THREAD: I'm looking at a Huawei P20 from China, let see what can I found
The 1st app I reversed is an app called Decision
Look at the name of the files contains in the assets folder:
- airport_china.txt
- city_china.txt
- cityinfo.db
- parkinglot_china.txt
- railwayinfo.db
- trainInfo.db
- trainstation.db
Interesting, no?
For example, the trainstation database contains:
- address
- name
- latitude
- longitude
- city
In the manifest of this application, there is a GeoReceiver
This receiver is receiving an UUID and will lookup an known fence id
I'm a stupid security researcher. For the moment, the keywords are: train, airport, city, geo fence... Do you see where we are going?
In the data folder, there is a file called CalcMain. Here some of the methods of this class:
- callGetBusTime
- callGetTaxiTime
- isTrafficBusy
- callGetHomeCity
- callHasHotelTicket
- callGetAirportMultiPoi
- callHasGroupBuyingTicket
- ...
Nice data types haha
To be clear, this app is composed of 3 background services and 2 services. There is NO UI in this app.
Please be nice "DO NOT KILL ME >_<"
This is the kind of function that I love to find
This app doesn't seems to send the data BUT they communicate with another service called HiActionService which is coming from an Huawei app called HiAction
The previous screenshot is from the class called ActionCommonUtil. We can easily that Decision is sending all his events to this service through the methods in this class.
I will study the app HiAction another time but what you have to know is that this app is sending the data to hicloud[.]com, "the Huawei Cloud"
In order to be more discreet, the OEM dispatch the responsibilities to multiple apps. In this case: 1. An app or the modified Android is getting your location regularly. It will trigger a GEO_ALARM_TRIGGERED to the Decision app
2. Decision app is getting this location and check with his internal databases. If there is a match, it will generate an event 3. Decision will send this event to HiAction 4. HiAction will upload the data to the Huawei cloud
Ugly, no?
Ofc, this is the big picture, I need more time to get all the details.
I started this thread 2 hours ago. Decision app was the first app I checked. I still have a lot of Huawei apps to check
Ofc, I will continue this thread later 😏
If it was not clear enough: DO NOT buy @Huawei phones. NEVER.
*say
Wow my English is really broken when I’m tired
• • •
Missing some Tweet in this thread? You can try to
force a refresh
What can we see?
- We can recognise the road signs, we are in the US.
- The building looks like NYC but it just a wild guess
- The store is in a corner
- We can read the store sign: "Hardware *umber store"
- The store sign is also in Chinese. Maybe chinatown?
Just type "Hardware *umber store" in Google. Ok, the missing letter is an l.
1) After a quick image reverse search on Google Image, we can find the original publication. Yesterday, Louis de Luxembourg announced his engagement with Scarlett-Lauren Sirgue. instagram.com/p/CNUQgmaC7rm/
2) Time to check their last moves. We are in a pandemic and they are public figures, so everything should be documented. After scrolling about the last news on the Royal Family of Luxembourg, I can see they spent the last holidays in Biarritz, France parismatch.com/Royal-Blog/fam…
3) Time to open Google Maps. I can see water behind them and the building in the background is pretty far from them which suggest the beach is probably long.
Vous avez juste une infrastructure qui ne tient pas la charge. Encore une fois. Tous les parents de France font travailler leurs enfants en ce retour de week-end prolongé, ce qui a probablement provoqué la surcharge des serveurs...
On va commencer par un cours de sport. Commence à courir je te rattrape
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, ...