How Apps on Android Share Data with Facebook - Report

Saturday, December 29, 2018

Previous research has shown how 42.55 percent of free apps on the Google Play store could share data with Facebook, making Facebook the second most prevalent third-party tracker after Google’s parent company Alphabet. In this report, Privacy International illustrates what this data sharing looks like in practice, particularly for people who do not have a Facebook account.
https://privacyinternational.org/report/2647/how-apps-android-share-data-facebook-report

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN

Librefox: Firefox with privacy enhancements

https://github.com/intika/Librefox

Don't kill my app!

Smartphones are turning back into dumbphones. We have to fight back!
To squeeze a little extra battery out of your phone, the Android device vendors listed below (starting with the worst) cripple apps and make them useless.

Smartphones are getting more and more powerful, but the battery capacity is lagging behind. Vendors are always trying to squeeze some battery saving features into the firmware with each new Android release.

But some go so far that they break useful apps just to get a little more juice out of your device. This even gets so absurd that with some vendors (e.g. Nokia, Xiaomi, OnePlus or Huawei) our smart phones are becoming dumbphones again.

👇What you can do against it, manuals for:👇

Nokia: https://dontkillmyapp.com/nokia
OnePlus: https://dontkillmyapp.com/oneplus
Xiaomi: https://dontkillmyapp.com/xiaomi
Huawei: https://dontkillmyapp.com/huawei
Meizu: https://dontkillmyapp.com/meizu
Sony: https://dontkillmyapp.com/sony
Samsung: https://dontkillmyapp.com/samsung
HTC: https://dontkillmyapp.com/htc
LG: https://dontkillmyapp.com/lg
StockAndroid: https://dontkillmyapp.com/stock_android
Uniherz: https://dontkillmyapp.com/unihertz

Source: https://dontkillmyapp.com/
GitHub: https://github.com/urbandroid-team/dont-kill-my-app

#battery #tips #tricks #guide

FilesLocker Ransomware Decrypter

FilesLocker Decrypter is a ransomware decryptor created by Michael Gillespie that decrypts files encrypted by the FilesLocker Ransomware. This decrypter works with version v1 and v2 of the ransomware.

In order to use this decrypter, users must have a copy of the ransom note for the infected system as it contains the encrypted decryption key. This decryption key will be decrypted and used to decrypt a victim's files for free.

More information about the FilesLocker Ransomware can be found at this URL: https://www.bleepingcomputer.com/news/security/new-fileslocker-ransomware-offered-as-a-ransomware-as-a-service/
A detailed guide on using the decryptor can be found here: https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-fileslocker-ransomware-with-fileslockerdecrypter/
FilesLocker Decrypter Download: https://www.bleepingcomputer.com/download/fileslockerdecrypter/dl/378/ for: Windows XP/Vista/7/8/Windows 10
32-bit program. Can run on both a 32-bit and 64-bit OS.
Read this guide in german: https://t.iss.one/cRyPtHoN_INFOSEC_DE/1559

#FilesLocker #Malware #Ransomware #Decrypter #download #guide #Windows

UnCaptcha2 manages to bypass Google's reCAPTCHA system

New iteration of unCaptcha overcomes Google's enhancements making it "easier than ever before" to fool reCAPTCHA, claim researchers

The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.

UnCaptcha was developed in 2017 by researchers at the University of Maryland to bypass the reCAPTCHA mechanism used to protect websites from automated account creation. The system achieved 85 percent accuracy defeating Google's ReCaptcha.

https://www.scmagazineuk.com/uncaptcha2-manages-bypass-googles-recaptcha-system/article/1522085

https://github.com/ecthros/uncaptcha2

Read Via Telegram

📡@cRyPtHoN_INFOSEC_EN

DNS Watch
84.200.69.80
resolver1.dns.watch
No Logging, DNSSEC enabled

84.200.70.40
resolver2.dns.watch
No Logging, DNSSEC enabled

2001:1608:10:25::1c04:b12f
resolver1.dns.watch
Explicit v6 FQDN: resolver1v6.dns.watch
No Logging, DNSSEC enabled

2001:1608:10:25::9249:d69b
resolver2.dns.watch
Explicit v6 FQDN: resolver2v6.dns.watch
No Logging, DNSSEC enabled


Uncensored DNS

DNS Servers
anycast.censurfridns.dk

91.239.100.100
2001:67c:28a4::

Anycast from multiple locations.

unicast.censurfridns.dk

89.233.43.71
2a01:3a0:53:53::

This node is hosted at AS9167 in Copenhagen, Denmark.
https://blog.uncensoreddns.org


#dns

https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620


#why #fb #dust #lens

MysteriumVPN Free VPN

❗️2 Trackers (Google)
❗️10 Authorizations

👉 Exodus Privacy Report: https://reports.exodus-privacy.eu.org/en/reports/52142/

👉 Privacy policy Mysterium Network:
https://mysterium.network/privacy-policy/

⚠️Financed by advertising, places trackers, records the use and surfing behavior of the user on the Internet and then sells these your data.

