Discover and read the best of Twitter Threads about #android

Most recents (24)

With more than 100,000,000 downloads ES File Explorer is one of the most famous #Android file manager.
The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone
Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target
You can find the proof of concept on this Github repo…
Read 15 tweets
Tomorrow, I will publish on Twitter a #0day for a very famous #Android app 😁
No, it’s not the NaMo app but thanks for giving me my next topic ☺️
Read 3 tweets
There are just over two weeks left to submit a talk for #GR8Conf EU 2019 at

If you need ideas, here's a thread.

#groovylang #grailsfw #gradle #spockfw #gebish #griffon #springboot #micronautfw #ratpackweb #sdkman #android #devops #ci #cd #cfp #jenkins
Feel free to like/❤ a topic you’d attend and @ people you think should submit a talk on this topic. I have A LOT of ideas so I’ll spread this out over a few days maybe a week depending on how this goes.
1/ an intro to @spockframework

- using #spockfw in a polyglot organization including any tips/tricks for integrating with other languages like #Java and #Kotlin
- the top things you wish you knew when you started using spock
- good testing practices in general
Read 15 tweets
0/ Been away from the #crypto and #blockchain space for a while and now find yourself out-of-the-loop?

Fear not! I've pieced together a thread dedicated to ecosystem events that occurred over the past day or two. Read on to get back up to speed.
1/ 🥼 Over on #EthResearch, @JieyiLong proposed a SNARK-based sidechain for #ERC20 tokens.

Can reduce processing time per transaction significantly on the #Ethereum network, relative to a fully on-chain ERC20 smart contract. Click below for more!…
2/ 🤝 @FantomFDN x Fuiou Group

Having partnered with one of China's leading payment solution provider, #Fantom will work to integrate its pioneering DAG-based smart contract platform to give Fuiou users access to a faster, more scalable payment service.…
Read 25 tweets
0/ A plethora of #crypto- and #blockchain-related events happening within the past 24 hours!

Below, a thread I've put together to help you keep track of it all. May it serve you well.
1/ 🌉 @POANetwork [ $POA ] announced the ERC20-to-ERC20 TokenBridge!

Now, projects can leverage separate #Ethereum-based networks to communicate with one another through the transformation of #ERC20 tokens. #Blockchain interoperability growing strong!…
2/ 🚢 The @EthexMarket team shipped its Ethex Trade Wallet, a unique native mobile #dApp that features hassle-free #ether and #ERC20 token trading. Compliments their existing #Ethex browser dApp nicely!…
Read 23 tweets
Quick Review of the #NSSFGoApp

1. Login requires phone number and email yet estatement portal requires NSSF No.

2. There is a popup display ~XXXXXX~ maybe the developers left it in there

3. When one enters email the app checks for SMS … received
#NSSFGoApp review

4. Why does the app need access to media on my phone? Why is the external permission necessary for an app that provides information? #AppSecurity

5. Hamburger menu in top left hand corner does not work
6. No way to log out of the app - so deleted don’t want my NSSF information lying around on my phone un-secured

Testing Platform: #OnePlusTwo #Android 8.1.0 #LineageOs 15.1-20180918
Read 6 tweets
Qualche considerazione a caldo (a tiepido) sul caso #Google #Android-#Commissione.

1) La Commissione ha comminato a Google un'ammenda di 4,34 miliardi di euri. Si tratta della multa più alta nella storia dell'antitrust mondiale e quasi doppia il precedente record: la multa di 2,42 miliardi di euri inflitta nel 2017 dalla Commissione... a Google.
2) L'entità della sanzione – che la Commissione avrebbe potuto fissare fino a un massimo di 9,45 miliardi, ma gli analisti stimavano intorno ai 2,5 miliardi – spiega molto della portata del caso. Il futuro politoc del commissario Vestager sarà definito dal caso (dai casi) Google.
Read 19 tweets
Telefonlar artık çocuklarımızın elinden düşmüyor. Peki çocukların güvenliğini nasıl sağlayacağız? Neler yaptığını nasıl göreceğiz ve onları nasıl koruyacağız? #Flood
1- Safe Kids: Kaspersky adlı güvenlik şirketinin ebeveynler için sunduğu online çocuk güvenliğine dair bir uygulama. Safe Kids, hem iOS hem de Android cihazlarda kullanılabiliyor. #SafeKids
2- #SafeKids, çocuklar için uygun olmayan içeriklere sahip siteleri engellerken aynı zamanda şunlara da sahip; web etkinliği takibi, uygulama ve cihaz kullanımı izleme, konum takibi, Çağrı/SMS/Sosyal ağ izleme. #İnternet #ÇocuklarİçinGüvenlik
Read 6 tweets
Thread (1/7): @TheEconomist published a Special Report Titled "Fixing the #Internet", which relied on #Centralisation as its core lens

Huge victory for a technical community that has spent decade explaining how the architecture & ethos of the internet are under attack.

