your buds). But don't panic, if you're not a terrorist or a criminal you're not risking your life.
Keep in mind that your security is fine most of the time if you have solid password, and you don't give them away, but your privacy is not if you have a social media account of any type. If you post something on the internet, remember it'll stay forever out there, whatever you do !
App that I use to keep my Android phone in good health (install them sometimes to clean up/check on my phone's state then I uninstall them):
Google File Go (cleans files)
AccuBattery (check the battery health)
CPU-Z(has everything you want to know about your device)
When I need to backup an app's data or the entire app:
Titanium Backup
Here you go, I gave you very few the security advises, there are plenty more, don't hesitate to check the internet out for more !
Have a nice day
Click to expand...
Click to collapse
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Sent from my OnePlus7Pro using XDA Labs
spart0n said:
I have 2 edits to your suggestions
1. Change your passwords monthly, preferably using a password manager that suggests really hard random passwords
2. Swift backup is much newer and more efficient than titanium backup ever was.
Click to expand...
Click to collapse
I'll update my first post continuously with every recommendation that'll follow on this thread to create the sort of "Index of Android Security". I created a new thread for security questions
Didn't knew about swift backup, what a great app!
patricia123 said:
Hey !!
Do Andriod phones need antivirus or internet security as a must? If so provide me some links..
Thankxxxx in advance
Click to expand...
Click to collapse
Viruses don't really exist in android. You can be targeted with malicious code but that is only if you open, tap on or accept something without knowing what it is.
For instance, someone could send you a link or a photo that has malicious code embedded in it, when you open it or accept it, then the malicious code has access to your device and your data.
As long as you know that you are dealing with a trusted source, you should be fine. But, if you are the kind of user that goes all over the internet opening things without knowing what it is, you will quickly find yourself targeted by malicious code.
Become a responsible, informed user that is aware of the dangers and what kinds of things can be a problem and you should be fine.
Sent from my SM-S767VL using Tapatalk