Seeking any kind of advice/input from this community.
Background Story:
I came across an cracked Amazon Prime Video Android App on divyanet.com (It claims it's the cracked version of the Original Amazon Prime Video Android App. Same movie selections and everything minus paying for the subscription)
I installed it and realized it was a different app in the way that it wasn't the actual Amazon Prime cracked.
To confirm my suspicion. I set up an Environment to capture the cracked app's network traffic.
I ran Genymotion (Android Simulator) and Burp Suite on the same laptop. I proxied the Android instance traffic to that of the laptop's so Burp Suite could capture it.
What I saw was a good learning experience. This cracked app was sending Get requests all over the place. (To many free movies/shows domains and some domains are even being marked as malicious)
Examples:
tovanillitechan.com (Https://malwaretips.com/blogs/remove-tovanillitechan-com/)
tzegilo.com (https://hybrid-analysis.com/sample/6d9faaedd7dd72dc8e0da476e0af4b08d6ca24bf60b498d20e070f90f1b45af1/62aa234f35008f214f1869ac)
unphionetor.com (https://any.run/report/7974be8113970f143fd17339a5c349d499a05ccf99c940b34979f38d283bb1b3/99008e10-24bd-4cb1-aa59-ab8d5baaf0d0)
My questions are: (See links for HTTP Get and response details)
enter code hereRequest Header
enter code hereResponse Header-1
enter code hereResponse Header-2
A: How is the site owner benefitting from tricking users downloading this supposedly cracked app?
(While streaming the movies, there isn't even ads interrupting the movies)
B: I haven't noticed my phone acting weird like slowness or random ads pop up. How can I check to see if anything malicious installed? What are the typical reason for this cracked app calling out to these malicious domains?
Thank you for your help!
Because the app is a trojan and he now has complete control of your device. Some of those malicious requests are likely to command and control servers. Please tell me you didn't use your actual phone, because if so he has access to anything your app had access to, including your email, online banking, etc.
Don't try to figure out what he may have changed. You don't have the skillset for it. Factory reset the device immediately. Even that isn't a 100% sure fix, if you have another device I'd switch to that. And stop downloading cracks, it's a horrible idea. You're taking something from skilled hackers and reverse engineers and running it on your device, and just hoping that someone who has no problem with cracking an app would somehow draw the line at putting a keylogger in there. Hint: they won't.
Related
The covid-19 app is capable of detecting who came into contact with who, how do they do it? I am trying to make something similar but I am unsure how they managed to get that information from the phones. I don't need the information to be private (like phone number), it could be something that only the government can make use of (like sim card number or MAC address. Is that possible?
I looked into Google Nearby and Wifi Direct... But as far as I understand it, it requires a handshake (covid19 app doesn't). I also looked into potentially making your phone into a hotspot and capturing wifi requests but I am not sure which library / API lets me do that.
Does anyone have know how this is done? I can't find a concrete answer anywhere, this seems to be actually impossible until I realized that the covid-19 app is doing it.
As Morrison Chang and ArtHare have commented already, Google and Apple have implemented this on an OS level:
In the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. (source)
If you want the specs they're using, Apple and Google have pages on how contact tracing is implemented, but it would be hard (if not impossible) for an app to implement this.
I'm deploying a large number of Android devices for a project which are owned and controlled by me, including with a Mobile Device Management system.
I don't know how to identify the devices when the device is being used to log into our web-based services. We can know who logs in, obviously, but not what device they are coming from.
Ideally we would know the IMEI or Serial of a device when it logs in, but it can really be any unique identifier
I 100% understand why this information is not typically available to a website -- it's easy enough for advertisers and other to track people! However in our case, we own both the endpoints AND the website, so it seems like something should be possible.
Typically our devices clear the cache on the browser when they reboot, so it likely can't be something based on the cache, but I could explore more options here and see whether it's possible to disable this.
The website is based on React, if that's helpful. However, we could use another page built on whatever makes this easier if needed.
