Better Mobile App

Do we need a good firewall app?

After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip

Here you go:
http://www.appbrain.com/app/droidwall-android-firewall/com.googlecode.droidwall.free

MrGibbage said:
After the recent article on apps that are sharing our personal information, it occurred to me that this should be an easy problem to fix. All we need is a good personal firewall app. Heck, iptables would be a great start, but it can be hard to implement that on an app by app basis. It will be hard to set up for apps that have legitimate needs to connect over port 80 for legitimate needs, but also uses that same port for less than legitimate needs. So I guess it will also take some blacklisting of certain servers, perhaps along the lines of the ad blockers apps that modify the hosts file.
Or does such an app already exist?
Skip
Click to expand...
Click to collapse
1. There's already a couple adblock apps like Adfree which block a lot of stuff.
2. If you read the permissions for the apps you CHOOSE to download, then you'll know exactly what access to data they'll have. If you don't like that PaperToss wants access to your device ID, then just don't install PaperToss.
And of course, such an app would undoubtedly cause more issues than the perception of "security" it would provide, since you'd probably not be able to use half the apps anymore. Or they'd stop being ad-supported, and would begin to charge instead.
From the article:
Google requires Android apps to notify users, before they download the app, of the data sources the app intends to access. Possible sources include the phone's camera, memory, contact list, and more than 100 others. If users don't like what a particular app wants to access, they can choose not to install the app, Google says.
Click to expand...
Click to collapse
Just read the app permissions. That tells you almost everything you need to know.

The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.

MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App

MrGibbage said:
The problem is, the app permissions don't tell you what you need to know. Here are the permissions for Paper Toss by Backflip Studios:
Your Location (coarse network-based location)
Network communication-full internet access
Phone Calls - read phone state
While the Location permission would be suspect, and would cause me to question whether or not I should download this app, the other two permissions are not so immediately obvious that they are "bad". Network communications is a permission needed by every app that has in-game ads such as AdMob. And I don't know why this app needs the Phone Calls permission, but almost every single app in the market uses that permission. At least it isn't asking for access to the address book or anything like that.
What I would like is for the app to tell us what it needs internet access for, and to tell us what information it is sending to third parties.
Click to expand...
Click to collapse
All free apps will collect some information .... so they know what ads to aim your way ..... so they can make money ... Every one does this .... on your computer its the same as your cookies .... and only the really paranoid will set their browser cookies settings to "ultimate :block all cookies "...
Here's the difference, android openness will allow others to research and publish their findings, un like others that are closed and will not allow research, and if anyway is found to get the research. done the publication will be deleted from the web ......
The openness is why you see soooooo many articles on this issue over n over, none of them mentioning that the paid versions of these apps don't collect any thing .....
How much personal information are you planning on storing in the paper toss game?
Consider this in your answer, android system runs apps in sand box mode meaning, one app cannot access another without YOUR permission, or if an app is infected with malware, that malware will only operate in that app, unlike your windows machine where it would have a free for all .....

ferhanmm said:
Maybe to detect a phone call and pause the game.
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
That's my point. That would be a legitimate need for access to the phone state. However, granting that permission also gives the app permission to make phone phone calls. I still think the apps need to be more specific about the permissions they need.
The bottom line is, these phones are great, they can run all kinds of awesome software, but the people writing the software need to make a living too. If someone really wants to prevent their phone from sending out personal information, then they should not install any software, and maybe shouldn't even be using the phone at all. But I still see a need for a firewall app (possibly DroidWall, as mentioned above) to help us prevent this type of thing from happening.

A permissions firewall would be much more interesting and useful in my opinion.
Being able to block a certain thing like "read contact data" for all apps and only permit access with a white list would be very useful to me.

