Account Share

Unrolled thread from @fs0c131y

15 tweets
<Thread> Hi @WikoMobile 👋! Let's talk about the ApeSaleTracker and ApeStsMonths apps found in your phones.
These apps are pre-installed system apps which send regularly and silently the user infos to a Chinese 3rd party called Tinno by HTTP or SMS without user consent
As state in the app names, these apps are used by Tinno.com to track the number of active devices they have all over the world. Tinno Mobile Technology Corp.. (aka Tinno) is a Chinese company based in Shenzhen which manufacture and sales mobile terminals.
When you boot your @WikoMobile device, the StsMonthsBootReceiver of ApeStsMonths (aka stsMonths) start the StsMonths Service. In the init function, it register receivers to the actions: DATE_CHANGED, STS_MONTHS, AIRPLANE_MODE, CONNECTIVITY_CHANGE. It also set a "sending" alarm.
When the alarm is triggered, it will send the @WikoMobile user IMEI, client number, GSM cell location, serial number, build version in clear text to eservice.tinno.com...Every month!
Moreover, when you boot your @WikoMobile device, the SaleTrackerBootReceiver of ApeSaleTracker (aka STS) start under certain conditions the SaleTrackerService.
As the StsMonthsService, the SaleTrackerService register receivers to STS_REFRESH, ACTION_SMS_SEND, ACTION_SMS_DELIVERED, AIRPLANE_MODE and CONNECTIVITY_CHANGE.
Depending the network availability this app will send @WikoMobile user IMEI, client number, product number, serial number, build version by HTTP or SMS.
Yes, you heard me, it will send you device info by SMS to a number located in Shenzhen
This app contain a basic warning activity which doesn't seems to be used. Even, if it is used, when you press the OK button nothing happen. So, there is no way to disable this data collection...
You will not see this screen, when you press the back button or the app switch button, they add a filter in the Android framework (in PhoneWindowManager) to not show you this app.
If you want to play with it and change the request parameters you can access the SaleTrackerActivity by typing *#*#2374#*#* in the dialer
Let's summarise:
1. @WikoMobile and Tinno is collecting your device info without user consent
2. As an end user you have no way to disable it.
3. They send SMS to China with your data without user consent
4. They send your data in clear text
Any comments @WikoMobile? GDPR is coming guys...
This content can be removed from Twitter at anytime, get a PDF archive by mail!
This is a Premium feature, you will be asked to pay 20$
for a one year Premium membership with unlimited archiving.
Did Thread Reader help you to today?
Support me! Become a 💎 Premium member ($20) and get exclusive features!
Too expensive? Choose your price, buy me a 🍺 beer or help for the ⚙️ server cost:
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com
Trending hashtags:
Did Thread Reader help you to today?
Support me! Become a 💎 Premium member ($20) and get exclusive features!
Too expensive? Choose your price, buy me a 🍺 beer or help for the ⚙️ server cost:
Donate with 😘 Paypal or  Become a Patron 😍 on Patreon.com