Forwarded from BlackBox (Security) Archiv
Media is too big
VIEW IN TELEGRAM
Aarogya Setu Data Privacy Ignored: RTI Exposes Major Govt Lapses
RTI replies from National Informatic Centre reveal Government of India’s failure to implement measures to secure private data of over 160 million Indians collected by the COVID-19 tracing app, Aarogya Setu. The govt announced a data protection and audit protocol for Aarogya Setu, but even 6 months later, it has failed to act on most of its key aspects.
📺 https://www.youtube.com/watch?v=8ldFm2CEqqA
#india #gov #rti #covid #tracing #app #data #protection #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
RTI replies from National Informatic Centre reveal Government of India’s failure to implement measures to secure private data of over 160 million Indians collected by the COVID-19 tracing app, Aarogya Setu. The govt announced a data protection and audit protocol for Aarogya Setu, but even 6 months later, it has failed to act on most of its key aspects.
📺 https://www.youtube.com/watch?v=8ldFm2CEqqA
#india #gov #rti #covid #tracing #app #data #protection #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag
Forwarded from BlackBox (Security) Archiv
Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking
Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed in a blog post on Thursday. Meanwhile, a U.S. report revealed Friday that American school districts have also bought the firm’s technology.
Cellebrite’s phone-hacking technology is intended for law enforcement agencies and is sold across the world. However, critics have long slammed the company for selling its wares to states with poor human rights records, from Indonesia and Venezuela to Belarus and Saudi Arabia.
https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
#signal #cellebrite #decrypting #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources
Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed in a blog post on Thursday. Meanwhile, a U.S. report revealed Friday that American school districts have also bought the firm’s technology.
Cellebrite’s phone-hacking technology is intended for law enforcement agencies and is sold across the world. However, critics have long slammed the company for selling its wares to states with poor human rights records, from Indonesia and Venezuela to Belarus and Saudi Arabia.
https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581
https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/
#signal #cellebrite #decrypting #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox
PCAPdroid
Capture traffic on Android devices and send the PCAP via UDP without root
PCAPdroid lets you capture the Android traffic and analyze it remotely (e.g. via Wireshark). The traffic can be easily captured on a remote PC via an UDP socket.
💡 Features:
✅ Capture apps traffic without root privileges
✅ Send captured traffic via UDP
✅ Download the traffic PCAP via the integrated HTTP server
✅ Show captured traffic real time statistics
✅ Apply a filter to only capture traffic for the selected app
✅ Decrypt HTTPS/TLS traffic via a remote mitmproxy
https://f-droid.org/packages/com.emanuelef.remote_capture/
#PCAPdroid #android #fdroid #app
Capture traffic on Android devices and send the PCAP via UDP without root
PCAPdroid lets you capture the Android traffic and analyze it remotely (e.g. via Wireshark). The traffic can be easily captured on a remote PC via an UDP socket.
💡 Features:
✅ Capture apps traffic without root privileges
✅ Send captured traffic via UDP
✅ Download the traffic PCAP via the integrated HTTP server
✅ Show captured traffic real time statistics
✅ Apply a filter to only capture traffic for the selected app
✅ Decrypt HTTPS/TLS traffic via a remote mitmproxy
https://f-droid.org/packages/com.emanuelef.remote_capture/
#PCAPdroid #android #fdroid #app
f-droid.org
PCAPdroid | F-Droid - Free and Open Source Android App Repository
No-root network monitor and traffic dump tool for Android devices
Forwarded from BlackBox (Security) Archiv
Setup for testing Android app vulnerabilities
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
💡 Contents
✅ Choosing a virtualization approach
✅ Setting up Android SDK
✅ Minimal proof of concept Android app
✅ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.
💡 Contents
✅ Choosing a virtualization approach
✅ Setting up Android SDK
✅ Minimal proof of concept Android app
✅ Adding debugging output to the target application
https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/
#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Almost Secure
Setup for testing Android app vulnerabilities
Documenting my setup: Android emulator, minimal Android app and instrumenting the target app via Soot to get debugging info.
Your Dating App Data Might Be Shared With the U.S. Government
When you download a dating app, fill out a profile with some of your most private information, and select “allow app to access location” to locate nearby potential love interests, you may feel a little exposed, but you proceed anyway, in order to find those dates. But there is reason to believe that by using these sites, you may be unknowingly submitting to government tracking—and we can’t know for sure because of all of the secrecy involved with deals that data brokers make with government agencies. It’s yet another demonstration of the need to bring transparency to the data-collection industry.