👉 See screenshot: https://t.iss.one/BlackBox_Security_Datenschutz_DE/3400

👉Verdict: Do not use it.👈

#Privacy #VPN #Tracking #Google #advertising #Tracking

In January, the EU is launching bug bounties on Free Software projects to increase the security of the Internet!

It’s been a while since I last wrote about the Free and Open Source Software Audit project, FOSSA, so let me start with a quick recap that you can safely skip if you’re already familiar with the project.
What happened so far

In 2014, security vulnerabilities were found in important Free Software projects. One of the issues was found in the Open Source encryption library OpenSSL. This type of software is called a library because it provides standard functions to a huge number of other softwares. And they subsequently suffered from the issue.
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/

Read Via Telegram HERE and HERE

📡@cRyPtHoN_INFOSEC_EN

AOSDP FIRST TEST BUILD FOR WHYRED [ 08.01.19 ]
By - The Spartann & AOSDP team

⚡️ Android Version - 9.0 Pie
⚡️ XDA Link - SOON
⚡️ Download Link - HERE

@Whyredcloud ™| channel
@Rn5pofficial | Group

⚙ Changelog -
- First Build
- It's a whole new ROM so do support their work and the first release is for WHYRED luckily

Test and report HERE in official AOSDP group

📊 Smokescreen DOH (DNS over HTTPS) Server App
As the name Smokescreen is unfortunately already taken in the Playstore, here the survey once more completely new and based only on your suggestions.
Also, please check first if the name you want to suggest is not already used by another app in the Playstore, otherwise it is not a real option for this poll.

Charon [10]

NebuloDOH [30-50]

Smokescreen DoH [4]

TrumpDNS [15-20]

DoHnut [10-15]

youDoH [1]

AvocaDoH [2]

Secure Me - DOH [5]

Eto dns [0]

DoHgo(doggo/doh go) [2]

Efficacious Planning [1]

Camo [1]

EncDNS [0]

👥 50-100 Leute haben bis jetzt abgestimmt

TWIF 2019 Week 1

https://f-droid.org/en/2019/01/05/twif-37-the-european-bug-bounty-edition.html

Tor vs I2P Review

Tor and I2P are the main privacy routing networks that we have to hide IP addresses other than basic VPN connections. There are other projects too but they are either new or not that popular so they are less effective as anonymity scales by the number of users. I am going to give my honest opinion and compare the two:

✴️I2P Features:

✅Designed for hidden services which are faster and more efficent than Tor (1)
✅Distributed, P2P, decentralized and self organizing (2)
✅Packet switch instead of circuit switch, provides higher level of anonymity
✅Unidirectional tunnels, doubling the security / node than Tor
✅Tunnels are shorter lived than Tor
✅All peers participate in the network 🚩🚩 (3)
✅Bandwidth requirement is low
✅Built in Java 🚩🚩🚩🚩🚩🚩🚩🚩(4)
✅Free and Open Source

(1) I am not sure whether the onionv3 system would be more superior than this. While Tor wasn't designed for hidden services and it's just a plugin, with the onionv3 system it's getting there.

(2) Although it's much more decentralized than Tor, their claims are misleading. They still have directory servers and I guess the development team has a lot of power over the project, it's not like a blockhain which is fully decentralized, so this is misleading. Though it's more decentralized than Tor in either case.

(3) This makes I2P use very risky, especially connecting to it directly, as if somebody is doing something illegal, it would put every node there in danger and suspects of that same crime. Police I guess is not well experienced with this ,and due to the low user count ,this makes it very dangerous to use. Though connecting to I2P from Tor or from a VPN is less risky.

(4) Java is a very flawed language with a history security bugs, and the way the website mocks C in favor of Java makes them look ridiculous. This is a massive red flag for me.