We do also have native Android apps running on the device, but I don't know if we can pull information from them into the browser somehow.
Note that we've tried using the WebRTC method to grab internal IP addresses, which works to some extent but is not ideal since it's inconsistent and is blocked on later versions of Android's browsers. Also if the device changes IP, that method no longer helps.
Please could i have some advice from those who have been building apps for longer than myself. After 18 months of developing 2 quite complex CN1 apps, available on IOS and Android stores, I get starkly different customer feedback.
On both stores i get similar download levels (<10 a day).
From Google Play i receive nearly zero revenue and 1 and 2 star reviews, citing that the app of full of glitches, 'does not work' and freezes - but the same time reviews say they really like the app if it worked. I do not receive any examples of information to guide me on where to fix. It runs fine in my simulator (even slow network mode) and on my own Android device. Hence i'm not sure the best way forward, which is the advice i am after.
On IOS i receive mixed reviews, generally 2-4 stars but i get some revenue.
FYI, the app uses Rest web services to send data to/from my cloud database, so network is likely a cause, although i cannot reproduce. I can imagine customers clicking a button many times on the trot if the network is slow resulting in the transaction or screen showing multiple times. But just a guess. The cloud server is running fine with no spike in CPU or memory. I have tried to keep physical JSON network traffic loads small so that should be fine.
Would you agree that the next steps are to:
Verify the network traffic numbers, using the network monitor in the simulator and get these down if poss.
Check that buttons disable themselves when pressed to avoid double tap.
Write to a local storage log of timings when a user moves between screens, and pass that to my database on app exit, for my analysis on slow navigation.
Are there any other tips and tricks please?
Thanks in advance.
I would suggest using something like the rating widget to track user satisfaction. When a user provides a low rating ask him to email you personally so you can discuss the problems.
I would also suggest crash protection. Most of these cases occur due to on device exceptions that are hard to pinpoint and generally happen more on Android. Crash protection will send out emails with such details. Also check out the ANR/Crashes in Google Play's developer console to see if there's something you can improve.
Also you can add the play store link, I'll take a look and see if something pops out for me.
I have been doing some heavy research into the field of Visual Search, and I tried the technologies from Google (Goggles), Amazon (Firefly), and other vendors.
I can say that FireFly is actually the best, because its instant identification (no need to snap a photo and send it to some server for processing), plus its able to identify products accurately without having to scan their barcode, which is fascinating.
The thing is, Amazon exposed the Firefly SDK but only for their phone's Fire OS. And you can't use it for other Android development.
However, I am pretty sure this is not a hardware limitation, because Amazon has an app called Flow which runs on Android and iOS which uses the same identification technology, so I am sure any camera can be used and not just the one on the Fire phone.
Does anyone know if it's possible to use the Firefly SDK somehow on Android? I know this might be impossible without some sort of reverse engineering for FireOS, but even so at least it would be technically possible!
Thanks for your response in advance.
I need to know what are the steps in modifying the phone.apk app on android, which allows to call and receive calls (and what is shown upon talking on the phone).
What do I need to do (of course I have a rooted device)? is it possible to do the tests on the emulator first?
my guess is that I first need to fetch get its source somehow, use some kind of system signing, do the changes and put it forcefully into the device, maybe also restarting it.
However, I've never done such a thing and I couldn't find much help in xda forums and here, maybe because it's pretty hardcore thing to do , plus it might not work well on some devices.
I've noticed that the only thing that shows this is possible is the calls-recorder patch, which is incredibly cool by itself.
First thing is you need source code. Phone app heavily depends on the radio interface layer and radio interface layer is proprietory to what kind of communications processor they use.
I believe you cannot test on emulator unless you are working on nexus family of devices. Also phone app runs on a particular shareduserid which can break other apps running with same shared user Id . So you will need platform certificate for signing which is next to impossible for release version of phone software.
One thing you could do is download cyanogenmod code for your phone , do changes , build and download the whole of software on the phone rather than just phone apk.