6 arts!
2. "But like Sir Tim, many people have recently become more critical of it (...) At the heart of their disenchantment, this special report will argue, is that the internet has become much more “centralised” than it was even ten years ago."…
3. #Decentralisation is ultimately a question of #democracy. As digital technology penetrates society ever more deeply & the two become ever more intertwined, the rules of the former will increasingly govern the latter"…
Read 7 tweets
Time for a new thread. The #android #application called @moinsbete is one of the most downloaded applications in France. This app is sending without your consent your personal data to @mopub:
- location
- operator
- mcc
- mnc
- country
- screen size
Yes, all these requests to @mopub are HTTP requests... Welcome to 2018...
This is a very good example of data abuse. Every time you open the @moinsbete #android #app with location on, your location is send without your consent to an US based server owned by @mopub
Read 9 tweets
I’m analysing #KevDroid samples the new #Android #malware discovered several days ago by #ESTSecurity
The samples are available on @koodous_project and @virusbay_io
Read 13 tweets
Last time I checked this website, on Jan 7, 291 #android #apps were available. @GoDaddy is it possible to shutdown this website?
Several occurrences of the website can be found in the apps. Jikutate means shaft in Japanese.
An "iPhone spin” can be found on…
Read 8 tweets
Tutorial: How to capture network packets and record them on your #Android phone

1/ Install Packet Capture #android app…
2/ Follow the setup wizard of Packet Capture
3/ Give the read external storage permission to Packet Capture
Read 12 tweets
1/ In this request, the @narendramodi's #Android #application sends silently and without the user's consent, his IP address and a unique identifier of his phone.
This personal data is sent to the website which is located in the US.
2/ As the application is available in Europe, it must comply with the European regulation called #GDPR. Since an IP address is considered as a personal data, the user must give his consent and must be able to opt out from this data collection.
3/ The @narendramodi's #Android #application does not meet these requirements and so is breaking this European regulation.
Read 6 tweets
When you apply for membership in the official @INCIndia #android #app, your personal data are send encoded through a HTTP request to
Come on! HTTP?! I'm sure you are able to rectify this and use HTTPS instead.
Moreover, the personal data are encoding with base 64. This is not encryption! Decode this data is very easy as shown in the example.
Read 4 tweets
When you create a profile in the official @narendramodi #Android app, all your device info (OS, network type, Carrier …) and personal data (email, photo, gender, name, …) are send without your consent to a third-party domain called
This domain is classified as a phishing link by the company G-Data. This website is hosted by @GoDaddy and the whois info are hidden.
After a quick search, this domain belongs to an American company called @CleverTap. According to their description, “#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers"
Read 7 tweets
I released #Palindraw about 4 weeks ago.…

It's my first deliberate attempt at #IndieGameDev and it's been an interesting experience. I wasn't sure what to expect.
The main functionality of the game was developed in about 4 weeks of evenings and weekends. Several months were spent on generating and hand picking the levels.
The levels are procedurally generated given a RNG seed and a few parameters. I wanted to have a nice balanced progression through each set.
Read 25 tweets
The @OnePlus #clipboard app contains a strange file called badword.txt 🤔

In these words, we can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files:
- badword.txt
- brackets.txt
- end.txt
- follow.txt
- key.txt
- start.txt
All these files are used in a obfuscated package which seems to be an #Android library from teddymobile
Read 15 tweets
The official #Aadhaar #android app is sending an SMS to authenticate the user. In general, to avoid abuses, you add a sending rate limit. The user has to wait 2 minutes before resend the SMS. @UIDAI did not implement this kind of limit in the app. What are the consequences?
An attacker can extract the authentication HTTPS request made by the official #Aadhaar #android app. After that he just has to write a small script which will try all the possible #Aadhaar numbers.
The attacker will be able to flood the all #India population and @UIDAI will lose a lot of money.

.@UDAI don't be stupid, remove the official #Aadhaar #android app from the PlayStore, this is the best move you have.
Read 3 tweets
1. I'm tweeting a lot these last days, let make a quick recap
2. @Gioneeglobal, a Chinese phone maker who sell his phone in the US under the name @BLU_Product, made a phone for #NorthKorea. Afaik, they didn't make a public statement.

3. @OnePlus removed the #angela backdoor I found last November from his products

Read 18 tweets
Bug in the official #Aadhaar #android app. By default, the application asks for the password for each action. In the settings, you can deactivate this password protection.

By force quitting the app when you deactivate this mechanism you don't need to enter the password.
.@UIDAI You clearly have not tested your application...
Read 3 tweets
Hi @UIDAI 👋! Do I have to explain you how real #Android developers are working?

On his official #Playstore account. @UDAI published today an app called "NewTest" with blank screenshot and testingtestingtesting[...] as description 🤦‍♂️

They also have a 3rd app called "testBeta (Unreleased)" 🤦‍♂️. Yes, they called an "Unreleased" an app released on the PlayStore 🤦‍♂️...

@UIDAI maybe your interns can read this link… to know how to set up an alpha/beta tests...
Regarding how they used their #PlayStore account, I'm pretty sure they are unable to update the official #Aadhaar #android app because they lost the release key. Please @UIDAI, show me I'm wrong
Read 6 tweets
The @KhoslaLabs and @UIDAI developers don't know how to generate a #android app certificate correctly 🤦‍♂️

They keep the default owner and issuer: Google. This is funny, technically, Google is the owner and issuer of #Aadhaar 😂😬🤦‍♂️
As stated by the official documentation,…
"A public-key certificate, also known as a digital certificate or an identity certificate, contains the public key of a public/private key pair, as well as some other metadata identifying the owner of the key"
Moreover, "Every app must use the same certificate throughout its lifespan"
So, @KhoslaLabs and @UIDAI cannot change it. They need to reupload another app with a different package name if they really want to change it.
Read 10 tweets
Hi @KhoslaLabs, @UIDAI 👋! Let me show you the power of git.

If an Android dev want to integrate AadhaarBridge in his #android app, he will visit this page:

Because he is curious, he will click on the "SDK For Android" and the "Sample Application"
But oops! You removed the sample application (apk file) and the library (jar file) from the repo. I guess you want to discuss before giving him the info
But hey come on! This is a GIT repo, I just have to checkout on the correct commit to get the latest library and APK
Read 5 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!