✴️Tor Features:

✅More users hence bigger haystack of anonymity
✅More security audits and academic reviews on it
✅Has solved the scaling issue
✅Centralized 🚩🚩🚩🚩 (1)
✅Has more funding and workforce working on it
✅Is censorship resistant, it doesn't assume clear access to internet lik I2P (2)
✅Adaptive to DDOS attacks
✅Higher degree of plausible deniability and smaller risk of usage
✅Low usage of resources on clients but big usage on servers 🚩🚩 (3)
✅High bandwidth throughput reaching the throughput level of an average VPN service
✅Free and Open Source
✅Supposedly resistant to Sybil attacks (4)

(1) This is a big problem, the development and the infrastructure is very centralized, which would increase the risk of it being shutted down or censored, as it has a few points of failure. I think about 9 directory nodes exist now, which means that blocking only those 9 IP addresses worldwide would cripple the network. The use of bridges and proxies can help, but this issue needs to be addressed.

(2) While I2P assumes that you can connect to the internet, Tor assumes that you are censored, which is better. Tor has a bridge feature which allows to bypass any censorship other than total blocking of the internet. It can connect even through a HTTP proxy and it molds the traffic to be hard to distinguish from normal browsing by packet inspection. Though I2P can be used through Tor, so it's not a big drawdown, Tor still needs to do this, so perhaps the two systems complement eachother.

(3) It's balanced towards higher user experience by outsourcing the work to servers, but this increases centralization which is not good.

(4) It is supposedly resistant against Sybil by it's mechanism is picking trusted nodes, but due to it's centralized nature, operators could be coerced or coopted to become informants, so I don't think this works as well as advertised.

✴️Conclusion and more infos at: https://www.reddit.com/r/privacy/comments/8naaw8/tor_vs_i2p_review/
✴️ I2P Website: https://geti2p.net/en/
✴️ Tor Website: https://www.torproject.org/
✴️ Read in german language: https://t.iss.one/cRyPtHoN_INFOSEC_DE/1678
#Tor #I2P #Review

Darkness-Kernel Manager Updates

Changelogs

- CPU Input Boost/MSM Limiter: use correct ApplyOnBoot id
- Add BCL Low Battery Value tunable

https://github.com/DarknessMod/Kernel-Manager

#dc

⚠️ES File Explorer Android

With more than 100,000,000 downloads ES File Explorer is one of the most famous Android file manager.

The surprise is: if you opened the app at least once, anyone connected to the same local network can remotely get a file from your phone. https://mobile.twitter.com/fs0c131y/status/1085461301588094976?p=v

❗️Technically, everytime a user is launching the app, a HTTP server is started. This server is opening locally the port 59777. On this port, an attacker can send a JSON payload to the target

Video Youtube: 🔽🔽🔽
https://youtu.be/z6hfgnPNBRE

#Android #FileManager #ES #FileExplorer #JSON #payload

microG will get funded by Prototypefund

https://prototypefund.de/project/microg/

microg

Marvin Wißfeld 
#Infrastructure #round 5

What problem do you want to solve with your project?

microG is a project that allows Android apps that actually use Google Play services to run without them. The Google Play services are a non-open extension of the Android operating system, which is preinstalled on most modern Android smartphones. Many apps use these services and work without them or worse. With microG it is possible to fully use these apps even if you remove Google Play services from your smartphone. In doing so, the user can select exactly which services Google wants to use, while private data is in any case disguised.As part of this project, microG will be expanded to include support for smartwatches with Android Wear and the card function will be completely redesigned.

How does your project solve the problem?

microG currently consists of a number of modules whose technical structure is defined by Google's given interfaces. These interfaces need to be reverse-engineered because Google has not publicly documented them. As soon as Google makes changes to the interfaces or adds functions, they must also be implemented accordingly in microG, which requires ongoing maintenance. Of course, it's not enough just to know the interfaces, because often behind them a complex function is hidden. 
The function for displaying maps (originally with Google Maps) is to use a library of MapBox. 
To support Android Wear, the logic and communication with the smartwatch must be completely self-developed. It is planned to work with GadgetBridge, whose app can already drive some simple smartwatches and is completely open source.

Who is your tool aimed at?

microG is for those who are unwilling to share their private data with Google or Apple, but still want to use any apps they need for social participation. Since the installation of microG on many smartphones is not readily possible, a person with technical know-how is required.After successful setup and introduction, however, everyone can use microG and keep it up to date.