[RFC] URL Fetch service

Have any of you app developers faced this situation: You have an app that needs to download data from the Internet, but don't want to add the Internet permission to your application, because it may deter some users from installing the app. Moreover, the data may be large and may need to be saved to the SD card, which requires yet another permission. You also need to ensure that a network is available currently, which means more permissions (WiFi state, etc).
Here's my proposed solution: A URL fetch service
This will be a simple app which accepts URL fetch requests from other applications and fetches them (HTTP GET) from the internet as a background service. Upon completion, the data can be returned to the application as a byte stream.
Since this is based on a callback, the network need not be currently available. The service will (optionally) queue the request and fetch whenever a network is available.
Another useful feature would be avoiding duplicate requests. For example, an app may want to fetch some data periodically, say every two hours. But if the network is not available for two days, then only one request should be made when the network becomes available, not 50! This could be done by letting the app assign a unique id to the request. Requests that have the same id will over-write other requests from the same app with the same id.
Logging and Filtering
From the user point of view, there is tremendous advantage in having a centralized URL Fetcher, because she will be able to Log the requests that go through it, and also filter some requests. For example, she could filter an app that she doesn't want to be updated (for whatever reason).
Distribution:
The app will be open-source and made available on all App markets and also as a direct APK download.
The only hurdle to this idea that I can see is that the app will have to be installed separately by the user. The problem will be reduced over time as more and more apps use this service. So the chances of the app being already present will increase. Also, custom ROMs might pre-package this app, so it will be present by default.
__________________________________
Your thoughts?
Update:
I have begun coding this up. You can follow / contribute here:
https://github.com/hrj/SafeNet/

Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A

For an app like that, you are not going to be able to not allow the internet permission. It needs it to fetch the URL (from the internet) so it has to use it... Unless you have a huge database of all URL's stored on your sd card .

Theonew said:
For an app like that, you are not going to be able to not allow the internet permission. It needs it to fetch the URL (from the internet) so it has to use it
Click to expand...
Click to collapse
Yes indeed. The fetch service app will have the Internet permission, and the read/write to SD card permission. The idea is to reduce the number of entities that the user has to trust.
And since the service app will be open-source, the user can compile her own version and install it. In that case, she doesn't even have to trust anyone else.
I have put up a tentative project and have some working code already in my local repository. If you would like to follow the progress or would like to contribute, here's the GitHub link:
https://github.com/hrj/SafeNet/
cheers!

h_r_j said:
the user can compile her own version and install it. In that case, she doesn't even have to trust anyone else.
Click to expand...
Click to collapse
Great. One thing... all the users of your app aren't only female...

Theonew said:
Great. One thing... all the users of your app aren't only female...
Click to expand...
Click to collapse
I guess you are right.. I didn't check thoroughly
But seriously, he / she / it doesn't really matter. I don't like typing "he or she" in every sentence. So, I just pick between those words randomly.

h_r_j said:
I guess you are right.. I didn't check thoroughly
But seriously, he / she / it doesn't really matter. I don't like typing "he or she" in every sentence. So, I just pick between those words randomly.
Click to expand...
Click to collapse
Just put "they" .

[UPDATE][2 JANUARY 2013 ]All the tools and good root apps at one place

lgmdp 1.5
http://sharemobile.ro/file/616562
lg united mobile drivers
http://
www.lgforum.com/resources
a very important sdk tool
http://
developer.android.com/sdk/index.html
Android
Development Tools (ADT)
[The ADT plugin
includes a variety of powerful
extensions that make creating,
running, and debugging Android
applications faster and easier.]
http://www.softpedia.com/get/Programming/Components-Libraries/Android-Development-Tools.shtml
Super one click [tool for rooting gb ]
http://shortfuse.org/?page_id=2
gingerbreak [tool for rooting froyo]
http://forum.xda-developers.com/showthread.php?t=1044765
Android kitchen [a great tool for ROM customization]
http://forum.xda-developers.com/showthread.php?t=633246
terminal emulator [A great tool for linux commands]
http://www.papktop.com/android-terminal-emulator-1-0-32.html
z4root [tool for rooting 2.2.1 and 2.1]
http://forum.xda-developers.com/
showthread.php?t=833953
(by ibub)
kdz updator
http://www.2shared.com/file/QcnRcyua/KDZ_Updater.html
java development kit
http://software-files-a.cnet.com/u/test/jdk-7u10-windows-i586.exe
fastboot.exe
http://www.2shared.com/file/4l7HKE3O/fastboot.html
flash_image [if u use terminal emulator]
http://www.mediafire.com/?7pkcte8gcyn9pet
########################
below tools are taken from lycan thread all credit goes to him for the below ones
apktool : http://forum.xda-
developers.com/showthread.php?
t=640592
APK Multi Tool : http://forum.xda-developers.com/showthread.php?t=1310151
StudioAndroid : http://forum.xda-developers.com/showthread.php?t=1541372
adb pusher : http://www.xda-developers.com/android/push-files-to-your-device-with-quick-adb-pusher/
Bootanimation Creator :
http://forum.xda-developers.com/showthread.php?t=1234611
#####################

