Related
I have been wondering a lot, and testing out different apps and functions to try and pin point what is it exactly that Niantic is tracking on Android, because of which they are able to shadowban spoofers on Android, but can't when the players on iOS do the exact same thing.
These are the things I tested:
1. Used magisk manager to hide root access, so Pokemon GO shouldn't be able to detect root access at all. If it would have detected, the game would have stopped working, so no guesses needed here.
2. Testing whether enabling Developer Options>Mock Locations is creating their red warning trigger. I have tested with both situations:
i) Developer Options>Mock Locations ON:
We can select a fake GPS app to use this feature, and spoof. The game works fine.
ii) Developer Options>Mock Locations OFF:
We can disable this feature, and use certain apps such as 'Fake GPS Pro', which has a 'root mode' in their settings menu, enabling us to spoof without mock locations.
3. Whether they are checking the if we have any fake gps app which is listed in the store, to spoof, by scanning our installed apps. For testing this, I used an app called 'Fake GPS Joystick' which has an inbuilt app cloner, thus allowing us to change the app name and install the same app again under a different package name, and then uninstall the original app.
4. Whether they are tracking the IP address to check whether the IP used at a particular geolocation during spoofing corresponds to the IP address of that particular country. I have used VPNs to alter my IP addresses(to match corresponding countries) when spoofing to different geolocations.
5. Whether a specified number of soft bans(by changing extremely distant locations in less than 2 hours) ultimately leads to a red warning shadowban. I have tried this process on both iOS and Android. I have shifted countries in less than 2 hours, causing the pokemons to flee, and pokestops to not work. Even after that, on iOS, no shadowban was triggered, but on Android, shadowban was triggered.
6. Whether they are checking in-game locations.. for example, if you are in Japan and move to Australia after 2 hours it is a red flag logically. This should be easy to track because all Pokemons that you catch have their catch location listed under it. If they track this, they can simply calculate the distance between the last activity and the next activity, but the game doesn't track this(different activities across different countries with a gap of 2 hours) because accounts doing this over and over again on iOS has triggered no ban.
7. Whether Android security patches have something to do with getting shadowbans. I have tried using 2017 and 2018 patches. In both situations, shadowban was noticed, so tracking using security patches seems irrelevant.
Off the top of my head, I have used these tests, individually, and also together, in both cases, all accounts have been shadowbanned on Android, but completely fine on iOS.
P.S. I don't care much for the game, but I am intrigued to know how the company tracks and imposes these bans.
If you have any info/comments, please help figure out their banning mechanism.
3. Whether they are checking the if we have any fake gps app which is listed in the store, to spoof, by scanning our installed apps. For testing this, I used an app called 'Fake GPS Joystick' which has an inbuilt app cloner, thus allowing us to change the app name and install the same app again under a different package name, and then uninstall the original app.
Click to expand...
Click to collapse
This can be explained by some low-level code they run to detect apps installed on your phone. In the iOS Sandbox, this is just not possible.
Please see below discord screenshot explaining this in more detail:
https://i.gyazo.com/6ecb41b2b30aa03b6a987c4e61083b73.png
LOL, pogo++ (iOS) just got owned harder than any Android punishment. Ironically, the person you quoted in that screenshot is a developer of that particular piece of software. Of course he's going to say that his solution is the best -- I'd do that too.
His solution hacks the Pokemon go app directly. Niantic has simply detected their changes, which is completely irrelevant to sandboxing protections as it's within their own app. It's MUCH easier to detect than an app/filesystem scan, and Niantic can be certain it's targeted at them (a spoofing app doesn't mean you're using it for Pokemon Go, which is why they've only asked to remove it without any further penalty back in Nov 2017 with the app blacklist).
All Niantic needs is one detection to sneak by the Pogo++'s attention and BAM, your L40 is gone.
You have tested very well but certain things you missed..
The ability of a Spoofing app to simulate Fake location matches That of Real Location?.. No in Android.. You can verify it by the Looking into Google maps and you'll spot a Lighter ring Around the Blue Dot of GPS that Ring should be larger which is equal When in Real location but the ring size decreases in Spoofing apps..
But in GPS joystick which I have been using Never gave me Any ban in past 11 months and my Main account has no Record of any bans. Because I disabled location services and moved the app to system by Root and lucky patcher
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
theseventensplit said:
Hi all, I work at a group home and one of the clients recently purchased an Amazon Fire tablet to facebook chat with his dad.
