List with some of the problematic apps and issues with microg
https://github.com/microg/android_packages_apps_GmsCore/wiki/Problem-Apps
https://github.com/microg/android_packages_apps_GmsCore/issues
#issues #problems #microg
https://github.com/microg/android_packages_apps_GmsCore/wiki/Problem-Apps
https://github.com/microg/android_packages_apps_GmsCore/issues
#issues #problems #microg
GitHub
microg/android_packages_apps_GmsCore
Free implementation of Play Services. Contribute to microg/android_packages_apps_GmsCore development by creating an account on GitHub.
Microg / Nanodroid issues and solutions
๐ก https://gitlab.com/Nanolx/NanoDroid/tree/master#issues
๐ก https://forum.xda-developers.com/apps/magisk/module-nanomod-5-0-20170405-microg-t3584928/post79468220
๐ก npem
In a terminal app like termux write these 2 commands and reboot (first one is just to get root, accept):
https://gitlab.com/Nanolx/NanoDroid/blob/master/doc/NanoDroidPerm.md
๐ก @NoGoolag ๐ก @Libreware
#microg #issues #solutions #problem #nanodroid #rh01
๐ก https://gitlab.com/Nanolx/NanoDroid/tree/master#issues
๐ก https://forum.xda-developers.com/apps/magisk/module-nanomod-5-0-20170405-microg-t3584928/post79468220
๐ก npem
In a terminal app like termux write these 2 commands and reboot (first one is just to get root, accept):
su
npem
https://gitlab.com/Nanolx/NanoDroid/blob/master/doc/NanoDroidPerm.md
๐ก @NoGoolag ๐ก @Libreware
#microg #issues #solutions #problem #nanodroid #rh01
Newly introduced proprietary blob "QC Location" breaks any other location providers
ppf I got rid of that in my private builds and they seem to have no vital function ~would
from an issue comment:
After some search, I found on the official website of Qualcomm softwares that:
Qualcomm Location periodically sends us a unique software ID, the location of your device (longitude, latitude and altitude, and its uncertainty) and nearby cellular towers and Wi-Fi hotspots, signal strength, and time (collectively, โLocation Dataโ). As with any Internet communication, we also receive the IP address your device uses. We use Location Data, software IDs and IP addresses, and the other data we collect to help us protect, evaluate, and improve the performance of our systems.
In other words, it would be a tacit tower and WiFi collector without the obvious perception of users.
It is not only proprietary (note that LineageOS is aimed to be free and open-source), but also privacy-fringing. I propose to revert commits associated to QC locations.
(#1270) ยท Issues ยท LineageOS / issues / android ยท GitLab
https://gitlab.com/LineageOS/issues/android/issues/1270
#issues
ppf I got rid of that in my private builds and they seem to have no vital function ~would
from an issue comment:
After some search, I found on the official website of Qualcomm softwares that:
Qualcomm Location periodically sends us a unique software ID, the location of your device (longitude, latitude and altitude, and its uncertainty) and nearby cellular towers and Wi-Fi hotspots, signal strength, and time (collectively, โLocation Dataโ). As with any Internet communication, we also receive the IP address your device uses. We use Location Data, software IDs and IP addresses, and the other data we collect to help us protect, evaluate, and improve the performance of our systems.
In other words, it would be a tacit tower and WiFi collector without the obvious perception of users.
It is not only proprietary (note that LineageOS is aimed to be free and open-source), but also privacy-fringing. I propose to revert commits associated to QC locations.
(#1270) ยท Issues ยท LineageOS / issues / android ยท GitLab
https://gitlab.com/LineageOS/issues/android/issues/1270
#issues
GitLab
Newly introduced proprietary blob "QC Location" breaks any other location providers (#1270) ยท Issues ยท LineageOS / issues / android
Expected Behavior UnifiedNlp could be run as a Network Provider and a Fused Location Provider.
Fix Signature Spoofing Support
Solution when "Play Store (Phonesky) has correct signature" is not checked,
run these 2 commands in termux app or other terminal app:
For android 9 and lower you can do it this way:
Go to settings
apps
app permission
signature spoofing
3 dot menu
show system apps
give permission to fakestore.
