#app (SharpApp).

A #app with cutting edge technology to minimize windows-10 telemetry and maximize privacy plus many more

SharpApp is a free and portable tool building upon a PowerShell engine and community powered script files for disabling telemetry functions in Windows 10, uninstalling preinstalled apps, installing software packages and automating Windows tasks with integrated PowerShell scripting.

https://github.com/mirinsoft/sharpapp

https://www.mirinsoft.com/ms-apps/sharpapp

📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@NoGoolag

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data.

The investigation, led by Bob Diachenko from Security Discovery in partnership with Comparitech, is the result of an analysis of 15,735 Android apps, which comprise about 18 percent of all apps on Google Play store.

"4.8 percent of mobile apps using Google Firebase to store user data are not properly secured, allowing anyone to access databases containing users' personal information, access tokens, and other data without a password or any other authentication," Comparitech said.

👀 The full contents of the database, spanning across 4,282 apps, included:

‼️ Email addresses: 7,000,000+
‼️ Usernames: 4,400,000+
‼️ Passwords: 1,000,000+
‼️ Phone numbers: 5,300,000+
‼️ Full names: 18,300,000+
‼️ Chat messages: 6,800,000+
‼️ GPS data: 6,200,000+
‼️ IP addresses: 156,000+
‼️ Street addresses: 560,000+

👉🏼 Read more:
https://thehackernews.com/2020/05/android-firebase-database-security.html

#android #app #google #playstore #firebase #database #security #breach #leak
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

India's Contact Tracing App Is All But Mandatory. So This Programmer Hacked It So That He Always Appears Safe.

A software engineer from Bangalore was worried about being forced to download Aarogya Setu. So he ripped its guts out.

For days, Jay, a software engineer in Bangalore, watched with mounting alarm as people in India were forced to install the government’s coronavirus contact tracing app. Then, he rolled up his sleeves and ripped its guts out.

“I didn’t like the fact that installing this app is slowly becoming mandatory in India,” said Jay, who requested a pseudonym to speak freely. “So I kept thinking of what I could personally do to avoid putting it on my phone.”

Jay started work at 9 a.m. on a Saturday. He chopped away at the app’s code to bypass the registration page that required people to sign up with their cellphone numbers. More pruning let him bypass a page that requested personal information like name, age, gender, travel history, and COVID-19 symptoms. Then, he carved away the permissions that he viewed as invasive: those requiring access to the phone’s Bluetooth and GPS at all times

By 1 p.m., the app had become a harmless shell, collecting no data but still flashing a green badge declaring that the user was at low risk of infection.

“That was my goal,” said Jay. “I succeeded. You can show the green badge to anyone if they ask to check your phone and they won’t be able to tell.”

👉🏼 Read more:
https://www.buzzfeednews.com/article/pranavdixit/india-aarogya-setu-hacked

#hacked #india #coronavirus #tracing #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

EU-funded COVID-19 app ‘listens to voices and coughs’

A recently launched EU-funded mobile application records users’ breathing and coughing to diagnose cases of COVID-19, scientists involved in the project have said.

The initiative, which has been developed by researchers at Cambridge University and partially funded by the European Research Council through Project EAR, aims to build up a large, crowdsourced dataset in order to develop machine learning algorithms to be used in automatic disease detection.

It will collect demographic and medical information from users, in addition to “spoken voice samples, breathing and coughing samples through the phone’s microphone.”

In an attempt to allay privacy fears, researchers say that the app will collect ‘one coarse grain location sample’ but that it would not track users, only recording location data once when are actively using the software.

“The data will be stored on University servers and be used solely for research purposes,” the university added.

“There are very few large datasets of respiratory sounds, so to make better algorithms that could be used for early detection, we need as many samples from as many participants as we can get,” said Professor Cecilia Mascolo from Cambridge’s Department of Computer Science and Technology, the lead team on the app.

“Even if we don’t get many positive cases of coronavirus, we could find links with other health conditions.”