Dating apps ask users for a variety of highly personal information and retain it indefinitely, potentially forever. This can include photos and videos, text conversations with other users, and information on gender, sexual orientation, political affiliation, religion, desire to have children, location, HIV status, and beyond. Many platforms also collect information regarding preferences in a partner (either through filters or using powerful algorithms that monitor users’ every swipe) and may therefore know about your preferences and deal-breakers with regard to ethnicity, religion, body type, and more. If you connect your dating app with any social media platforms—Facebook and Instagram are common choices—then the dating app company likely also has access to thousands of additional data points, including what kind of content you’ve liked on social media and who you are friends with.
https://slate.com/technology/2021/03/dating-apps-data-brokers-transparency-government.html
#dating #app #us #govt #privacy
When you download a dating app, fill out a profile with some of your most private information, and select “allow app to access location” to locate nearby potential love interests, you may feel a little exposed, but you proceed anyway, in order to find those dates. But there is reason to believe that by using these sites, you may be unknowingly submitting to government tracking—and we can’t know for sure because of all of the secrecy involved with deals that data brokers make with government agencies. It’s yet another demonstration of the need to bring transparency to the data-collection industry.
Dating apps ask users for a variety of highly personal information and retain it indefinitely, potentially forever. This can include photos and videos, text conversations with other users, and information on gender, sexual orientation, political affiliation, religion, desire to have children, location, HIV status, and beyond. Many platforms also collect information regarding preferences in a partner (either through filters or using powerful algorithms that monitor users’ every swipe) and may therefore know about your preferences and deal-breakers with regard to ethnicity, religion, body type, and more. If you connect your dating app with any social media platforms—Facebook and Instagram are common choices—then the dating app company likely also has access to thousands of additional data points, including what kind of content you’ve liked on social media and who you are friends with.
https://slate.com/technology/2021/03/dating-apps-data-brokers-transparency-government.html
#dating #app #us #govt #privacy
Slate Magazine
Your Dating App Data Might Be Shared With the U.S. Government
Dating apps are privy to some of our most personal information.
Forwarded from BlackBox (Security) Archiv
Gamifying Propaganda: Everything You Need to Know about China’s ‘Study Xi’ App
Scoring points by doing Xi-focused quizzes and watching ‘Xi Time’ news: this app takes propaganda to a whole other level.
A new app that encourages China’s online population to study Xi Jinping Thought has made headlines, both in and outside of China. Here’s everything you need to know about this new interactive propaganda tool.
On January 1st, the Xué Xí Qiáng Guó app was launched on various Chinese app stores. The app is an initiative by the Propaganda Department of the Central Committee of the Communist Party, and is linked to the xuexi.cn platform, which was first set up in 2018.
The app has been making headlines in Chinese and English-language media this week. The BBC referred to the app as a “little red book,” and reported that members of the ruling Communist Party, as well as state-owned company employees who are not Party members, have allegedly been required to download and use it on a daily basis (Feb 15).
The Guardian reported that government officials in Fujian province and Qingdao city held workshops last month stressing the political importance of the app, and directing local leaders to promote the app across government departments (Feb 15).
Although some reports claim that the app is making its way to top lists of most downloaded apps in China, it only scored a position 72 in the top 100 list of popular Chinese app store 360app at time of writing. The app store does state that the app has been downloaded 340000 times, with app users rating it with 2,5 stars out of 5. In the Tencent store, the app was downloaded 2,1 million times.
However, these numbers do not necessarily indicate much about the total number of downloads, since the app can be directly downloaded as an APK file from various locations. In the Chinese Apple store, the app is now the number one scoring app in the educational category. The app is only available in Chinese, and is not available from the Google Play store or Apple stores outside of China.
https://www.whatsonweibo.com/gamifying-propaganda-everything-you-need-to-know-about-chinas-study-xi-app/
#china #xi #app #gaming #propaganda #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Scoring points by doing Xi-focused quizzes and watching ‘Xi Time’ news: this app takes propaganda to a whole other level.
A new app that encourages China’s online population to study Xi Jinping Thought has made headlines, both in and outside of China. Here’s everything you need to know about this new interactive propaganda tool.
On January 1st, the Xué Xí Qiáng Guó app was launched on various Chinese app stores. The app is an initiative by the Propaganda Department of the Central Committee of the Communist Party, and is linked to the xuexi.cn platform, which was first set up in 2018.
The app has been making headlines in Chinese and English-language media this week. The BBC referred to the app as a “little red book,” and reported that members of the ruling Communist Party, as well as state-owned company employees who are not Party members, have allegedly been required to download and use it on a daily basis (Feb 15).
