My Authors
Read all threads
Yesterday night, @campuscodi published an article about the COVID-19 detection app which has been removed from the PlayStore.

I saw the article this morning, so I decided to give it a look. Follow me for a walk 1/

zdnet.com/article/spying…
The Iranian gov made a website ac19.ir. On this website people can download an Android app "to test" if they are infected by the COVID-19 (coronavirus). 2/
*Reminder*: If you are sick, go to the doctor, download a f*cking app will not help you... 3/
The user can directly download the app on the website: dl.ac19.ir/ac19.apk 4/
When we extract the urls contained in the APK, we found 2 interesting domains:
- ac19.ir
- covid19.tfone.ir

5/
According to the WHOIS, covid19.tfone.ir has been registered by Mostafa Anoosheh. I wonder who is the Mostafa employer? 😏 6/
By doing a reverse WHOIS lookup, we can find that Mostafa registered 48 domains with his email address. 7/
In the list of the domains, we can find it14.ir his personal website. 8/
In his website, you can the document ManagementConfrenceNotes.txt with his work email. So his employer is a company called "Smart Land Solutions" 9/
Well, "Smart Land Solutions" was their name in 2016: web.archive.org/web/2016101119…. Now they are "Sarzamin Housmand" 10/
This company already made the news in the past. They created Hotgram and Talagram, two Telegram clones removed from the PlayStore accused of secretly collecting user data. 11/ tehrantimes.com/news/435641/Ho…
Some people claimed that these were developped on behalf of the Iranian intelligence agencies 12/
"Rahkar Sarzamin Houshmand has started its activity from 1384". This is a very old company 😅 13/
I feel sad Mostafa. I don't have access to his personal website anymore. He denied me access few minutes ago 14/
Looking the websites registered by Mostafa give us a good idea of the SLS business. iwin.ir is "the first cloud based call center accountability service" 15/
Another example, advest.ir is a advertisement related website 16/
If your governement is asking you to install an app on your phone, you shoudn't do it. There is a big probability that a shady company is behind it. 17/17
PS: Nice info regarding the tweet 13th of this thread
PS2: You can probably take over any user account in the app. There is no rate limiting in the otp code validation during the register process. So you can test all the possible code and boom. I didn’t test fully but it should work. But hey it’s a secret don’t tell anyone 🤫
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Elliot Alderson

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!