I have come accross multiple applications on the Play Store which are able to succesfully track the activity of a Whastapp Number.
I am a web developer myself having basic knowledge in WEB API's etc. I was really intrigued with the accuracy of the app called "WhastLog: online last seen" . My question is what do these applications use to track a number because there are no public API's existing as far as i know, and can i myself try to code and reproduce the results. Anyone who can point me in the right direction is appreciated. I have found a few open source projects on GitHub but most of them require QR code authentication.
Related
Just read this article via gizmodo and this is definetly a must have for some of us who are paranoid which is just about everyone .
Overview
A joint study by Intel Labs, Penn State, and Duke University has identified that publicly available cell-phone applications from application markets are releasing consumers' private information to online advertisers. Researchers at the participating institutions have developed a realtime monitoring service called TaintDroid that precisely analyses how private information is obtained and released by applications "downloaded" to consumer phones. In a study of 30 popular applications, TaintDroid revealed that 15 send users' geographic location to remote advertisement servers. The study also found that seven of the 30 applications send a unique phone (hardware) identifier, and, in some cases, the phone number and SIM card serial number to developers.
Source:http://www.appanalysis.org/
It´s not released yet. Are there any other similar monitoring apps out there? This was something I´ve been thinking / worrying about since getting my sgs 3 weeks ago...
Near enough every app you install requires / wants at least full internet access. Not sure what private data is accessible, but this is a great source for profiling and could of course be used maliciously.
markwil said:
It´s not released yet. Are there any other similar monitoring apps out there? This was something I´ve been thinking / worrying about since getting my sgs 3 weeks ago...
Near enough every app you install requires / wants at least full internet access. Not sure what private data is accessible, but this is a great source for profiling and could of course be used maliciously.
Click to expand...
Click to collapse
It looks like it will be soon.
Where can I get TaintDroid?
We will be making TaintDroid open source. Information to obtain the TaintDroid source code will be posted to this page.
Won't be an APK though, they have updated to say it's need to be built in to the ROM. Source should be realised and nothing stopping the modders from adding to their ROMs.
Update for those interested in installing TaintDroid: Tracking how apps use sensitive information required integrating our software into the Android platform at a low level. As a result, it was not possible to implement TaintDroid as a stand-alone app. Instead, to use TaintDroid you must flash a custom-built firmware to your device, similar to a number of popular community-supported Android ROMs. In the coming days we will open-source our code through a publicly-accessible repository. Please send an email to [email protected] if you are interested in receiving a notification when the source code is available. Thank you for your interest in TaintDroid!
Click to expand...
Click to collapse
That works for most off us here who are rooted.
Sent from my Nexus One using XDA App
Sounds interesting, but I have to laugh at the use of the word 'taint'. Was DurfDroid taken?
The source code and instructions for compiling into kernel (Nexus One) are now given at the site:
http://appanalysis.org/download.html
This cannot be installed as an app (.apk), it's a compile into your own kernal effort at this stage.
Hello,
I am not completely new to programming, I have experience playing with Basic, HTML, and some C, but have never developed an app. The two apps that I have in mind will be my first.
Before I get started though, I need to find out whether the database I need is available or if I will have to build one myself.
What I need is to be able to submit a query containing either: a zip code, GPS coordinates, or city name, and return: the city name, state, county, zip code, etc... yes it will be a BIG database and a lot of work.
I think Google has all of this information in Maps, but would they allow me to fetch such information from them? AND.. if they do, and if I make this a cross platform application (such as web, iphone, or blackberry, in addition to android), would Google still allow my access to their database?
Thanks for any input.
Work-In-Progress
Domain is up
AppFeed.net
Coomon problem:
As many of you knows, there is no app or service for Android where users can request notifications of application updates, especially the price changes (mainly price drop), or updates for slow updating apps.
Solution:
My solution was to develop a website where users can add applications to a list, and get a unique RSS/Atom feed that notifies them whenever the apps gets updated (Price, Version, etc).
The feed can be added to any application that support it: Desktop Readers/notifiers (tested with Thunderbirds), Web-based readers (Tested with Google Reader).
I intended to add other forms of notifications, but later found that with the service if this then that I can create tasks that monitor my unique feed that do everything else: Email notifications, Twitter posts, or any other channel provided by the ifttt.com service.
Usage examples:
Some usage examples for such a service:
1) I like a paid app, but its cost is a bit high for me, so I add the app to my watch list to get notified if/when the app gets on sale, instead of having to check frequently or miss an opportunity to get the app during a great sale (happened to me few times already).
2) I like and played a game, and finished all levels, the developer promised extra levels, instead of leaving the game installed on my device and wait for updates, I can uninstall it and add it instead to my list and get notified when it's updated.
3) With Android Play Store auto update feature enabled, I miss most app updates, with notifications on selected apps I can see when those apps gets updated.
4) Other usages...
Status of the project
Currently this project is being developed and tested by just myself, and it seems to be working as expected. But to have a good service, I need some to extra help to test it better, to suggest features, etc.