How to give Fake Store permissions on the second user. Not possible the usual way with terminal. So in
Add the line:
Then reboot
๐ก @NoGoolag
#fsss #fix #signature #spoofing #problems #issues #playstore #phonesky
Solution when "Play Store (Phonesky) has correct signature" is not checked,
run these 2 commands in termux app or other terminal app:
su
pm grant com.android.vending android.permission.FAKE_PACKAGE_SIGNATURE
For android 9 and lower you can do it this way:
Go to settings
apps
app permission
signature spoofing
3 dot menu
show system apps
give permission to fakestore.
How to give Fake Store permissions on the second user. Not possible the usual way with terminal. So in
/data/system/users/10/runtime-permissions.xml
Add the line:
<pkg name="com.android.vending">
<item name="android.permission.FAKE_PACKAGE_SIGNATURE" granted="true" flags="0" />
</pkg>
Then reboot
๐ก @NoGoolag
#fsss #fix #signature #spoofing #problems #issues #playstore #phonesky
FCM/push messaging troubleshooting
Go to microG settings > Google Cloud Messaging and check if the app is connected.
if no:
- Log in your Google account
- Try wiping data for the app
- Before restoring a backup, first restore the app only (without data) and start it to register the app. After that you can restore the data.
- If on NanoDroid, use this command for all apps or for a given appname (e.g. com.nianticlabs.pokemongo)
--
or
--
If yes:
- Ensure you don't have an adblocker blocking the domain mtalk.google.com
If you can't get any app to register for Google Cloud Messaging, try dialing this:
or
From: https://gitlab.com/Nanolx/NanoDroid/tree/master#issues
๐ก @NoGoolag
#push #fcm #gcm #fix #problems
Go to microG settings > Google Cloud Messaging and check if the app is connected.
if no:
- Log in your Google account
- Try wiping data for the app
- Before restoring a backup, first restore the app only (without data) and start it to register the app. After that you can restore the data.
- If on NanoDroid, use this command for all apps or for a given appname (e.g. com.nianticlabs.pokemongo)
--
nutl -r
or
--
nutl -r [appname]
If yes:
- Ensure you don't have an adblocker blocking the domain mtalk.google.com
If you can't get any app to register for Google Cloud Messaging, try dialing this:
*#*#2432546#*#*
or
*#*#CHECKIN#*#*
From: https://gitlab.com/Nanolx/NanoDroid/tree/master#issues
๐ก @NoGoolag
#push #fcm #gcm #fix #problems
Forwarded from BlackBox (Security) Archiv
Who reports the โlow hanging fruitโ security issues?
Some time ago, I came across this article on Hacker News. I recommend you read the whole thing. But in short: A social media site for woman called โGiggleโ used an API that pretty much exposed every users data, if you did so much as to request it. This is called an IDOR vulnerability.
The โbarrier of entryโ is very low here. Installing BurpSuite might have actually been the hardest part of it all.
I always found these types of โhacksโ the most interesting. Mostly because they donโt require any experience in offensive security. You donโt need to be an professional pentester to know basic API debugging. Even I could do something like this! In fact, I still sometimes hack myself into leaderboards of browser games like this one.
These kind of โeasy to pickโ targets are often referred to as โlow hanging fruitโ. There is no complicated setup or mentionable work required to just grab an apple from a low hanging branch. Same thing was true for hacking Giggle.
And these types of incidents are all but rare. Just search the web for โunsecured elasticsearch instanceโ. Also, it doesnโt just affect userdata neither. There have been IDOR issues on car control systems. One could literally stop, lock and unlock cars thanks to a certain API endpoint that required no authentication.
๐ ๐๐ผ https://palone.blog/#post-who-reports-the-low-hanging-fruit-security-issues-158
#palone #blog #security #issues #IDOR
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
๐ก@NoGoolag
Some time ago, I came across this article on Hacker News. I recommend you read the whole thing. But in short: A social media site for woman called โGiggleโ used an API that pretty much exposed every users data, if you did so much as to request it. This is called an IDOR vulnerability.
The โbarrier of entryโ is very low here. Installing BurpSuite might have actually been the hardest part of it all.
I always found these types of โhacksโ the most interesting. Mostly because they donโt require any experience in offensive security. You donโt need to be an professional pentester to know basic API debugging. Even I could do something like this! In fact, I still sometimes hack myself into leaderboards of browser games like this one.
These kind of โeasy to pickโ targets are often referred to as โlow hanging fruitโ. There is no complicated setup or mentionable work required to just grab an apple from a low hanging branch. Same thing was true for hacking Giggle.
