The use of "encryption" in those "secure" gallery apps - Android Software/Hacking General [Developers Only]

Thought y'all would find this interesting. So you know all those apps on the Play Store promising to securely hide your files from prying eyes? While some of them are really good (one even claiming to support TrueCrypt data stores), I've found that most of the popular ones use rather lacking methods of protection. While this might not come as a surprise to most of you, I feel like we should raise awareness to things like this. I took a look at a rather popular one of these called "GalleryVault" (or "Gallery Vault", they can't seem to decide on the spelling for their name) which has over 10 million downloads, boasts security in it's listing, and I hear being recommended all the time.
Turns out, their fancy encryption is a few static DES keys, an MD5 hash concatenated with a SHA hash for storing the pin code (to make it look scary i guess?), oh and hiding the "encrypted" files inside PNG's. Best part is, you don't even need to be root to access the app's data, cause it conveniently copies it's private data folder to the sdcard for ya.
It seems like they went out of their way to make it as insecure as possible, which seems to be a common trend among these sorts of apps. It sucks because there are apps which do a decent job at protecting the user's data, but they don't get as much attention with apps like Gallery Vault stealing the show. I wrote a blog post going into more detail and an app that can crack the pin code for Gallery Vault, which you can find here: Mod Edit :- Links Removed

Thread Closed.
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
Click to expand...
Click to collapse
Thanks
SacredDeviL666.

Related

Torrent/Magnet links?

Hello Android users and devs!
First of all I want to apologize for posting in the General Discussion, but I do not have enough posts to do it in the Development Section.
Also I am not aware whether this has been already discussed or is it forbidden (I didn't found such restrictions in the rules)
Anyway, since I got my Desire S this forum is the primary source of information for me, as well as for all the other visitors around.
And especially when it comes to custom rom files there are troubles with dead links, crappy file sharing sites with stupid limitations, etc.
So I think it will be much more convenient for everyone (devs and users) to use the torrent system via magnet link (combined with QR scan maybe) for all the files that are posted around here. The download speed will be much better and all that have downloaded the file once will contribute by seeding it to the others. And of course via the appropriate client the files can be downloaded directly to the SD Card (this is of course possible now through the phone web browser, but a lot of steps are required - waiting, human security check forms, etc.).
Looking forward to your comments.
amidabuddha said:
Hello Android users and devs!
First of all I want to apologize for posting in the General Discussion, but I do not have enough posts to do it in the Development Section.
Also I am not aware whether this has been already discussed or is it forbidden (I didn't found such restrictions in the rules)
Anyway, since I got my Desire S this forum is the primary source of information for me, as well as for all the other visitors around.
And especially when it comes to custom rom files there are troubles with dead links, crappy file sharing sites with stupid limitations, etc.
So I think it will be much more convenient for everyone (devs and users) to use the torrent system via magnet link (combined with QR scan maybe) for all the files that are posted around here. The download speed will be much better and all that have downloaded the file once will contribute by seeding it to the others. And of course via the appropriate client the files can be downloaded directly to the SD Card (this is of course possible now through the phone web browser, but a lot of steps are required - waiting, human security check forms, etc.).
Looking forward to your comments.
Click to expand...
Click to collapse
I'd suggest that you post this question within this the XDA forum in the chance that one of the mods will answer as this relates to rules and policy and isn't something that a member can answer.
Thank you for your reply! I agree on the policy matter, but my general idea was to start a discussion on this topic. In my opinion the torrent system is much more friendly when it comes to file sharing and I was curious is there people around that agree on that, especially the regular users like me and also the developers that are posting files all the time. One of the advantages as well is that on single torrent there can be multiple files attached.
So what do you think?
Sounds like a great idea
amidabuddha said:
Thank you for your reply! I agree on the policy matter, but my general idea was to start a discussion on this topic. In my opinion the torrent system is much more friendly when it comes to file sharing and I was curious is there people around that agree on that, especially the regular users like me and also the developers that are posting files all the time. One of the advantages as well is that on single torrent there can be multiple files attached.
So what do you think?
Click to expand...
Click to collapse
I totally agree with you, but unfortunately if the people here at XDA don't then its a wasted discussion.
Ok, there is the new thread. Let's see what will be the verdict

Do you guys use dropbox?

