Profile picture
Elliot Alderson @fs0c131y
, 15 tweets, 13 min read Read on Twitter
<Thread> Hi @WikoMobile 👋! Let's talk about the ApeSaleTracker and ApeStsMonths apps found in your phones.
These apps are pre-installed system apps which send regularly and silently the user infos to a Chinese 3rd party called Tinno by HTTP or SMS without user consent
As state in the app names, these apps are used by to track the number of active devices they have all over the world. Tinno Mobile Technology Corp.. (aka Tinno) is a Chinese company based in Shenzhen which manufacture and sales mobile terminals.
When you boot your @WikoMobile device, the StsMonthsBootReceiver of ApeStsMonths (aka stsMonths) start the StsMonths Service. In the init function, it register receivers to the actions: DATE_CHANGED, STS_MONTHS, AIRPLANE_MODE, CONNECTIVITY_CHANGE. It also set a "sending" alarm.
When the alarm is triggered, it will send the @WikoMobile user IMEI, client number, GSM cell location, serial number, build version in clear text to month!
Moreover, when you boot your @WikoMobile device, the SaleTrackerBootReceiver of ApeSaleTracker (aka STS) start under certain conditions the SaleTrackerService.
As the StsMonthsService, the SaleTrackerService register receivers to STS_REFRESH, ACTION_SMS_SEND, ACTION_SMS_DELIVERED, AIRPLANE_MODE and CONNECTIVITY_CHANGE.
Depending the network availability this app will send @WikoMobile user IMEI, client number, product number, serial number, build version by HTTP or SMS.
Yes, you heard me, it will send you device info by SMS to a number located in Shenzhen
This app contain a basic warning activity which doesn't seems to be used. Even, if it is used, when you press the OK button nothing happen. So, there is no way to disable this data collection...
You will not see this screen, when you press the back button or the app switch button, they add a filter in the Android framework (in PhoneWindowManager) to not show you this app.
If you want to play with it and change the request parameters you can access the SaleTrackerActivity by typing *#*#2374#*#* in the dialer
Let's summarise:
1. @WikoMobile and Tinno is collecting your device info without user consent
2. As an end user you have no way to disable it.
3. They send SMS to China with your data without user consent
4. They send your data in clear text
Any comments @WikoMobile? GDPR is coming guys...
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!