This Giant Ad Fraud Scheme Drained Users' Batteries And Data By Running Hidden Video Ads In Android Apps

A scheme to stealthily run video ads behind banner images drained users' batteries and data while they used popular Android apps.

Julien's app is one of several, including many using Twitter's MoPub ad platform, that saw its in-app ads hijacked in an ad fraud scheme uncovered by fraud detection firm Protected Media. The company’s findings, along with additional reporting and interviews by BuzzFeed News, and independent verification from an outside ad fraud lab, show that one of the players implicated in this scheme is Aniview, an Israeli company with offices in New York that runs a video ad technology platform.

https://www.buzzfeednews.com/article/craigsilverman/in-banner-video-ad-fraud

📡 @NoGoolag
#banner #video #ad #fraud #playstore #android #apps

Aurora Store

Aurora Store is an UnOfficial FOSS client to Google's Play Store, with an elegant design, using Aurora you can download apps,
update existing apps, search for apps, get details about in-app trackers and much more.

You can also Spoof your Device Information, Language and Region to get access to the apps that are not yet available
or restricted in your Country|Device.

Aurora Store does not require Google's Proprietary Framework (Spyware ?) to operate, it works perfectly fine with
or without GooglePlayService or MicroG. Thereby avoding the various concerned *userdata & privacy issues.

📖 Readme
https://gitlab.com/AuroraOSS/AuroraStore/blob/master/README.md

🗣 Telegram Group:
t.me/AuroraSupport

📡 Releases Channel:
t.me/AuroraOfficial

XDA:
https://forum.xda-developers.com/android/apps-games/galaxy-playstore-alternative-t3739733

4PDA
https://4pda.ru/forum/index.php?showtopic=887569


⬇️ Downloads:
- Join the telegram group for the most recent alpha and beta builds

F-Droid
https://f-droid.org/app/com.aurora.store

XDA Labs
https://labs.xda-developers.com/store/app/com.aurora.store

Nightly builds
(Not recomended for daily use)
http://auroraoss.com/Nightly


🌍 How to use GeoSpoof to download apps that are not available in your region
https://telegra.ph/Aurora-Store-GeoSpoof-08-13

📝 Translations:
https://poeditor.com/join/project/54swaCpFXJ

⌨️ Source Code:
https://gitlab.com/AuroraOSS/AuroraStore


📡 @NoGoolag
#aurora #store #playstore #alternative #yalp

Kiwi browser has been removed from Google's Playstore

The developer https://www.reddit.com/user/arnaudx42 has appealed to the ban

https://discordapp.com/invite/XyMppQq

https://www.reddit.com/r/kiwibrowser

https://forum.xda-developers.com/android/apps-games/app-kiwi-browser-chromium-adblock-caf-t3797252

https://labs.xda-developers.com/store/app/com.kiwibrowser.browser

#kiwi #browser #chrome #playstore #why

Android developers can now force app updates
https://techcrunch.com/2019/05/07/android-developers-can-now-force-app-updates

Comments:
https://news.ycombinator.com/item?id=19915891


#force #updates #ps #playstore #why

🗞 Google tightens restrictions on apps with sexual content, loot boxes, hate speech, and marijuana sales

Google is making a number of policy changes to the Google Play store and the applications that are allowed to be inside it. This seems to be both a big push towards making the Play Store more family friendly while also clearing up some gray areas that developers have been curious about. The latest changes
...

https://www.xda-developers.com/google-play-restrictions-sexual-content-loot-boxes-hate-speech-marijuana


#google #playstore #cannabis #censorship

The Eye on the Nile

Phishing attack on government opponents in Egypt - with apps from the Play Store

Specialists reveal a sophisticated phishing attack in Egypt. Android apps that made it into the Play Store without catching the eye were involved.

Back in March 2019, Amnesty International published a report that uncovered a targeted attack against journalists and human rights activists in Egypt. The victims even received an e-mail from Google warning them that government-backed attackers attempted to steal their passwords. https://www.amnesty.org/en/latest/research/2019/03/phishing-attacks-using-third-party-applications-against-egyptian-civil-society-organizations/

According to the report, the attackers did not rely on traditional phishing methods or credential-stealing payloads, but rather utilized a stealthier and more efficient way of accessing the victims’ inboxes: a technique known as “OAuth Phishing”. By abusing third-party applications for popular mailing services such as Gmail or Outlook, the attackers manipulated victims into granting them full access to their e-mails.

Recently, we were able to find previously unknown or undisclosed malicious artifacts belonging to this operation. A new website we attributed to this malicious activity revealed that the attackers are going after their prey in more than one way, and might even be hiding in plain sight: developing mobile applications to monitor their targets, and hosting them on Google’s official Play Store.

After we notified Google about the involved applications, they quickly took them off of the Play Store and banned the associated developer.

👉🏼 Read more:
https://research.checkpoint.com/the-eye-on-the-nile/

#Egypt #pishing #attacks #research #android #apps #playstore
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_ES

Fix Signature Spoofing Support

Solution when "Play Store (Phonesky) has correct signature" is not checked,

run these 2 commands in termux app or other terminal app:

su

pm grant com.android.vending android.permission.FAKE_PACKAGE_SIGNATURE


For android 9 and lower you can do it this way:
Go to settings
apps
app permission
signature spoofing
3 dot menu
show system apps
give permission to fakestore.


How to give Fake Store permissions on the second user. Not possible the usual way with terminal. So in /data/system/users/10/runtime-permissions.xml
Add the line:
<pkg name="com.android.vending">
<item name="android.permission.FAKE_PACKAGE_SIGNATURE" granted="true" flags="0" />
</pkg>
Then reboot


📡 @NoGoolag
#fsss #fix #signature #spoofing #problems #issues #playstore #phonesky

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.