My issue is that thanks to the crapiness of humanity I know that there's a strong potential for the tablet to grow legs.
Without getting into details, the client cannot have the tablet always in their posession, and we can't conveniently lock it down anywhere, and ideally whoever is supporting him needs to have access to the tablet whenever possible.
I'm wondering if there is an app, or even better, a device, which can cause the tablet to alert my manager the moment the device leaves the property? Ideally something not easily accessed or removed.
I know getting a tablet just for facebook chat is overkill, I wasn't the one who purchased it for the client, I'm just trying to make do with what is available.
Click to expand...
Click to collapse
It's an Android right?
I had a look at the Amazon store for anti-theft apps but there were none that I recognised from sources I trust (nit that I have researched them, but maybe you can find a reliable review) You have to be certain it's from a trusted source as these type of apps require special permissions eg admin in order to do their job, and could be abused by a malicious app.
I would recommend Cerberus Anti Theft, I used them for years & they have a good reputation, even though Google removed the app form play store. This is because they had to link the Google app to additional downloads in order to maintain the functionality of the app that made it the best, after Google changed what permissions apps could be granted for apps downloaded from Google store.
You can download for Android devices from their website
https://www.cerberusapp.com/
However there is a potential problem with all antitheft apps, ie. Turning off wifi/data means you can't communicate with it(but Cerberus could be activated via SMS), also a factory reset will remove them, so if a knowledgeable person steals a phone/tablet they can remove the antitheft app, so possibly you would have limited time to activate it. Which is why I used to root & install as a system app, which meant only reinstalling the full factory Android operating system to remove it.
There should be the basic "fined my device" on Android built in (I'm not familiar with Amazon variants) but its not very powerful.
I'll look into it, thanks. It does have tracking but unfortunately that wouldn't alert in time to be able to accurately determine who took it.
If Cerberus can do sms then my manager might be able to get immediate notification if it walks away, once it disconnects from wifi
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
theseventensplit said:
What I don't get is why isn't there a hardware based solution, something that you have connected to your wifi that alerts you if devices in connected to that wifi signal get disconnected. Or even simpler, bluetooth based.
The problem is that tablets don't all have data, and if turned off they lose the anti theft features. So there needs to be something outside of the device itself that can alert the owner. Maybe it's just to specific a problem unfortunately.
Click to expand...
Click to collapse
PS. You could use Tasker app (or other automation app) on your phone to set up an alert when the tablet losses connection, if you use your phone as a hotspot, I think.
Hi,
I try to find a way to pay with the NFC option on my phone without using a 3rd party data collection service like GooglePay or AmazonPay.
SuperL0L said:
Hi,
I try to find a way to pay with the NFC option on my phone without using a 3rd party data collection service like GooglePay or AmazonPay.
Click to expand...
Click to collapse
Depends on where you are and what service your financial institution provides. The option I personally use which involves no third party provider is already a service from my bank/credit institution.
They use their own app to validate payments, because they already have my card info anyways.
The problem is, no local app can read the card's tag through the normal NFC hardware as far as I know, so a smart card reader is required to save that info, then reproduced later upon NFC payment at the terminal.
GooglePay and AmazonPay bill your financial institution directly. Ask your credit provider if they have such service.
It is easy to do this with the "Add Card" item, which appears immediately after opening the program. After clicking on "Add," you will need to enter the data of the card in Wallet and save them. You can do this both with the camera and in manual mode. After saving, your phone will receive an SMS with a code, which you will need to enter to confirm the identity of the cardholder. I recently did this as well. After I found an extra sprout, I found an article https://wealthynickel.com/how-to-make-an-extra-1000-a-month/ that tells me how to earn an extra 1,000 a month.
I am the proud owner of a brand new Isudar PX6 (tailored for my VW Golf 6), with Android 10.
I am concerned about security: I want to use things like Google maps, but also other Google Play apps (Tomtom, etc).
But if I configure my personal Google account, anyone driving the car can have access to my personal data (including mails, can purchase from Google Play, etc).
So, if my car get stolen, not only the car is stolen, but my Google account as well.
Thinking about a solution, I am wondering if there is a way to unlock the unit automatically based on a smartphone being connected using Bluetooth?
Ideally, one could configure a specific Google Account for a specific connected Bluetooth smartphone, so that my wife gets her Google account and data when driving, I would get mine when driving, etc.
Anyone having a clue on how this could be done, or suggest alternatives?