What is mainly missing is some legal advice, such as a privacy policy and term of service, and on whether I can put up such a service (does Google allow this kind of service? knowing they do not provide API for the Google Play).
What is still missing the some text, I am not a native-English speaker so still trying to put things correctly.
Privacy
I take privacy issues very seriously.
To make this service work, I opted for using 3rd party sign-in (Google and Twitter), what is saved on the DB is a hash of the sso unique token, not even I can get the clear one. User name and email are required, and are saved encrypted in the DB (with AES), and get decrypted only during login to show your name on the top bar, nothing else.
Here is a screenshot of the main wishlist:
And here is what you get in the rss feed, through Google Reader:
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Moving to Q&A
lufc said:
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums & Read the Forum Rules
Click to expand...
Click to collapse
My topic is more development than questions, maybe not an Android App but and Android service
Updated post #1.
project is going well, anybody is interested, please let me know (by leaving a comment), if I get enough feedback, I'll get a domain and host it somewhere, currently it is running on a personal domain.
Update:
Got a domain for my new service, and now it is up and running.
check the first post for link and info
Hi,
while using google for authentication, I am actually notified that your website wants to "manage your contacts".
What is the reason behind that?
Thanks a lot
ale
alanzed said:
Hi,
while using google for authentication, I am actually notified that your website wants to "manage your contacts".
What is the reason behind that?
Thanks a lot
ale
Click to expand...
Click to collapse
For the authentication I use the HybridAuth library, and this is the minimum that I can ask for from Google for use the OAuth authentication, if there is anything less, I'll do it, but I can't find how.
Twitter authentication has just Read Only access (Minimum available).
Update:
Found the solution, now it doesn't ask for Manage Contacts...
Hello all,
Recently I got a new phone and installed it using LineageOS + microG. Many Android apps rely on the Google Apps API, but many people no longer trust Google for various reasons. In response to this, microG was created as an open-source re-implementation of the Google Apps API.
The thing is, once you step outside of the Google sandbox, there are a few features you might miss and this thread intends to express my experience moving off the Google network. This is organized with the most important considerations during your transition away from googledom at the top:
Play Store
You're probably used to the Play Store, and you may even use apps that are not owned by Google but where to get them without logging into Google?
Enter F-Droid: a FOSS repository for Android apps. There is an app called "Aurora Store" which connects to the existing Google Play store, but without using the Google app---its just a play-store client!
First, install F-Droid using the APK they provide.
Install Aurora Store using the F-Droid interface from your phone.
Login with an existing Google account or the provided anonymous account.
Then download whatever you want from Aurora and it will come from Google Play.
This is a good time to install your firewall (AFWall+ or orWall) before testing a bunch of apps. Default-deny/explicit allow is the best policy. See the firewall section below.
Contact Sync & Calendar
You can still use Google's storage if you wish, or at least use it temporarily to move to a private DAV server. Install DAVx and follow this guide to (at least initially) sync your contacts and calendar from Google. Then you can use the calendar that comes with LineageOS/AOSP. Non-google Cal/CardDAV servers are available, or your can host your own on something like NextCloud.
Navigation
I'll break this into two parts: Location services and Nav Software:
Location Services
The microG Unified Network Location Provider (UnifiedNlp) is used to find your current latitude/longitude. In addition to your on-phone GPS hardware (which is typically slow to get a location fix), microG uses different backends to discover your lat/long with faster resources such as cell tower signal strength based on known tower locations. See "Apps->microG->Location modules".
nominatim - Converts addresses to lat/long
Uses OpenStreetMap by default
Can optionally use the MapQuest API for address resolution. You will need an API key from MapQuest.
The GSM Location Service (gitlab) can use an OpencellId database to find cell towers. It first downloads a database and can from then on get a lat/long location without Internet connectivity.
Mozilla Location Service: uses Mozilla's online database to find lat/long, requires network connection.
See the Unified Network Location Provider (UnifiedNlp) link for a full listing and detailed description:
AppleWifiNlpBackend - Uses Apple's service to resolve Wi-Fi locations. It has excellent coverage but the database is proprietary.
OpenWlanMapNlpBackend - Uses OpenWlanMap.org to resolve user location but the NLP backend did not reach release-quality, yet. Users interested in a freely licensed and downloadable database for offline use should stick with openBmap for now - Last updated in 2015
OpenBmapNlpBackend - Uses openBmap to resolve user location. Community-created, freely licensed database that can optionally be downloaded for offline operation. The coverage varies from country to country (it's best in central Europe).
MozillaNlpBackend - Uses the Mozilla Location Service to resolve user location. The coverage is OK. Only the cell tower database is free.
LocalWifiNlpBackend - Local location provider for Wi-Fi APs using on-phone generated database.