👉🏼 Read more:
https://www.euractiv.com/section/digital/news/eu-funded-covid-19-app-listens-to-voices-and-coughs/

#coronavirus #eu #tracing #tracking #app #privacy #surveillance
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Report: Indian e-Payments App Exposes Millions of Users in Massive Data Breach

Led by Noam Rotem and Ran Locar, vpnMentor’s research team discovered a massive amount of incredibly sensitive financial data connected to India’s mobile payment app BHIM that was exposed to the public.

The website was being used in a campaign to sign large numbers of users and business merchants to the app from communities across India. All related data from this campaign was being stored on a misconfigured Amazon Web Services S3 bucket and was publicly accessible.

The scale of the exposed data is extraordinary, affecting millions of people all over India and exposing them to potentially devastating fraud, theft, and attack from hackers and cybercriminals.

👀 Data Breach Summary 👀

Company/Website: http://cscbhim.in/
Located: India
Industry: Mobile banking; e-payments; personal finance
Size of data in gigabytes: 409 GB
Suspected no. of records: ~7.26 million
No. of people exposed: Millions
Geographical scope: Nationwide across India
Types of data exposed: PII data
Potential impact: Identity theft, fraud, theft, viral attacks
Data storage format: AWS S3 bucket

👉🏼 Read more:
https://www.vpnmentor.com/blog/report-csc-bhim-leak/

#BHIM #india #data #brach #leak #epayment #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv

Germany’s Corona-Warn-App: Frequently Asked Questions
https://www.eff.org/deeplinks/2020/06/germanys-corona-warn-app-frequently-asked-questions
---
Die deutsche “Corona-Warn-App” - Frequently Asked Questions
https://www.eff.org/de/deeplinks/2020/06/germanys-corona-warn-app-frequently-asked-questions


#Germany #coronavirus #app #tracking

Google removes Android app that was used to spy on Belarusian protesters

App mimicked a popular anti-government news site and collected location and device owner details.

Google has removed this week an Android app from the Play Store that was used to collect personal information from Belarusians attending anti-government protests.

The app, named NEXTA LIVE (com.moonfair.wlkm), was available for almost three weeks on the official Android Play Store, and was downloaded thousands of times and received hundreds of reviews.

To get installs, NEXT LIVE claimed to be the official Android app for Nexta, an independent Belarusian news agency that gained popularity with anti-Lukashenko protesters after exposing abuses and police brutality during the country's recent anti-government demonstrations.

https://www.zdnet.com/article/google-removes-android-app-that-was-used-to-spy-on-belarusian-protesters/

#Europe #Belarus #Google #spy #protesters #app #surveillance

Locking down Signal

Concerned about the privacy and security of your communications? Follow our guide to locking down Signal.

The encrypted messaging app, Signal, is quickly becoming a newsroom staple for communicating with sources, accepting tips, talking to colleagues, and for regular old voice calls and messages. While it’s a practical tool for anyone concerned with the security and privacy of their conversations, people working in newsrooms are particularly interesting targets, and should benefit from locking down Signal.

💡 (If you’re not yet using it, learn how to get started here.)

Signal makes it easy to have a secure conversation without thinking about it. On its face, it looks and feels identical to your default text messaging app, but security experts so often recommend it because of what it does in the background.

First, Signal offers end-to-end encryption, meaning only conversational participants can read the messages. While regular phone calls or text messages allow your phone company to unscramble your conversations, even the team behind Signal can’t listen to them. You don’t need to take their word for it. Signal is open source, meaning the code is available for anyone to review. This also makes security audits simpler for independent specialists, who have torn apart the code and published findings that everything works as intended. Finally, Signal retains nearly no metadata — information about who spoke to whom, and when. (The developers proved as much in court.)

These are some of the advantages you want in an encrypted messaging app.

Because newsrooms can attract a lot of attention, journalists who already use Signal should consider hardening it against physical access, as well as unwanted remote access and network-based eavesdropping. So let’s talk about how.

👀 👉🏼 https://freedom.press/training/locking-down-signal/

#signal #encrypted #messaging #app #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Bing mobile apps suffered a data leak, leaking 6.5TB of search data

Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.

Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.