I could use a specific Google account for the car, but this has drawbacks: I'd have to purchase the same application twice (once for my personal account, once for the car account) for example.
Thanks in advance,
Laurent
Is it an MTCD device?
marchnz said:
Is it an MTCD device?
Click to expand...
Click to collapse
From what I can see (I am a beginner), it is be a MTCE.
ldebacker said:
From what I can see (I am a beginner), it is be a MTCE.
Click to expand...
Click to collapse
Post MCU version
marchnz said:
Post MCU version
Click to expand...
Click to collapse
MTCE_GS_V3.67_3
You could create a secondary Google account for free. Exclusively for use with your car head unit and not provide too much information about yourself on the acct. Especially don't setup any associated payment methods tied to the acct. If you wanted to purchase apps for the head unit, I suggest buying a Google Play gift card and load that into your head unit exclusive Google acct.
If you have purchased apps with another Google acct, you can login with the acct that you paid for the apps with. Install whatever you want and then remove the acct that you don't want to use on the head unit the rest of the time. The apps won't get removed by removing the acct. However some apps check their licenses via Google Play services so it's possible some might not work without the paying Google acct present (see Goggle Play gift card suggestion).
jlbooth said:
You could create a secondary Google account for free. Exclusively for use with your car head unit and not provide too much information about yourself on the acct. Especially don't setup any associated payment methods tied to the acct. If you wanted to purchase apps for the head unit, I suggest buying a Google Play gift card and load that into your head unit exclusive Google acct.
If you have purchased apps with another Google acct, you can login with the acct that you paid for the apps with. Install whatever you want and then remove the acct that you don't want to use on the head unit the rest of the time. The apps won't get removed by removing the acct. However some apps check their licenses via Google Play services so it's possible some might not work without the paying Google acct present (see Goggle Play gift card suggestion).
Click to expand...
Click to collapse
Yes, this is the workaround I came up with as well.
This is only a work around, though, because applications check the user account for licenses, but also for other reasons (such as having to replicate data between Google accounts, no access to e-mails, etc).
It would be much more elegant upon connection of bluetooth device to automatically switch to the corresponding Google user account and unlock it.
I use the Automate app from the Google play store to script/automate tasks like this. The tool is as easy as creating a flowchart and connecting the flow. The app is free for flowcharts having a small number of flowchart blocks. I have the paid version of the app and it does have a "Pick account" flowchart block. This probably could be called into action when a certain bluetooth device is connected. Just search Google Play for "Automate LlamaLab."
Also worth mentioning the developer of the app was very responsive and helpful when I have had questions.
Just an idea.
-----------------------
Another thought, if you were to take this suggested approach, you would still have to have both your "regular" Google account and the secondary account on the head unit. In my mind this kind of defeats the reasons for switching back and forth between accounts. I suppose it warrants the questions why the apprehension for having the "regular" account on the head unit full time and is it not safe for some known reason?
Bloody hell, is there really no way to remove a posted comment in this forum, or am I stupid enough to not see how to do it?
jlbooth said:
I use the Automate app from the Google play store to script/automate tasks like this. The tool is as easy as creating a flowchart and connecting the flow. The app is free for flowcharts having a small number of flowchart blocks. I have the paid version of the app and it does have a "Pick account" flowchart block. This probably could be called into action when a certain bluetooth device is connected. Just search Google Play for "Automate LlamaLab."
Also worth mentioning the developer of the app was very responsive and helpful when I have had questions.
Just an idea.
-----------------------
Another thought, if you were to take this suggested approach, you would still have to have both your "regular" Google account and the secondary account on the head unit. In my mind this kind of defeats the reasons for switching back and forth between accounts. I suppose it warrants the questions why the apprehension for having the "regular" account on the head unit full time and is it not safe for some known reason?
Click to expand...
Click to collapse
Many thanks for the idea. I had a look at the Automate app, and even if I am unsure I can solve my issue this way, it gives me a lot of other ideas.
One would be to install the Automate app on my Smartphone, so that as soon as I connect to my Head unit using Bluetooth (which is done automatically), my mobile phone would turn cellular data on (I am an old fart, I only connect to 4G when I need it ;-) and the Wifi hotspot. This way, my PX6 head unit will automatically be connected to the internet when driving (and reverse operations when I get out of my car).
Coming back to the idea of having different Google accounts, I need to think how I can do this. Switching would be no problem, but this would still mean pre-configuring the accounts on the head unit.