In case you're not familiar, dropbox is a free service that provides 2.5gb of FREE online storage. It is is nice to be able to back up and access from any computer in the world your most important files(and now it automatically backs up every photo you take with an android phone)
Essentially what it does is put a folder on your computer which you can move files to. Any file in that folder is automatically uploaded to their server, which you can get at any time. It will also sync between multiple computers or smartphones.
I just thought I'd share because it's a service I can't live without, and it certainly provides piece of mind to have everything important backed up. I keep my resume, car titles, etc, on there, as well as my entire e-book library.
If you're interested in trying it, please click the link below and we both get an extra 500mb of storage space when you sign up.
Sorry, already do, and it's one of those things that board the "Can/can't live without" line pretty narrowly.
As long as there's a computer or relatively fast network around, you'll never have a moment when all your vacation pictures or that important spreadsheet is unavailable ;D
Of course I use Dropbox! But, I won't post an invite link, like you did.
There's also Box.net. I signed up at the right day and got 50 GB. If you use an app called FolderSync, you can sync effortless too.
Yes. I just got a mail from them that refer a friend and they will add 500 mb storage to your account. Max up to 16 GB. I have never gone beyond 2 gb lol.
Yup have been for years sorry though but i think the posting of dropbox referrals is a kinda gray area in the rules on the site...
Works really well with Titanium Back Up on an Android phone. Just don't have to worry about hradware problems loosing data and progs. The free 2.5 gb is more than enough for that.
Nope.
Tbh, as much as I like the fact you are giving people info on dropbox and its usefulness, I'm not so keen on you posting your referral link. If we allow one, then others will also post similar threads. What I suggest is you:
A.) Add referral link to your sig
Or
B.) Add it to your rom/theme/mod/etc thread's OP (if you have one) as a thank/donate type item.
For the above reasons I ask you to remove the referral link in OP. If not removed within 24 hrs I shall remove it myself and may be forced to issue a punishment, which I do not want to do. I hope you understand
Ta
Rick
...........................
You can lead a fool to wisdom but you can't make him think! XDA, mobile wisdom, not a n00b feeding ground!!
i just register dropbox and will give a try to use it
Of course I use it! I've an student account so I've got double space on it.
The integration with Android smartphones and the computer is simply awesome.
I've got a Box account also because there was a promotion few weeks ago, if you installed the box app on our android phones they give us a 50GB account so, it's pretty awesome also
I use it . Thanks for the tip on Box .
.
Thread moved to Q&A due to it being a question. Would advise you to read forum rules and post in correct section.
Failure to comply with forum rules will result in an infraction and/or ban depending on severity of rule break.
Dropbox
Yeah, i've been using dropbox for 2 years now, as far as i can say it saved my life a couple of times

VIDEO-TUTORIAL switch between European and Chinese firmware in NUBIA RED MAGIC 3

Read and use google translate if you need in the video discription, sorry.
Mod edit: Link removed. THREAD CLOSED!
XDA Forum Rules (excerpt):
...
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
...
Click to expand...
Click to collapse
My phone will arrive tomorrow... I ordered in India so maybe I will receive the global version... Do I need to switch to Chinese firmware? I mean what's the difference
souma_rox said:
My phone will arrive tomorrow... I ordered in India so maybe I will receive the global version... Do I need to switch to Chinese firmware? I mean what's the difference
Click to expand...
Click to collapse
It depends on what you need
Global ROM has gaming mode but it's mostly stock android
China ROM is themed quite a bit (themes custom launcher etc) but it has stuff like gestures however it's missing Google play store so it really depends on what you want I'd you don't need Google play and you want gestures etc China if you want stock like android and play store go global ROM simple as that

[CLOSED] Is Unlocked Bootloader Easier to Crack/How to Secure?

In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and delete the lockscreen password! But now devices are encrypted and that can't be done anymore. I also experience that some security apps require root for their full features (Android Lost). But I'd think it'd be easier to inject some sort script or flash something to help them with trying to get into your device (like removing the unlock attempt limit like is done with iPhone). Luckily Oneplus can relock with custom ROM but most can't ) : .
If you wanna talk about specific devices, maybe talk about Xperia Z5 II and/or LG G8 Thinq.
And whether it IS or ISN'T less secure, what can be done to BEST secure a device? Whether official or not.
MOD ACTION:
Thread closed as duplicate of https://forum.xda-developers.com/t/is-unlocked-bootloader-less-secure-how-to-make-secure.4493067/
@PHANX0M
Please read Rule 5 and avoid posting multiple threads:
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
Click to expand...
Click to collapse

[CLOSED] Any disadvanages with using esim.me instead of a pre-installed eSIM chip?

So... I'm thinking about buying a new phone soon, and I had pretty much decided on the Asus Zenfone 9.
However, I just noticed it doesn't have eSIM built in, and this function is fairly important to me as I travel a lot.
But then I found out about esim.me claiming:
"It is no longer necessary to buy a new smartphone with a permanently installed eSIM chip (eUICC) to use eSIM - thanks to eSIM.me!
The eSIM.me card is not a conventional SIM card!
In the eSIM.me card, the eSIM chip (eUICC) was embedded in a SIM card form factor and made compatible with mobile radio end devices using proprietary firmware. The eSIM.me card is therefore a mobile storage medium for eSIM profiles, which for practical reasons has the form of a SIM card. "
See: https://esim.me/blog-about-esim/the-esim-me-revolution
So my question is... Apart from having to use their app, are there any drawback with using esim.me compared to a permanently installed eSIM chip? And if so, what would they be?
Would it be things that could impact connectivity, speed, reach etc?
I really would like to know before investing a lot of money into a new phone, so I'd appreciate your help!
MOD ACTION:
Thread closed as duplicate.
@white-k
Please read Rule 5:
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
Use our search function to find the best forum for your device.
Links to an external source are only allowed if relevant to the topic in hand. A description must be included, no copy & pasting from the original source.
Self-promotion is forbidden, this includes blogs, social media and video channels etc. Random links will be removed.
Click to expand...
Click to collapse

Categories

Resources