Android

17567 readers

247 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: [email protected]

For fresh communities, lemmy apps, and instance updates: [email protected]

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to [email protected].
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to [email protected].
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

See thread

Chat and More

founded 1 year ago

MODERATORS

[email protected]

Devgard

[email protected]

Use Case: Bypassing In-App Purchase By Payment Client-Side Validation (secfathy0x1.medium.com)

submitted 3 days ago by sv1sjp to c/[email protected]

4 comments fedilink hide all child comments

top 4 comments

sorted by: hot top controversial new old

[–] [email protected] 4 points 2 days ago

Tagged as a bug bounty?

The guy wanted a bug bounty on something like this?

Like if he discovered now that software can be cracked??

Of course they weren't interested, all the software is crackable. Even if the dev wasted one week of dev time to implement server side validation, then the for the cracker doesn't change anything, they patch the server check to reverse the logic. Ok it's a bit harder but if it's worth, determined crackers will take the challenge.

Look at denuvo and the thousands of online checks, all defeated eventually.

[–] [email protected] 4 points 2 days ago

Initial Response from the Company After informing the company of the vulnerability affecting File Manager: File Explorer (used by over 10M+ users), the company responded that it does not consider the issue a problem and has not taken steps to resolve it

Considering the miniscule number of people who would even attempt this. They do not bother which is good. Not worth the time to waste on this.

[–] [email protected] 1 points 2 days ago (1 children)

The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?

[–] [email protected] 2 points 2 days ago

Mostly nothing, but it's enough to stop fully automated patching/modding the Playstore like Lucky Patcher does