LocalGSMLocationProvider - Local opencellid based location provider backend. Has been surpassed by LocalGSMBackend which also has an OpenCellID option - Last update in 2014
LocalGSMBackend - Local location provider for GSM cells. It works offline by downloading freely licensed database files from Mozilla, OpenCellID, or lacells.db.
Nav Software
These navigation packages download maps to your device so you can navigate without network connectivity! (Read the text-to-speech section below if audible announcements.)
Organic Maps is the most user friendly, others are more technical:
Navit
OsmAnd
ZANavi
You'll have to try it to see if you like it. If you really prefer the more user friendly features that Google Maps and Waze provide, then I know at least Google Maps will install from the Aurora store will get your location using the UNlp backends from microG (above).
Firewall (requires root):
I've not found anything better than AFWall+. orWall is an option too, but I've not tried it. Drop a comment if you have a firewall you like better. Generally speaking you want to disable all network and then only enable what you need.
By default I disable everything. At a minimum, you probably want to enable these apps:
NTP for time sync
Aurora Store
DAVx
F-Droid
Location:
GSM Location Service (to download cell database)
GSMLocationBackend (to download cell database)
Mozilla Unified Nlp
Nomanatim Geocoder backend
microG Services Core is needed for some location downloads to work (I think...)
Network Manager so it doesn't say "limited connectivity"
Phone and Mesaging Storage for SMS and such.
Text-to-Speech (TTS) Engine
eSpeak will verbialize text which is useful for mapping software annoucements like "Turn right at the next intersection". Without a TTS engine you will not hear any navigation advice. When you run eSpeak the first time go to "eSpeak->menu->General TTS settings" and select "Preferred Engine" and then select "eSpeak" so it will download the voice model.
I find the voice is choppy so in "menu->eSpeak TTS settings" change the speech rate to "80 WPM". This is slow, but then you can go to "menu->General TTS settings" and set the "Speech rate" slider to run at a reasonable speed with less chop. Adjust your language and other parameters to your preference.
Speech-to-Text (STT)
One of the great things Google provides is speach-to-text, but unfortunately there are not many great replacements here, or at least not yet. There are a few projects being worked on:
LocalSTT is a proof of concept to support the microphone button on some keyboards like AnySoftKeyboard.
This page has an en-US build of LocalSTT (.apk) that works on Android 11.
vosk-android-service is a work in progress. Check it often and encourage the developer, it appears to be the first promosing STT option that does not need a network backend to convert speech to text:
Kõnele (github) provides STT service but requires a network server to do the translation. You can setup your own server, and maybe even deploy that server on your phone but I've not tried so post a comment if you get this working.
Keyboards
If you use swipe, then you can try a few alternatives:
OpenBoard
AnySoftKeyboard
Of course you can always install "GBoard" if you need to, just firewall it off
Email
I have found FairEmail to be a great open-source IMAP/POP3 client with a focus on privacy.
SMS
I use Signal from the Aurora store as my default SMS app because the android SMS app wasn't always waking the phone. This is probably a LineageOS bug, though, not a microG bug. The privacy feature is neat if you and your peer are both on Signal, but most of my texts are things like "please bring home milk" so I really don't care about the private text messages. (Of course now that I say that I'll start getting milk advertisements...)
Actually if you have an SMS app that you really like, please post it in the comments. I've never really loved any particular SMS app so something great would be great!
Browser
I'm sure everyone has an opinion on browsers. My favorite is Firefox Mobile and I always install the NoScript plugin so javascript is off by default. It is difficult these days to exploit a vulnerability in a browser, to advertise or to track you without some JS help, so only enable JS for sites you trust. There are many private browsers so I'll let you do your own research.
SafetyNet
See "Apps->microG->Google SafetyNet" because there is an option for it. For now I've been fortunate not to need any apps that need SafetyNet, so untested by me. The microG core does support it, read this article and this ticket for more detail.
Closing Thoughts
So thats about it, the rest is just normal use of your phone the way you normally would. I've been daily driving this config for a while and so far no real issues. GPS works, I can text and make phone calls, and do my occational browsing about the latest Linux Kernel features, maybe lookup a recipe or a HAM radio repeater frequency. It will be interesting to see what the future of microG is, but for now, I like that it gives me greater control of my device.
Cheers,
- Eric, KJ7LNW
Can someone point me to more information about what "trackers" & tracker "classes" are?
For example, using the best FOSS App Manager I know of, the Microsoft Link-to-Windows app shown in my annotated screenshot below happened to have 6 trackers with 632 classes.
NOTE: I could have picked almost ANY app to show it has trackers & classes so this question has nothing directly to do with THAT app.
While I avoid Microsoft/Google/Apple/etc motherships as much as I can, I don't understand what "trackers" and "tracker classes" are yet, so I don't know how to best avoid them (nor why I might want to).
Note: The name alone sounds ominous, but that's just a name.
What are trackers & tracker classes doing on our Android phones?
Where can I find more information out about the ramifications of apps with trackers?
Does the Aurora Store FOSS Google Play Store repo client have a hidden option to filter out apps with trackers yet?