ROOT APPLICATION (tAKEN FROM I CLICK ROOT) (I WIlL ADD MINE SOON AND NEVER GONNA INCLUDE ROM MANAGER)
10) ShootMe – Screenshot app
Android has a lot of advantages over its
main competitor, Apple’s iOS. However,
unlike iOS, Android doesn’t give users the
ability to take screenshots of their
phones. Thanks to the ShootMe app
available on rooted phones, that problem
is a thing of the past. This app allows you
to set up a trigger for when the phone
should take a screenshot. For example, if
you want to take a screenshot every
time you shake your phone, you can easily
set that up.
9) Titanium Backup – Automatic backup
and recovery app
No electronic device is immune to
failures. If you’re like most people, you
keep some valuable information on your
Android device. From phone numbers to
pictures and everything in between,
losing access to that data could be
devastating. That’s why you need
Titanium Backup, an app which allows
rooted Android users to set automatic
backup options. All apps and other data
is saved, so if you screw up your phone
while trying to install a custom ROM, you
can easily restore it with the click of a
button.
8) Metamorph – Customize every single
aspect of your phone
After rooting an Android phone, one of
the first things that many users do is
customize their device. Thanks to the
Metamorph app, phone customization is
as easy as possible. Simply download the
app, then browse through a selection of
custom themes. If you want, you can
even make your own theme. Using
Metamorph, you can personalize your lock
screen, menus, app screens, and all
other aspects of your Android phone.
7) Adfree – Instant advertisement
blocking
Sick of seeing advertisements on your
phone? Aren’t we all! With the Adfree
app, you’ll never have to see another
advertisement again. The Adfree app
works in a unique way: instead of
actively scanning each app and webpage
for advertisements (which slows down
Android performance), Adfree simply
blocks the IP addresses of common
advertising agencies. This means that
advertisements will refuse to pop up
while using apps, browsing the internet,
or performing any other types of tasks
on your phone.
6) Busybox – Use Linux commands
Busybox might not appeal to the average
Android user, but it will certainly appeal
to tech geeks and Linux users. Busybox is
an app that adds Linux commands to your
Android device. To make the app as easy
as possible to use, Busybox even lists the
commands, making it easy to perform a
wide variety of functions that are
normally unavailable to users of non-
rooted Android devices.
5) Wireless Tether – Wireless hotspot app
Share your Android phone’s data
connection with any other wireless
device using the Wireless Tether app.
This is an ideal way to use your phone
data on your laptop while you’re in an
area with no internet connection,
although tethering can be used for a
wide variety of purposes. With the
Wireless Tether app, tethering can be
performed on any carrier and any
Android phone. Since some companies like
AT&T charge an additional $20 per
month for tethering, this makes the
Wireless Tether app an extremely
valuable tool.
4) Tasker – Automatic task app
Tasker is a smart app that will automate
all sorts of tasks on your phone. For
example, you can set a task to run every
day at 5pm, or perform plenty of other
useful functions. Although Tasker is
available from the Google Play store, it
won’t have root access on non-rooted
Android phones. When you give Tasker
root access, expect to see some
phenomenal results.
3) SSH Tunnel – Safeguard your internet
usage
Instead of letting anyone see what
you’re doing on the internet, the SSH
Tunnel encrypts your internet
connection using an SSH tunnel. When
you access a public Wi-Fi network
without an app like SSH Tunnel installed,
anybody with basic technical skills can
see what you’re doing over the internet,
which is most definitely a bad thing.
2) SetCPU – Overclock and monitor your
processor
The processor is at the heart of your
Android phone’s operations. On a normal
Android device, the user’s actions won’t
affect how the CPU functions. However,
thanks to the SetCPU app, that is no
longer a problem. SetCPU allows users to
customize the CPU to run at different
frequencies according to what the user
is currently doing. For example, you can
instantly reduce the CPU’s clock speed
when the screen is turned off, which
saves an enormous amount of battery
life. Ultimately, SetCPU allows you to
save battery power, speed up your
Android device, and monitor its
temperature.
1) Superuser – The first app to install on
a rooted Android device
MINE ROOTED APS
Hide my Root
Sure, CyanogenMod may be getting
more granular root settings, but
can you password protect them?
This app can.
--
Hide my Root lets you temporarily
hide the superuser binary and app
so that no applications or users can
get root access. You can even set a
password so that only you can
restore root access. On some roms
(usually rooted stock roms), Hide
my Root will allow you to use
Google Videos and similar apps on a
rooted phone. On custom roms
such as CyanogenMod, it will not
allow you to use Google Videos and
similar apps on a rooted phone.
Root Logger by Stericson
Root Logger is the only application
that can log all shell commands
that are sent to your phone,
including those from other rooted
applications. Root Logger can also
tell you who executed the
command, when it was executed,
and whether or not the command
was executed with root access. This
application will help you keep an
eye on what's being sent to the
shell on your phone and what those
applications are doing on your
phone. This Application requires
root access, busybox, and these
commands, which are usually
provided by Busybox, chmod, ln, ls,
cp, chattr, and rm.
Root Explorer
This is by far one of the most
comprehensive file managers out there.
This app gives you access to the whole of
android's file system and includes
features like an SQLite database viewer,
Text Editor, the ability to create and
extract zip or tar/gzip files, extract rar
archives, multi-select, execute scripts,
search, remount, permissions,
bookmarks, and lots more. There’s a free
version as well for you to try out.
Call Master
This advanced call and SMS blocker
gives you unique privacy features for
rooted users. With the app running
silently in the background, you can block
an MMS before it downloads, filter SMSs
by content and lots more.
MarketEnabler
You’ll notice that certain apps are
country specific and won’t show up in
the Play Store on your phone.
MarketEnabler helps you get around this
by tricking the Play Store into thinking
you are actually in that country or region
and allowing you to download the app.
You obviously won’t find this on the Play
Store, but a quick Google search will
help.
SD Maid
SD Maid will automatically clean up
unwanted files left behind when you
uninstall apps. Just like Windows,
sometimes certain files are not deleted
when you uninstall them and they can
clutter your file system over time. This
app helps remove those unwanted files.
StickMount
This app was designed to enable USB
On-the-go access on the Galaxy Nexus,
but there’s no reason why it shouldn’t
work on other handsets running ICS and
above. All you need is the cable and then
you can access data from your pen drives
easily, thus expanding your storage
Call Master
This advanced call and SMS blocker gives
you unique privacy features for rooted
users. With the app running silently in the
background, you can block an MMS
before it downloads, filter SMSs by
content and lots more.

