Post ArBCa1vmFSwuq4cMGu by zymurgic@mastodon.online
(DIR) More posts by zymurgic@mastodon.online
(DIR) Post #ArAel4lud5nUOT6CLQ by foone@digipres.club
2025-02-16T08:47:28Z
0 likes, 0 repeats
I'm looking into this Android System SafetyCore thing, because I'm not convinced there's anything actually there and it's not just another version of that old email chain letter about deleting some EXE from system32 because it was spying on you or something
(DIR) Post #ArAexGUKtSwKCsgpuK by foone@digipres.club
2025-02-16T08:49:30Z
0 likes, 0 repeats
this one:https://en.wikipedia.org/wiki/Jdbgmgr.exe_virus_hoax
(DIR) Post #ArAf5J8GwkmuixClIO by foone@digipres.club
2025-02-16T08:50:49Z
0 likes, 0 repeats
and google's apk transparency says it's "an Android system component that provides privacy-preserving on-device user protection infrastructure for apps."https://developers.google.com/android/binary_transparency/google1p/overview
(DIR) Post #ArAf9aETJMCmuv8xFY by foone@digipres.club
2025-02-16T08:51:43Z
0 likes, 0 repeats
an internal name seems to be "Persephone" which doesn't seem to be publicly mentioned anywhere
(DIR) Post #ArAfKMTSnv6xQrIMMK by foone@digipres.club
2025-02-16T08:53:48Z
0 likes, 0 repeats
I'm reasonably sure the "it is supposed to blur nudes with an on-device AI!" bit is wrong. I searched through the deassembly for any calls you'd expect if it looks at images, and found nothing. I don't think this thing does that.
(DIR) Post #ArAfXuaFIVeKz8vdYG by foone@digipres.club
2025-02-16T08:56:19Z
0 likes, 0 repeats
it talks to ondevicesafety-pa.googleapis.comthe thread I found searching that is people talking about rooted phones not able to use certain apps, like google wallet.I think this is just a device integrity framework to allow apps to go "nah, this phone is rooted, I don't wanna run"
(DIR) Post #ArAgGxv3k4qmMV9CG8 by foone@digipres.club
2025-02-16T09:04:19Z
0 likes, 0 repeats
hades and persephone, it seems:com.google.android.libraries.abuse.hades.safetycore
(DIR) Post #ArAiECV5H1Xgcjo5tQ by AndiPopp@chaos.social
2025-02-16T09:26:17Z
0 likes, 0 repeats
@foone It was installed on my phone. Automatically but not as quiet, as I do have that MIUI virus scanner. I had to uninstall it. So I can tell you: it's real.
(DIR) Post #ArAiLOjMCTxsa9un3o by foone@digipres.club
2025-02-16T09:27:41Z
0 likes, 0 repeats
it is definitely doing the kind of integrity metrics you'd expect, like reporting crashes back to google
(DIR) Post #ArAig00BKtC5y8bl4q by foone@digipres.club
2025-02-16T09:31:24Z
0 likes, 0 repeats
fun fact: java obfuscators don't check for dirty words!sadly, the cum{} class was empty
(DIR) Post #ArAiixvbVErUPDshUG by foone@digipres.club
2025-02-16T09:31:54Z
0 likes, 0 repeats
and can I say it's a got a CVE in it, if there's a cve{} class?
(DIR) Post #ArAj6J358vcqZRVbXM by ppxl@social.tchncs.de
2025-02-16T09:36:05Z
0 likes, 0 repeats
@foone unlike the Atlassian server ID generator which in turn has a very limited selection.BUT it includes also non-english swear words
(DIR) Post #ArAj9ifgKqsGuGBuUq by foone@digipres.club
2025-02-16T09:36:20Z
0 likes, 0 repeats
"Package %s cannot be registered both with and without stickyAccountSupport"are you telling me some google accounts are marked as STICKY?
(DIR) Post #ArAjEFRYQnXThok5zM by foone@digipres.club
2025-02-16T09:37:34Z
0 likes, 0 repeats
I'm apparently on Safetycore__build_id_6222725286390552415
(DIR) Post #ArAjcUJMnv2ulfTHOa by cyanautik@infosec.exchange
2025-02-16T09:41:52Z
0 likes, 0 repeats
@foone 👀 interesting naming scheme.I deleted it and haven't noticed much difference since the latest system update.
(DIR) Post #ArAjzATaiUe3uX4IXA by cyanautik@infosec.exchange
2025-02-16T09:46:01Z
0 likes, 0 repeats
@foone some banking apps won't run either. idk what else has issues at this point.
(DIR) Post #ArAkESXFr6rQGQ4brM by foone@digipres.club
2025-02-16T09:48:49Z
0 likes, 0 repeats
it checks if you're using the "robolectric" build fingerprint, on the "goldfish" or "ranchu" hardware, with a build type of "eng" or "userdebug"
(DIR) Post #ArAkKhKtjvvPuAGhpQ by foone@digipres.club
2025-02-16T09:49:57Z
0 likes, 0 repeats
com.google.common.flogger.util.StackWalkerStackGetterflogger is an interesting name. is this a BDSM app?
(DIR) Post #ArAkO09eEHjX8da7Fo by foone@digipres.club
2025-02-16T09:50:27Z
0 likes, 0 repeats
ahh, it's their logging API:https://github.com/google/floggerthere's a obfuscated version of an opensource API. so silly
(DIR) Post #ArAkRRY8pct2yHgBVI by mkoek@mastodon.nl
2025-02-16T09:50:32Z
0 likes, 0 repeats
@foone yes :)
(DIR) Post #ArAlLAnWIn5ZEURkeG by foone@digipres.club
2025-02-16T10:01:13Z
0 likes, 0 repeats
another internal codename is "primes", which seems to be a performance measurement system
(DIR) Post #ArAlcYtpwefcuFh19s by lritter@mastodon.gamedev.place
2025-02-16T10:04:21Z
0 likes, 0 repeats
@foone flogger is a game where you play a paddle trying to cross a darkroom by hopping from butt to butt
(DIR) Post #ArAlfagBmfSZIMklzE by foone@digipres.club
2025-02-16T10:04:56Z
0 likes, 0 repeats
I hope the google engineer who obfuscated this can reclaim that 3-letter slur
(DIR) Post #ArAlsscSOa54hPLQZM by foone@digipres.club
2025-02-16T10:07:12Z
0 likes, 0 repeats
the apk contains only 1 gec
(DIR) Post #ArAmbEDNSu1OPylEH2 by foone@digipres.club
2025-02-16T10:15:19Z
0 likes, 0 repeats
yeah, no. I'm done skimming all the code. This is not an AI censor-app, this is a security framework
(DIR) Post #ArAmonfSxlCI8dN2Jc by narek@fosstodon.org
2025-02-16T10:17:45Z
0 likes, 0 repeats
@foone that looks like an emulator check, I believe goldfish and ranchu are different versions of Android Studio's built-in emulator, while robolectric is a test framework developed and used by Google
(DIR) Post #ArAn2kmoTO2fFuScMK by firefly@frogs.lgbt
2025-02-16T10:20:19Z
0 likes, 0 repeats
@foone reminds me I wanted to make something to aid in reversing/unpacking such (although, in my case more focused on JS-bundle apps, but same idea)the general idea being to hash the content/body of files in an identifier-agnostic way and then match it against a database of similarly hashed major FOSS projects' files (or classes for Java), and substitute the FOSS libraries' code that way
(DIR) Post #ArAnRqiLZP18seL1QO by foone@digipres.club
2025-02-16T10:24:50Z
0 likes, 0 repeats
@firefly yeah, that'd be handy!
(DIR) Post #ArAnveVpV73Piyh7Ts by foone@digipres.club
2025-02-16T10:30:15Z
0 likes, 0 repeats
mmm. wait. I found tensorflow. It's running some kind of GPU-backed tensor flow as part of libtartarus
(DIR) Post #ArAoGlEjhAAKf1lS4W by matt@proud.social
2025-02-16T10:33:57Z
0 likes, 0 repeats
@foone The TL for Flogger is a nice guy and should be beatified as a patron saint of codebase cleanup.
(DIR) Post #ArAoJrFPnqnAAjYhmq by foone@digipres.club
2025-02-16T10:34:20Z
0 likes, 0 repeats
it's got openCV in it, so it's definitely doing something image-based.
(DIR) Post #ArAotFISNgrStVr78C by foone@digipres.club
2025-02-16T10:40:56Z
0 likes, 0 repeats
some strings match the ODAD apk for the Pixel3, which is the on-device malware detection.Maybe they're detecting URLs in images?