May be I could have the Google accounts configured, but password protected (I don't know if this is feasible), and emulate the password entry using Automate, which would get the password from a source file hold on my mobile phone for example(if that is feasible, I don't know if file sharing is allowed in the Bluetooth profiles of the android head unit).
I am very concerned about security indeed. I think as it is configured now is completely absurd and represents a huge threat: pre-encoded Google accounts, completely unprotected for whomever has the unit in his hands.
Using Bluetooth smartphones as a key to unlock the access to the device seems like a nice way, but I haven't seen much efforts in this direction.
My pleasure. I was thinking Automate could run on both the head unit and the phone. That's the nice thing about paying for an app once. You can run it on as many devices as desired.
I created an Automate script on my phone that kicks in the mobile hotspot automatically when the bluetooth connects, etc.
Incidentally you can do UI operations like data entry and stuff from Automate. I actually have some logic in one of my Automate scripts that will key in my phone unlock code if needed. I didn't want to have to be fidgeting with the phone and entering a PIN while trying to drive.
ldebacker said:
Bloody hell, is there really no way to remove a posted comment in this forum, or am I stupid enough to not see how to do it?
Click to expand...
Click to collapse
You can use the report button and ask the forum moderator to delete for you and/or you can edit the post to say whatever you want.
jlbooth said:
My pleasure. I was thinking Automate could run on both the head unit and the phone. That's the nice thing about paying for an app once. You can run it on as many devices as desired.
I created an Automate script on my phone that kicks in the mobile hotspot automatically when the bluetooth connects, etc.
Incidentally you can do UI operations like data entry and stuff from Automate. I actually have some logic in one of my Automate scripts that will key in my phone unlock code if needed. I didn't want to have to be fidgeting with the phone and entering a PIN while trying to drive.
Click to expand...
Click to collapse
The Automate script you developed to kick the mobile hotpot on Bluetooth connection is what I was thinking about. I gave it a try, but this (activating data) requires rooting the smartphone, which I'd like to avoid. Anyway, thanks!
jlbooth said:
You can use the report button and ask the forum moderator to delete for you and/or you can edit the post to say whatever you want.
Click to expand...
Click to collapse
That's what I did with this one (edit the post to say what I wanted) ;-)
ldebacker said:
The Automate script you developed to kick the mobile hotpot on Bluetooth connection is what I was thinking about. I gave it a try, but this (activating data) requires rooting the smartphone, which I'd like to avoid. Anyway, thanks!
Click to expand...
Click to collapse
I was able to get it to work without having to root my phone, but I suppose it is very subjective to a lot of variables (e.g. model phone, carrier, Android version, etc). There are ways to get the phone to do various things that might require root to do directly, but one action might cause the phone to do another. For example, to turn off the mobile hotspot, I found that I could just enable WiFi which causes the phone to turn off the hotspot (which doesn't require root).
Anyway best of luck to you on getting your phone, Google accts, and head unit working to your satisfaction.
Hi all,
Device is a rooted Google Pixel 5a with Android 11, Magisk 25.1 with zygisk (Modules: MagiskHide props config, Shamiko, systemless hosts, universal safetynet fix, and zygisk-LSPosed), and XprivacyLua.
Device is passing safety net Basic Integrity and CTS profile match.
Can use other banking apps like Bank of America and PNC just fine. Just opened new account with U.S. Bank. U.S. Bank app opens and lets me log in, then wants to verify my phone number. It sends me the OTP and after I enter it I get a message that 'something has gone wrong' and I am logged out. When I try to log back in, I get a message that my username/account is disabled. I have to wait 48 hours and then ask U.S. Bank customer support to re-enable it.
I'm assuming this has something to do with rooted status of my device. Usually banking apps will open and crash quickly, or say something about detecting root. In the past I just add these apps to the DenyList in Magisk and all is well. Is there a way to troubleshoot what exactly is triggering the locking of my account?
Thanks
Maybe the Magisk Hide Option of the Magisk v25.1 is not fully effective for the U.S. Bank app.
Who knows. Either way US Bank has now closed my account so I won't be able to figure it out anyway. I was trying to send a zelle payment to one of my vendors I've used before and it wasn't going through. When I inquired as to why, they informed me the vendor had been involved with fraud and they were closing my account too, for just attempting to send a payment. Bankers are such morons and their policies are fascist. Guilty by association is their mantra, ****ing snowflakes.