The Guardian reported that government officials in Fujian province and Qingdao city held workshops last month stressing the political importance of the app, and directing local leaders to promote the app across government departments (Feb 15).
Although some reports claim that the app is making its way to top lists of most downloaded apps in China, it only scored a position 72 in the top 100 list of popular Chinese app store 360app at time of writing. The app store does state that the app has been downloaded 340000 times, with app users rating it with 2,5 stars out of 5. In the Tencent store, the app was downloaded 2,1 million times.
However, these numbers do not necessarily indicate much about the total number of downloads, since the app can be directly downloaded as an APK file from various locations. In the Chinese Apple store, the app is now the number one scoring app in the educational category. The app is only available in Chinese, and is not available from the Google Play store or Apple stores outside of China.
https://www.whatsonweibo.com/gamifying-propaganda-everything-you-need-to-know-about-chinas-study-xi-app/
#china #xi #app #gaming #propaganda #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag
Whatsonweibo
Gamifying Propaganda: Everything You Need to Know about China’s ‘Study Xi’ App
Scoring points by doing Xi-focused quizzes and watching 'Xi Time' news: this app takes propaganda to a whole other level.
Forwarded from BlackBox (Security) Archiv
Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.
When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.
Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.
“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.
Apple CEO Tim Cook provided similar assurances.
Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.
California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.
But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.
https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt
#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.
When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.
Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.
“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.
Apple CEO Tim Cook provided similar assurances.
Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.
California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.
But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.
https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt
#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv
themarkup.org
Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t – The Markup
Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored
Forwarded from BlackBox (Security) Archiv
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
Background
One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.
Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.
In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.
Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)
This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.
https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html
#google #app #engine #hacked #java #bytcode #exploit
📡 @nogoolag 📡 @blackbox_archiv
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.
Background
One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.
Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.
In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.
Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)
This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.
https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html
#google #app #engine #hacked #java #bytcode #exploit
📡 @nogoolag 📡 @blackbox_archiv
Considerations on Codecrafting
How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit
Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team…
"Heavy blow against organized crime" after criminal "kingmakers" tricked into using FBI-run messaging app
https://www.cbsnews.com/news/anom-app-fbi-criminals-trojan-shield/#app
https://www.cbsnews.com/news/anom-app-fbi-criminals-trojan-shield/#app
CBS News
"Heavy blow against organized crime" after criminal "kingmakers" tricked into using FBI-run messaging app
Eight-hundred arrests, 8 tons of cocaine seized and alleged murders were thwarted in a global operation enabled by criminal gangs discussing their actions on an app secretly run by FBI.
🔴 App download / install / manage
Google PlayStore™ can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )
You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store
Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold
Here are some better alternatives to get and manage Android apps:
🎁 F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034
🎁 Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242
🎁 Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
⚠️ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore
🎁 Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666
🎁 Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases
🎁 App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge
🎁 Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium
🎁 Accrescent
https://accrescent.app
🎁 Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app
🎁 Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid
🎁 apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep
🎁 APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber
🎁 APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror
🎁 ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack
🎁 Kali Nethunter Store
Pentesting apps
https://store.nethunter.com
🎁 Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader
🎁 Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de
🔴 App management
🛠 AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager
🛠 AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden
🛠 /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247
🛠 Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller
🛠 Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor
🛠 OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk
🛠 NeoBackup
https://github.com/NeoApplications/Neo-Backup
🔴 App info
🔬 ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus
🔬 Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy
🔬 App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher
🔬 Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer
📡 @NoGoolag 📡 @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei
Google PlayStore™ can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )
You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store
Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold
Here are some better alternatives to get and manage Android apps:
🎁 F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034
🎁 Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242
🎁 Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
⚠️ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore
🎁 Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666
🎁 Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases
🎁 App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge
🎁 Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium
🎁 Accrescent
https://accrescent.app
🎁 Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app
🎁 Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid
🎁 apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep
🎁 APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber
🎁 APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror
🎁 ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack
🎁 Kali Nethunter Store
Pentesting apps
https://store.nethunter.com
🎁 Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader
🎁 Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de
🔴 App management
🛠 AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager
🛠 AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden
🛠 /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247
🛠 Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller
🛠 Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor
🛠 OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk
🛠 NeoBackup
https://github.com/NeoApplications/Neo-Backup
🔴 App info
🔬 ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus
🔬 Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy
🔬 App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher
🔬 Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer
📡 @NoGoolag 📡 @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei