this post was submitted on 01 Oct 2023
35 points (92.7% liked)

Sync for Lemmy

15187 readers
17 users here now

๐Ÿ‘€


Welcome to Sync for Lemmy!

Download Sync for Lemmy


Welcome to the official Sync for Lemmy community.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Community Rules


1- No advertising or spam.

All types of advertising and spam are restricted in this community.



Community Credits

Artwork and community banner by: @[email protected]


founded 2 years ago
MODERATORS
 

Looks like a massive vulnerability has been discovered, basically affecting any apps with web browsing functionality. Was interested in seeing how this affects Sync (including the old Sync for Reddit app I guess too, which is still being used out there and won't get any needed security patches).

It sounds like a fix should be in the Android OS security patch for October, but not sure if that protects individual apps at risk still

top 4 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 11 points 1 year ago (2 children)

Android has its own media player APIs, you just have to tell it what to play and give it a place in the UI for the player canvas. You can even design your own controls for it.

When you open a webpage in Sync, that's an embedded web browser also provided by Android.

It's unlikely that Sync links to libwebp directly.

The Sync for Reddit app isn't usable anymore as it can no longer access the Reddit API. All you get are errors when you try to use it now.

[โ€“] [email protected] 4 points 1 year ago (1 children)

The Sync for Reddit app isn't usable anymore as it can no longer access the Reddit API. All you get are errors when you try to use it now.

There is a ReVanced patch to spoof the current client with a different oAuth token to work around tye API restrictions.

https://revanced.app/patches?pkg=com.laurencedawson.reddit_sync

[โ€“] TakingOnWater 3 points 1 year ago

Yeah most of the old reddit browsers for Android seem to have a patch like this. Obviously they're no longer intended for use by the developers, but for anyone using them it would probably be good to know whether they will be forever at risk to a vulnerability like this.

[โ€“] TakingOnWater 4 points 1 year ago

Thanks for the explanation! Hopefully that's the case here then with Sync. Still hoping @[email protected] can confirm one way or another.