Hey all -
I apologize if this has been covered previously, but searches in the android forums here didn't produce results.
Is there a solution for viewing encrypted network traffic on Android? My colleagues and I use Charles Proxy to watch and alter encrypted traffic on iOS devices with relative ease, without having to involve an entire team of people to run some simple tests when we need to. Unfortunately, it doesn't appear that solution works for Android, even if you have a proxy option in the device network configuration.
Does anyone have suggestions or links to existing documentation which would provide a solution to this testing scenario - or perhaps suggest a different approach, preferably one which would not involve coordinating with folks at another site?
Thanks for reading,
Sean
Sent from my T-Mobile G2 using XDA App
i'm am developing an android game .i want the users to access the game through either password or pattern recognition method .can any one provide me the password and pattern recognition code and how to redirect after we get the desired password.urgent help needed .pls help me out
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Bash bug
Hello, I just read this article on The Verge: http://www.theverge.com/2014/9/24/6...odays-bash-bug-could-be-breaking-security-for
What could be the implications for Android users?
For example, my phone appears to be vulnerable, according to the test from the article.
I'm using a Samsung Galaxy Express GT-I8730 running latest CyanogenMod 11 (September 21) from http://forum.xda-developers.com/showthread.php?p=53616202#post53616202
Hope this one transcends the conspiracy level as I've not done any background research. Just wanted to share as it seems legitimate. Somewhat older but I guess still valid. Shouldn't all developers move to Replicant or at least close the backdoor mentioned in this article?
https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor
Would it be okay to cross-post an "I'm a dumbass, what do I do now" question here from http://forum.xda-developers.com/htc-one-m8/help/oops-potential-malware-root-privs-s-t2927813 ?
tl;dr- I ran something as root that smells of malware, how do I recover from this? (Good news is that only my system and recovery were unlocked, not the other firmware parts.)
jcase said:
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Click to expand...
Click to collapse
What about Security News related to Android?, Can we share here?
Is asking about security protocols allowed. Xfinity tv will not allow me to mirror to my tv through the app. Security protocols prevent it for some reason. Is there a way around this ? If not it's no big deal
jcase said:
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Click to expand...
Click to collapse
Hi jcase,
Could you please tell me if questions about unlocking bootloader are appropriate ?
With my SAMSUNG Galaxy A5 2016 smartphone it's easy to unlock bootloader. I have to click on the appropriate choice in the developper options menu. And you can do that without rooting your device.
With others devices it seems to be less easy. My question in this case is : do we have to root the device to unlock bootloader ?
I hope this question is appropriate in this forum and if not, feel free to clear my post.
Thanks.
iwanttoknow said:
Hi jcase,
Could you please tell me if questions about unlocking bootloader are appropriate ?
With my SAMSUNG Galaxy A5 2016 smartphone it's easy to unlock bootloader. I have to click on the appropriate choice in the developper options menu. And you can do that without rooting your device.
With others devices it seems to be less easy. My question in this case is : do we have to root the device to unlock bootloader ?
I hope this question is appropriate in this forum and if not, feel free to clear my post.
Thanks.
Click to expand...
Click to collapse
Yes they are appropriate, but the answer depends on the device, and firmware
Give it's clearly a fingerprinting issue... can I ask my GSFID questions here?
I have managed to change my supposedly permanent GSF ID (Google services framework ID) without needing to be rooted, specifically so that my phone is less vulnerable to malicious fingerprinting.
Given I realize almost nobody knows how to change the GSF-ID (it took me hours to figure it out but only minutes to perform), I can't really ask this in a general forum (as it's a deep-down security question for people who actually know how Android works and how apps work inside of Android with respect to tracking the user).
Specifically what I don't know is why this unique ID (which uniquely identifies your phone!) isn't supposed to be changed, nor do I know what apps are doing with it - but I do know that it's super freaking important to Android (I can give gory details what happens if/when you change it for example).
It seems only "some" apps (those linked with GSF API's perhaps?) use this supposedly permanent personal tracking ID to watch your activities; but maybe they all do for all I know (I'm not a developer).
I'd like to ask for MORE INFORMATION about how the GSF ID (and perhaps the Android ID too) are used by Android & by apps, but there's almost nothing out there on the Internet about them (ask me how I know this).
Give it's clearly a fingerprinting issue... can I ask my GSF_ID questions here?
I'm confused as I haven't seen an answer and I gave the query above almost a month, so I posted the question here, hoping it will both edify others in security issues (fingerprinting specifically) and help me get the answers.
Hello everyone,
I'm a software developer and I am currently writing my first app that runs on the Android platform. It is a two-factor token app that will run on any Android platform which is using API level 19 or higher. Due to the nature of this app, security is of the highest importance. I recently found out about a service that AT&T provides called Authentication and Verification service which is supposed to help with SIM-jacking attacks. However, the only information that I can find is on this blog post from about 2-1/2 years ago:
Apparently I am not able to post links yet because I don't have enough posts...
So does anyone have any further information about this or is anyone actually using this yet? Or is this vaporware?
Thank you.
Hi all,
I am trying to access a Chinese forum which provides a lot of information relating to unlocking / flashing etc and upon attempting to interact with the page I am prompted to sign up as a member. The only issue being is that in order to sign up I need an invitation code and then told that the site is not currently accepting the creation of general accounts.
I guess I am primarily hoping that someone might be able to provide me an invitation code. However failing that, does anybody happen to have any experience or advice regarding this site?
Any help at all is greatly appreciated
Many thanks