(DIR) Post #ArAowVLHBH8pWkjDZQ by foone@digipres.club
2025-02-16T10:41:08Z
0 likes, 0 repeats
the models are downloaded at runtime, so I don't have them here to test against
(DIR) Post #ArApHktsX0MHrS2wqm by foone@digipres.club
2025-02-16T10:45:23Z
0 likes, 0 repeats
@noiob stated where and by who?
(DIR) Post #ArApt5U2xwECPilVUO by foone@digipres.club
2025-02-16T10:52:07Z
0 likes, 0 repeats
@noiob thanks
(DIR) Post #ArApyOvO70aI9n5UHY by foone@digipres.club
2025-02-16T10:53:08Z
0 likes, 0 repeats
@noiob pointed me at this, which does indicate they're going to be doing some nudes-detection. So this may very well be a nude-detector! https://www.androidauthority.com/google-messages-nudes-3499420/
(DIR) Post #ArAqDbzvmvX52xSvmi by bgergely0@mastodon.social
2025-02-16T10:55:53Z
0 likes, 0 repeats
@foone what a plot twist!
(DIR) Post #ArAqVnaPRRM6CSCTbs by foone@digipres.club
2025-02-16T10:59:07Z
0 likes, 0 repeats
I'll have to pull this library out and see if I can show it images
(DIR) Post #ArArtPtPHkTLcTub9k by gunstick@mastodon.opencloud.lu
2025-02-16T11:14:30Z
0 likes, 0 repeats
@foone it is a local service other apps can use to scan content for spam and porn. It runs on the local AI of the phone.
(DIR) Post #ArAs7Z1u6vMq0ndGeu by philpem@digipres.club
2025-02-16T11:17:04Z
0 likes, 0 repeats
@foone Hell and the Queen of the Underworld...
(DIR) Post #ArAsEFXQyga1aTZIHY by philpem@digipres.club
2025-02-16T11:17:45Z
0 likes, 0 repeats
@foone The King and Queen of the Underworld... no wonder people are suspicious (half joking here)
(DIR) Post #ArAtpYoKNzTW1ppDv6 by yildo@cosocial.ca
2025-02-16T11:36:17Z
0 likes, 0 repeats
@foone Unrelated: There's a Ruby linter called Flog that reports how tortured and pained a codebase is https://github.com/seattlerb/flog
(DIR) Post #ArAvuOebmA1vssiFma by ppxl@social.tchncs.de
2025-02-16T11:59:32Z
0 likes, 0 repeats
@foone @noiob ah yes ofc more images scanning and data retaining ðŸ˜
(DIR) Post #ArAxAjModIk4iCk7s0 by old_angry_queer@girlcock.club
2025-02-16T12:13:39Z
0 likes, 0 repeats
@foone hotdog or penis app
(DIR) Post #ArAybyup22YWhwCuY4 by mattmcirvin@mathstodon.xyz
2025-02-16T12:29:50Z
0 likes, 0 repeats
@foone a Charged Vacuum Emboitment. Call the Doctor
(DIR) Post #ArB1cwK6SGwoouBGgi by ozzelot@mstdn.social
2025-02-16T13:03:35Z
0 likes, 0 repeats
@foone @noiob i hear they're gonna be doing that scanning that apple ended up not doing because of public outcry
(DIR) Post #ArB1stVegSpoj8BxVA by deoxys314@ohai.social
2025-02-16T13:06:31Z
0 likes, 0 repeats
@foone Classic order-of-magnitude error
(DIR) Post #ArB8PVz7li4N30uiFE by MissGayle@urbanists.social
2025-02-16T14:19:39Z
0 likes, 0 repeats
@foone It's just camouflage for permission to AI crawl and data mine the content of photos in your emails. You get that, right?
(DIR) Post #ArBBPgYImMGLgU8mVU by gkrnours@mastodon.gamedev.place
2025-02-16T14:53:15Z
0 likes, 0 repeats
@foone if I can disable a service to make apps believe I have a rooted phone, I'm all for it
(DIR) Post #ArBCa1vmFSwuq4cMGu by zymurgic@mastodon.online
2025-02-16T15:06:20Z
0 likes, 0 repeats
@foone if they wanted you to know what it did, they wouldn't have obfuscated the code and all the source would be in the android open source repo rather than closed source magic Google voodoo.
(DIR) Post #ArBTb2TPPpKS21PosS by RueNahcMohr@infosec.exchange
2025-02-16T18:17:01Z
0 likes, 0 repeats
@foone @noiob I wonder what kinda false-detects that will end up having...