"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.

👀 The full contents of the database, spanning across 4,282 apps, included:

‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+

👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html

#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

https://www.bbc.com/news/technology-52808177

#tiktok #google #playstore

Google Pulls Chinese-App Remover From Android for Violations

https://www.bloombergquint.com/business/google-pulls-chinese-app-remover-from-android-for-violations


#Google #playstore #China #India #delete

Fortnite for Android has also been kicked off the Google Play Store

You can still install it directly from Epic, however

Following its removal from the Apple App Store, Fortnite has also been kicked off of the Google Play Store for Android. Earlier today, Epic Games snuck in an update for both the iPhone and Android versions of the game that allowed users to pay Epic directly for in-app purchases instead of using the officially sanctioned system for both platforms.

What followed was a wild ride: Apple kicked Fortnite off the App Store, then Epic sued Apple, and finally there was an in-game video parodying Apple’s own 1984 commercial, positioning Apple itself as the monopolist.

https://www.theverge.com/2020/8/13/21368079/fortnite-epic-android-banned-google-play-app-store-rule-violation

https://www.engadget.com/fortnite-android-225437892.html

https://youtu.be/euiSHuaw6Q4


#Google #apple #fortnite #appstore #playstore #payments #EpicGames

A tip from a kid helps detect iOS and Android scam apps’ 2.4 million downloads

Smartphone apps raked in ~$500,000, in part thanks to shilling on TikTok and Instagram

Researchers said that a tip from a child led them to discover aggressive adware and exorbitant prices lurking in iOS and Android smartphone apps with a combined 2.4 million downloads from the App Store and Google Play.

Posing as apps for entertainment, wallpaper images, or music downloads, some of the titles served intrusive ads even when an app wasn’t active. To prevent users from uninstalling them, the apps hid their icon, making it hard to identify where the ads were coming from. Other apps charged from $2 to $10 and generated revenue of more than $500,000, according to estimates from SensorTower, a smartphone-app intelligence service

The apps came to light after a girl found a profile on TikTok that was promoting what appeared to be an abusive app and reported it to Be Safe Online, a project in the Czech Republic that educates children about online safety. Acting on the tip, researchers from security firm Avast found 11 apps, for devices running both iOS and Android, that were engaged in similar scams.

https://arstechnica.com/information-technology/2020/09/scam-apps-with-2-4-million-downloads-found-on-apple-and-google-shelves/

#scam #kids #adware #Playstore #android #AppStore #iOS #tiktok #instagram

Google to update Play Store guidelines to make it harder to bypass the 30% fee

https://www.xda-developers.com/google-double-down-30-in-app-fee

Google will reportedly get stricter with developers over in-app purchases, according to Bloomberg. The move is set to be announced next week and will surely upset some developers who have previously circumvented Google’s rules.

Bloomberg’s report claims Google will issue updated guidelines that will clarify a requirement for apps to use Google Play In-app Billing service for in-app purchases. That means if you purchase a Spotify subscription through the Android app, Google wants its 30% cut of the revenue.

Google’s policies aren’t necessarily changing. Rather, the company is reportedly cracking down and will no longer allow developers to prompt users to pay with their credit card, rather than offering a subscription through Google’s billing service for in-app purchases.

Here’s what Google’s existing Play Store guidelines say, in part:
Developers offering products within a game download on Google Play or providing access to game content must use Google Play In-app Billing as the method of payment.
Developers offering products within another category of app downloaded on Google Play must use Google Play In-app Billing as the method of payment, except for the following cases:
Payment is solely for physical products.
Payment is for digital content that may be consumed outside of the app itself (e.g. songs that can be played on other music players).

Even with these policies in place, Google has more or less allowed some high-profile companies to circumvent the guideline by turning a blind eye when they offer an alternative method of payment. With Google ready to double down on the requirement, developers will allegedly get a short grace period to comply before facing enforcement. Apple has recently come under fire for a similar practice — though the Cupertino-based company has strictly enforced its own requirements from the very beginning.

Google’s updated policies will surely escalate what is growing into an ugly battle between developers and Apple and Google. Both companies are already embroiled in an ugly legal battle with Epic Games, which recently tried to circumvent App Store and Play Store policies by encouraging Fortnite players to purchase in-game content from Epic directly. Apple and Google responded by taking Fortnite down from their respective app stores.

Meanwhile, it was announced this week that some of the industry’s most popular developers, including Epic Games, Spotify, and Tile, were banding together to create the Coalition for App Fairness. The group’s aim is to “create a level playing field for app businesses.”

Google’s Android platform allows users to access multiple app stores, while apps can also be side-loaded. But if developers want to be in the Play Store, they have to abide by Google’s rules. We’ll see what the response is like when Google clarifies its stance on in-app purchases next week.


#google #playstore #fee #30%

India's own app store in works, will be an alternative to Google Play Store, Apple App Store

https://www.timesnownews.com/technology-science/article/indias-own-app-store-in-works-will-be-an-alternative-to-google-play-store-apple-app-store-report/661037


#playstore #India #gov #apk #alternatives

The #Epic @fedilab @k9mail cases have reinforced our strong stance that we must control the distribution channels of #FLOSS and no longer depend on the #PlayStore

A major threat to the adoption of an alternative is that users expect updates to be automatic but #Google made that possible only for the #PlayStore

Code Lutin will invest on @fdroidorg to make software update possible on non-rooted #Android devices thus, allowing people to adopt #FreeSoftware

#MécénatCodeLutin #DeleteGoogle #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google Play bans third-party app for YouTube alternative BitChute
Article, Comments

#Google #playstore #bitchute #youtube #alternative