Great Thread!!
Sent from my LG-P509 using Tapatalk 2

jerry7389 said:
Great Thread!!
Sent from my LG-P509 using Tapatalk 2
Click to expand...
Click to collapse
thanks

i have contacted one of the moderators to keep the thread on the first page waiting for their reply
and if u have more tell me i will add them as soon as possible

Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2

Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
if u can give me the thread link

Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
androidisfuture said:
if u can give me the thread link
Click to expand...
Click to collapse
I think he is talking about this
http://forum.xda-developers.com/showthread.php?t=1256048
Sent from my LG-P500 using Tapatalk 2

Christian Nothing said:
I think he is talking about this
http://forum.xda-developers.com/showthread.php?t=1256048
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
if he is talking abt this then my thread is not similar to sweetnsour as i am giving tools and i can only find android kitchen similar tell me if u agree

i have added 4 more :victory:

as sdk contains a varirty of tools like Dalvik Debug Monitor Server (ddms);dmtracedump etc my list is getting to an end but still no answer from the moderators

Jrhodes85 said:
Honestly and no offense to you but this already exist as a sticky, a pretty well written thread by sweetnsour
Sent from my LG-P500 using Tapatalk 2
Click to expand...
Click to collapse
To be honest, I feel that this kind of exists in Lycan's sticky:
http://forum.xda-developers.com/showthread.php?t=901247
specifically this post:
http://forum.xda-developers.com/showpost.php?p=25489058&postcount=177

sweetnsour said:
To be honest, I feel that this kind of exists in Lycan's sticky:
http://forum.xda-developers.com/showthread.php?t=901247
specifically this post:
http://forum.xda-developers.com/showpost.php?p=25489058&postcount=177
Click to expand...
Click to collapse
now i feel that this is similar but i am trying to add more and more if u have some tell me

Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered in different branches . Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app

ibub said:
Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered. Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app
Click to expand...
Click to collapse
i have pm lykan but no response i think he missed my pm

ibub said:
Could lycan be asked to link to this as an additional resource? The main difference that I see is that lycan's sticky is categorized and a lot of the tools are somewhat scattered in different branches . Yes, I know you specified the post for kernels, mods tweaks and TOOLS. But not all that is listed here, is listed there. Maybe a compromise is in order?
Sent from my LG-P500 using xda app-developers app
Click to expand...
Click to collapse
androidisfuture said:
i have pm lykan but no response i think he missed my pm
Click to expand...
Click to collapse
I am not sure if a compromise is possible. By looking at Lycan's last post, it looks like he hasn't been on for several months now. The thing is, that thread was first started by Bytecode, who handed the thread over to Lycan, so if Lycan was still active on XDA, I would've requested ownership of the thread. But since he has been inactive, I think it would be alright to copy the tools from his thread to yours (since his thread is not just about tools and such while this thread is), and in the event that he does come back online and asks for the tools to be removed from this thread, maybe there can be some sort of a compromise then.

sweetnsour said:
I am not sure if a compromise is possible. By looking at Lycan's last post, it looks like he hasn't been on for several months now. The thing is, that thread was first started by Bytecode, who handed the thread over to Lycan, so if Lycan was still active on XDA, I would've requested ownership of the thread. But since he has been inactive, I think it would be alright to copy the tools from his thread to yours (since his thread is not just about tools and such while this thread is), and in the event that he does come back online and asks for the tools to be removed from this thread, maybe there can be some sort of a compromise then.
Click to expand...
Click to collapse
ok i will see to it
if i can copy i will give credit to him

i have 5 more they are of lycan

the thread is now a sticky

Thanks !!!

[XPOSED][4.4+] Pokemon Go Trust Certificate - Disables certificate pinning for MITM

Hey community!
This module disables the freshly introduced (v.0.30.0) certificate pinning of the Pokemon Go app, making MITM interception/analysis/projects working and possible again.
Download
Download from Xposed repo: repo.xposed.info/module/de.rastapasta.android.xposed.pokemongo
Or from GitHub: github.com/rastapasta/pokemon-go-xposed
Background:
I'm a developer of some Pokemon Go MITM projects (like github.com/rastapasta/pokemon-go-mitm) and got confronted with the freshly introduced certificate pinning in the newest Pokemon Go version. The native code requests the certificate trust chain of the connection to the API and checks if the certificates are issued by the correct authorities.
To fix that, I simply hooked into com.nianticlabs.nia.network.NianticTrustManager's checkServerTrusted method and made sure that the requested trust chain is always identical to the expected version.
Enjoy!

hello! could you please help me? I couldn't understand the description in your xposed module... what do you mean by "trusted surrounding" ? I would love to try this app and help you out if possible but I didn't understand what the app does...

"Just another quick update, we have discovered that users utilizing MITM techniques may be getting flagged by Niantic servers. Please note read-only MITM is not affected by this flagging."
reddit.com/live/xdkgkncepvcq
---------- Post added at 04:00 AM ---------- Previous post was at 03:37 AM ----------
shashanksetty said:
hello! could you please help me? I couldn't understand the description in your xposed module... what do you mean by "trusted surrounding" ? I would love to try this app and help you out if possible but I didn't understand what the app does...
Click to expand...
Click to collapse
"modifying on the fly the connection between pokemon go and the servers. Like the articuno case in ohio, it is just a fake articuno made with modifying the connection data between the client and servers. EDIT: Articuno event probably isn't a MITM mod, because otherwise other people couldn't see that hack."
MITM stands for Man-In-The-Middle.

t0per666 said:
"Just another quick update, we have discovered that users utilizing MITM techniques may be getting flagged by Niantic servers. Please note read-only MITM is not affected by this flagging."
reddit.com/live/xdkgkncepvcq
---------- Post added at 04:00 AM ---------- Previous post was at 03:37 AM ----------
"modifying on the fly the connection between pokemon go and the servers. Like the articuno case in ohio, it is just a fake articuno made with modifying the connection data between the client and servers. EDIT: Articuno event probably isn't a MITM mod, because otherwise other people couldn't see that hack."
MITM stands for Man-In-The-Middle.
Click to expand...
Click to collapse
Thank you