And these types of incidents are all but rare. Just search the web for โunsecured elasticsearch instanceโ. Also, it doesnโt just affect userdata neither. There have been IDOR issues on car control systems. One could literally stop, lock and unlock cars thanks to a certain API endpoint that required no authentication.
๐ ๐๐ผ https://palone.blog/#post-who-reports-the-low-hanging-fruit-security-issues-158
#palone #blog #security #issues #IDOR
๐ก@cRyPtHoN_INFOSEC_DE
๐ก@cRyPtHoN_INFOSEC_EN
๐ก@BlackBox_Archiv
๐ก@NoGoolag
For anyone having issues with latest microg not registering apps in the gcm part, check out this workaround, it seems to fix it for most
Remember, it's not necessary to add a Google account to use gcm
https://github.com/microg/GmsCore/issues/1408
https://libredd.it/r/MicroG/comments/kuhgse/device_registration_and_push_notifications/girx53t/
#gcm #microg #fix #problems #issues
Remember, it's not necessary to add a Google account to use gcm
https://github.com/microg/GmsCore/issues/1408
https://libredd.it/r/MicroG/comments/kuhgse/device_registration_and_push_notifications/girx53t/
#gcm #microg #fix #problems #issues
GitHub
Device Registration and SafetyNet reverting to Off after every reboot; push notifications not working ยท Issue #1408 ยท microg/GmsCore
Observed behavior After every reboot, Device Registration and SafetyNet revert to off. GCM is stuck on On and cannot be disabled. Push notifications do not work. To Reproduce Install MicroG Enter M...
Ad block shouldn't break your checkout
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? ๐ค
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. ๐ข
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things ๐ฟ
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.
What happened? ๐ค
If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. ๐ข
The experience just stops, and he couldn't go through with the order.
I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.
uBlock Origin breaks things ๐ฟ
So, what is the root cause of this issue? If we look at the code that breaks:
https://ilakovac.com/teespring-ublock-issue/
#ublock #adblock #issues
Ilakovac
Ad block shouldn't break your checkout
TeeSpring's checkout doesn't work if you have ad block turned on
Colonial Pipeline Hit by Network Outage Just Days After Hack Shutdown
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.
The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.
Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.
Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.
After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.
Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.
https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources
https://twitter.com/IntelPointAlert/status/1394672389464670212
#colonial #pipeline #network #issues
US News & World Report
Colonial Pipeline Hit by Brief Network Outage Amid Efforts to Harden System | Investing News | US News
US News is a recognized leader in college, grad school, hospital, mutual fund, and car rankings. Track elected officials, research health conditions, and find news you can use in politics, business, health, and education.
๐ด App download / install / manage
Google PlayStoreโข can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )
You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store
Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold
Here are some better alternatives to get and manage Android apps:
๐ F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034
๐ Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242
๐ Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
โ ๏ธ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore
๐ Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666
๐ Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases
๐ App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge
๐ Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium
๐ Accrescent
https://accrescent.app
๐ Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app
๐ Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid
๐ apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep
๐ APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber
๐ APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror
๐ ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack
๐ Kali Nethunter Store
Pentesting apps
https://store.nethunter.com
๐ Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader
๐ Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de
๐ด App management
๐ AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager
๐ AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden
๐ /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247
๐ Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller
๐ Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor
๐ OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk
๐ NeoBackup
https://github.com/NeoApplications/Neo-Backup
๐ด App info
๐ฌ ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus
๐ฌ Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy
๐ฌ App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher
๐ฌ Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer
๐ก @NoGoolag ๐ก @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei
Google PlayStoreโข can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )
You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store
Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold
Here are some better alternatives to get and manage Android apps:
๐ F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034
๐ Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242
๐ Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
โ ๏ธ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore
๐ Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666
๐ Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases
๐ App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge
๐ Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium
๐ Accrescent
https://accrescent.app
๐ Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app
๐ Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid
๐ apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep
๐ APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber
๐ APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror
๐ ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack
๐ Kali Nethunter Store
Pentesting apps
https://store.nethunter.com
๐ Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader
๐ Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de
๐ด App management
๐ AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager
๐ AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden
๐ /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247
๐ Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller
๐ Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor
๐ OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk
๐ NeoBackup
https://github.com/NeoApplications/Neo-Backup
๐ด App info
๐ฌ ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus
๐ฌ Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy
๐ฌ App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher
๐ฌ Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer
๐ก @NoGoolag ๐ก @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei