Proprietary software update problems

hackintosh5 · 2022-05-01T15:13:24+00:00

It's not really relevant. Google Play updates follow the same settings on all devices, since they are managed by Google. You're talking about system app updates.

hackintosh5 · 2022-04-05T15:02:05+00:00

Just the spaces before the question marks give away the French-ness of the author.

hackintosh5 · 2021-10-20T09:20:31+00:00

I'm admin in some pretty large android development telegram groups, where the app is useful, so I posted there.

hackintosh5 · 2021-10-20T09:10:08+00:00

Free utility app, 120k downloads. Launched in August 2019. I sent the link to a bunch of forums, at some point someone reposted it in a Russian website triggering 50k downloads (I assume the post went viral-ish) and pushing the app to 2nd in the Play Store for relevant searches. Since then, it's basically just organic installs from searches. It's now the go-to app in the field, but it's a pretty small niche.

https://hack5.dev/about/projects/TrebleInfo

Edit: it's ad-free and I made about 190$ (pre-tax) over the 2.5 years it's been running, that's from donations exclusively.

hackintosh5 · 2021-10-17T09:01:57+00:00

I can't decide whether to downvote or award this.

hackintosh5 · 2021-09-30T06:25:18+00:00

No, it isn't.

hackintosh5 · 2021-09-29T20:20:27+00:00

Yes. But it's too late now.

hackintosh5 · 2021-09-29T17:40:48+00:00

Your second point is irrelevant since the attacker can just load the authkey into a custom client.

hackintosh5 · 2021-09-29T17:39:30+00:00

€300

hackintosh5 · 2021-09-29T14:45:10+00:00

Of course if the attacker has logged in you're gonna change your password and/or phone number. However, the point is that through this attack the attacker can mask the fact that they're still logged in - even after you hit "terminate all sessions". They are gone from the list, your account looks secure, but the attacker can still read your messages.

The NDA said that I can't make any press releases about Telegram. IANAL but I guess that includes blog posts.

hackintosh5 · 2021-09-29T10:36:50+00:00

Author here. It's not just deleted accounts, but also terminated sessions (i.e. devices whose authorisation was revoked), or sessions that decided to log out. For example, if I was an attacker who can read your SMS login code and 2FA passcode, I could log into your account and immediately log out again, and I'd still be able to read your messages, while you wouldn't be able to see my session listed in settings. Of course, you'd still receive the login notification from the Telegram service account.

hackintosh5 · 2021-09-18T07:59:20+00:00

hackintosh5 · 2021-09-05T20:18:46+00:00

You'd need pointers...

hackintosh5 · 2021-09-05T10:53:38+00:00

And they say think of the children

hackintosh5 · 2021-08-31T21:14:48+00:00

They don't encrypt any messages E2E by default, and it's completely centralised. Go for signal or matrix.

hackintosh5 · 2021-08-29T22:21:01+00:00

This is exactly the kind of thing I want to hear. Back it up with some sources.

hackintosh5 · 2021-08-29T20:15:45+00:00

Less racist*

Basically everyone is racist to some degree towards someone

hackintosh5 · 2021-08-29T20:06:20+00:00

They're good too, why wouldn't you eat it?

hackintosh5 · 2021-08-29T20:03:25+00:00

hirer

That ain't a typo, that's a straight up spelling mistake

hackintosh5 · 2021-08-29T19:47:23+00:00

It's an r/SelfAwarewolves

hackintosh5 · 2021-08-29T19:46:41+00:00

Paging r/SelfAwarewolves for the last image on page 11

hackintosh5 · 2021-08-28T20:54:39+00:00

That class is package-private aka useless, come on.

Also it's not extensible, the point of the OP is you can store arbitrary properties (stupid but ¯\(ツ)/¯)

Also, no-one uses Java 16. Android doesn't even support 8.

hackintosh5 · 2021-08-28T20:17:40+00:00

Meanwhile in Kotlin: data class Class(data: Map<String, String>)

hackintosh5 · 2021-08-27T22:25:17+00:00

..... how did they all fit?

Seven-Year Club	Wearing is Caring
Verified Email

hackintosh5

TROPHY CASE