Hy all, can I ask how is with Pokemon GO clone app?
If I have two accounts and I want both on the same phone..I installed App Cloner and cloned the app so I can use two versions of them. However App Cloner changes app certificate so what does that mean? Will I get banned if I use the Pokemon GO app with changed certificate? Also, does that mean this module can help me so both versions of the app seem legit?
Thank you very much for the explanations

2018 = ?
rasta-pasta said:
Hey community!
This module disables the freshly introduced (v.0.30.0) certificate pinning of the Pokemon Go app, making MITM interception/analysis/projects working and possible again.
Download
Download from Xposed repo: repo.xposed.info/module/de.rastapasta.android.xposed.pokemongo
Or from GitHub: github.com/rastapasta/pokemon-go-xposed
Background:
I'm a developer of some Pokemon Go MITM projects (like github.com/rastapasta/pokemon-go-mitm) and got confronted with the freshly introduced certificate pinning in the newest Pokemon Go version. The native code requests the certificate trust chain of the connection to the API and checks if the certificates are issued by the correct authorities.
To fix that, I simply hooked into com.nianticlabs.nia.network.NianticTrustManager's checkServerTrusted method and made sure that the requested trust chain is always identical to the expected version.
Enjoy!
Click to expand...
Click to collapse
Hey .. i want to ask what now is,... works it or has it done and completly death killed by niantic ?

How to protect an APP from Piracy/Illegal Copy

I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?

get a lawyer for that legal stuffs

The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.
---------- Post added at 07:07 PM ---------- Previous post was at 07:06 PM ----------
The way I've done it with a few of my windows apps is to have the user login, and check that it is the only device currently logged on with that username/password. This requires internet though.
The Mac address is a good idea. I switch my Mac on my PC a bit depending on my work settings so it seems a little off too me, but I most people don't spoof their mac that often. I can't see a reason people would be doing it on an Android TV.
You could go with the classic serial number approached, but that is easily shared. Although the reality is no matter what you do there is always a chance that somebody will reverse engineer it. There are some dedicated hackers and crackers out there, and android apps are easy to modify code so the chance is raised a bit there. So weigh the options of how much effort it is for you, and how tedious you want it to be for the end user, verses how many will actually copy it. Is it worth building something more technical for the 5-10% of users that will manage to use it for free? I just pulled that number out of nowhere, different apps have higher potential so there is that factor too, and that's a question for you to answer not me. Just somethings to think about.

irresistiblecam said:
I am building a webapp for android TV. It not need internet. It is a niche market. So I will not publish it on google play, but I will put a demo version on a website, and I will send by email a full features version after a payment. It will cost about 30-40 dollars.
How can I protect my full version webapp from illegal copy and piracy?
I am thinking about check the mac address of the android device, but I do not know how to from a webapp that use a simple HTML, CSS and Javascript.
What is the best solution?
Click to expand...
Click to collapse
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.

jwoegerbauer said:
Android 10 came up with the default "randomized MAC address" feature. For anyone who is serious about mobile security, this feature is a must-use, should never get disabled, IMHO.
Click to expand...
Click to collapse
thank you Danksh you was very helpfull.
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?

irresistiblecam said:
jwoegerbauer, I didn't known the randomized function on android 10. But what is the default settings when a phone or tv is selled?
Click to expand...
Click to collapse
Told you that default setting is "randomized MAC address".
FYI:
You must distinguish between MAC address, IMEI and Device ID, which are 3 completely different things: And, these can be changed by the Android user at any time - or will automatically get changed by Android OS itself.
MAC address - read: Wi-Fi MAC address - is used for networking, normally over the Internet
IMEI is a unique manufacturer-assigned number that is part of the Android phone and identifies the handset itself. The identifier that is really used to connect your phone with a phone number is the SIM ID which I believe is the ICCID. This is pretty much what identifies your phone to the tower.
Device ID ( often refered to as Android ID ) is generated when you boot your Android phone first time and will be there forever. When you format everything and factory reset your device then this device ID is overwritten and re-generated and stored again. Similarly, if you ever install a new ROM on your Android device, then this device ID will be overwritten and re-generated when you boot the device first time.
Knowing this you can see that none of the 3 mentioned numbers is unchangeable.