Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
The community reviewed whether to reopen this question 1 year ago and left it closed:
Original close reason(s) were not resolved
Improve this question
I came across an application named GBWhatsapp.It is developed by some unknown people and there are many sites from where you can download the apk. It's not officially on playstore for some reason.
It was a big surprise to me to see that using this app I can actually chat with the people who are using official WhatsApp application.
I did Some googling and found out that it is a Modded app of the original whatsapp application. It is built on top of the original application. Means some people/developers/engineers decompiled the original apk and inserted their code and published it with another name.
My Question is, Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?
I know apk can be decompiled but if the original developers team has obfuscated the code (proguard etc). then it's almost impossible to reverse engineer the java code. how did this happen?
Also, If it not a modded app. means they build their own app which is similiar whatsapp, then how they are able to send messages to the official app
Is Whatapp APK is so much less secure that some engineers were able to decompile it's java code succesfully? and they provided a lot of new features which are not there in original app?
Whatsapp for Android contains both Java and native code. Code obfuscation makes it difficult for an attacker to understand the code, but does not prevent decompilation and modification on its own. In order to prevent that, Whatsapp developers should had used additional tools providing runtime self-protection.
how they are able to send messages to the official app
There are several ways to do so. First, is that indeed they could have modified the original app. Alternatively, they could have figured out the network protocol and implemented that in their app. As soon as the network protocol is clear, you don't have to have an original app anymore, unless it uses techniques to only authorize messages from the original app.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 months ago.
Improve this question
I don't know if it's a stupid question but there are lots of free public APIs in this github repository: https://github.com/public-apis/public-apis
Is it safe to make apps with such free APIs and publish them in play store, app store? What I mean is that maybe the person who created the API will make a mistake and send an image for adults against the rules. Or can they complain for copyright reasons? I mean, I don't question the reliability of APIs of huge companies like Riot games. I'm mostly wondering if it's okay to use APIs from indie developers?
I've heard that many people play console and apple developer accounts have been closed. I was wondering if using the public API can cause our developer account to be terminated due to a mistake or complaint. Or should we not use free public APIs just in case?
No it is not safe to do so. You're trusting that some random code written by some random person works as expected, is secure, is well written, and isn't malicious. Would you trust your safety and security on that? If I handed you a file and told you "trust me, it isn't a keylogger, run it on your computer" would you do that?
Heck, look at major scandals of the past few years like leftpad (when a developer deleted a very commonly used library from github, and caused everyone who used it to stop compiling). Or there was an instance where someone inserted a Christmas time easter egg a few years back and websites started snowing. You can't just trust them.
I'm not saying that you can't use any github library. But be smart about it. You should only consider it under 3 conditions:
It's from a source you trust. Google probably isn't going to purposefully put a trojan in their code. Similar for other large orgs.
It's a well known, highly used library. Of course even this isn't perfect. People have managed to slip exploits into open source before.
You've security audited the exact version of the library you plan to use.
If it passes one of these 3, it's probably ok. But if it hasn't, you shouldn't touch it with a 10 foot pole.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
I have uploaded an Android App on Google Play Store and with a search today i can see this: http://www.androidappsgame.com/library-quiz/el
How come that my android app is uploaded to androidappsgame.com without my permission?
Any ideas?
This may or may not help, but make sure to check that first box in your console
The app is NOT on that store. That store is an aggregate site that grabs info from Google Play and makes it searchable. And it's not a very good one at that.
For the record, all of my apps are there too. I just looked. Even my newest ones are there.
You don't need to worry about anyone taking your app from Play and making it available elsewhere. It's just not gonna happen. And even if it did, 99% of devices out there have the system secured so you can't install stuff like that anyway.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
So I recently published an app that I made with App Inventor. It is a very simple App. However, I have received complaints that it is marked to have Viruses or Malware by multiple Android Security Apps on other people's phones. However, I am not really sure why. I saw a thread similar to mine, except he actually wrote the physical code for his app, he didn't use App Inventor. My Android app is reported to have a virus
I'm confused because I truly didn't put anything in the app that would harm any device. Does it have something to do with App Inventor? I've downloaded and used the app on many devices and it works perfectly fine.
Thanks!
All apps made by AppInventor look a lot alike, and there's a ton of boilerplate code. If a malware analyst was lazy or in a rush, it would be easy to write a detection signature that was too broad and hit on most AppInventor apps. This is my guess.
Also, once an AV company says your app is malware, others will assume it's true and write detection signatures for your app as well, with even less scrutiny than the original analyst.
I've analyzed malware made with AppInventor and personally know how difficult it is to write concise signatures for it. ;)
You should contact the company directly and explain your situation. You can periodically upload your app to VirusTotal to check if it's been removed from their signature databases.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I read that Google App Inventor went live, not just invitation today. If I make an app with Google App Inventor is there some way I can sell it? Thanks.
edit: when you create something you do you keep it on your computer like an executable? I don't have android phone but I thought I could still make something for it. (seems to be answered by faq Can you share project code with other App Inventor users?)
Some folks have got App Inventor apps into the Market. They had to mess with the apk.
The apk does not have some of what the Market requires.
It's a complied apk that works with a Scheme engine on the phone.
I'm a moderator on their forums. Come ask there. It's a friendly bunch.
(well most of us. I sometimes slip ;-))
Gary
http://appinventor.googlelabs.com/forum/
http://www.theairepository.info/
From the faq:
Currently there are technical
limitations preventing an App Inventor
app from being uploaded to the Android
Market, but we are actively working to
resolve this.
It's probably due to the fact that it doesn't generate Java source code. Doesn't mean that you can't use other app markets though...
If you google apptomarket you will find a program that will edit the apk for you. You enter your certificate details and then you change the settings in the apk like the version number, change the app name, make it resizeable, icons, and orientation. Then you package it for the android market. I have used it already and haven't had any complaints yet. It is easy to use and its free. What more could you want.... apart from an iphone version of the app inventor but me thinks that Steve Jobs would hunt me down for just thinking of such blasphemy, oh well.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm considering making an existing mobile app into an open-source project. It has an Android and iPhone version.
While I have used open-source projects and submitted feature requests and bug reports, I have never created an open-source project nor contributed with a patch to an existing one.
What are the top things that I should take into account before opening the source of my project? What specific steps do you recommend taking for open-sourcing a mobile app?
You are lucky as when I started to run open source projects I did not realize this great book exists,
http://producingoss.com/
It provides general tips in almost all aspects of running an open source project, and you can add your own for mobile world.
You can publish you code on googleCode, SourceForge or Github, use all the power of theses websites (documentation, notes etc..) will help contributors.
And don't forget to comment your code ;-)
GoogleCode is a good place to upload your project.
There you will have an issue tracker and a wiki to write about it.
For a truely awesome OSS application I would suggest that you use git. Free hosting for git is provided by github. A good starting point for using git is http://learn.github.com/
As far as FOSS development is concerned, its not very different from usual development. But here you will have to don different roles like product manager, developer and tester too.
Other things that you need to take care of.
Since you are the initiator of it, you need to take control of its development.
Your code should be easy to be understood by others. Documentation is of utmost importance for other developers to start off.
Dont be offended if someone creates a fork of your project. Know to protect yourself by putting appropriate license, like, GPLV3 or any other that you find appropriate.