The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:

✅ Search terms (excluding any searches in ‘private’ mode)

✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)

✅ Date and time of the search

✅ Firebase notification tokens

✅ Coupon data

✅ Partial list of the URLs visited by the user from the search results

✅ Device model

✅ Operating system

✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash

None of the data was encrypted.

https://www.onmsft.com/news/microsoft-bing-data-leak

#Microsoft #Bing #mobile #app #dataleaks

Police told not to download NHS Covid-19 app

The National Police Chiefs Council (NPCC) has confirmed officers are being told not to install the NHS Covid-19 app on their work smartphones.

The app detects when users have been in proximity to someone with the virus.

Some officers have also been told they may not need to obey self-isolate alerts generated by the app when downloaded to their personal phones.

Lancashire Constabulary has told staff to call the force's own Covid-19 helpline instead.

The BBC contacted the North-West of England force after a source claimed the advice had been given because of "security reasons".

The source also said officers had been told not to carry their personal phones while on duty if they had activated the app.

This applies to staff working in public-facing roles as well as those in back-office positions.

https://www.bbc.com/news/technology-54328644

#Europe #UK #police #covid #app

Aarogya Setu Data Privacy Ignored: RTI Exposes Major Govt Lapses

RTI replies from National Informatic Centre reveal Government of India’s failure to implement measures to secure private data of over 160 million Indians collected by the COVID-19 tracing app, Aarogya Setu. The govt announced a data protection and audit protocol for Aarogya Setu, but even 6 months later, it has failed to act on most of its key aspects.

📺 https://www.youtube.com/watch?v=8ldFm2CEqqA

#india #gov #rti #covid #tracing #app #data #protection #video
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Israeli Spy Tech Firm Says It Can Break Into Signal App Previously Considered Safe From Hacking

Cellebrite claims its tech can now crack Signal, which is regarded as the most encrypted app and is commonly used by journalists to communicate with sources

Israeli phone-hacking firm Cellebrite can now break into Signal, an encrypted app considered safe from external snooping, it claimed in a blog post on Thursday. Meanwhile, a U.S. report revealed Friday that American school districts have also bought the firm’s technology.

Cellebrite’s phone-hacking technology is intended for law enforcement agencies and is sold across the world. However, critics have long slammed the company for selling its wares to states with poor human rights records, from Indonesia and Venezuela to Belarus and Saudi Arabia.

https://www.haaretz.com/israel-news/tech-news/.premium-israeli-spy-tech-firm-says-it-can-break-into-signal-app-previously-considered-safe-1.9368581

https://www.cellebrite.com/en/blog/cellebrites-new-solution-for-decrypting-the-signal-app/

#signal #cellebrite #decrypting #app
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@NoGoolag
📡@BlackBox

PCAPdroid

Capture traffic on Android devices and send the PCAP via UDP without root

PCAPdroid lets you capture the Android traffic and analyze it remotely (e.g. via Wireshark). The traffic can be easily captured on a remote PC via an UDP socket.

💡 Features:

✅ Capture apps traffic without root privileges

✅ Send captured traffic via UDP

✅ Download the traffic PCAP via the integrated HTTP server

✅ Show captured traffic real time statistics

✅ Apply a filter to only capture traffic for the selected app

✅ Decrypt HTTPS/TLS traffic via a remote mitmproxy

https://f-droid.org/packages/com.emanuelef.remote_capture/

#PCAPdroid #android #fdroid #app

Setup for testing Android app vulnerabilities

In the previous article I documented my approach for reverse engineering an Android game. But getting my hands on the code is only one part of security research. Once a potential issue is identified, I need to verify that it is actually exploitable. So there is no way around messing with an actual live app. Ideally that has to happen in a controlled environment with emulated hardware. As before, this is mostly me writing things down for my future self, but it might come useful for other people as well.

💡 Contents

✅ Choosing a virtualization approach

✅ Setting up Android SDK

✅ Minimal proof of concept Android app

✅ Adding debugging output to the target application

https://palant.info/2021/02/22/setup-for-testing-android-app-vulnerabilities/

#setup #testing #android #app #vulnerabilities #guide
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Your Dating App Data Might Be Shared With the U.S. Government

When you download a dating app, fill out a profile with some of your most private information, and select “allow app to access location” to locate nearby potential love interests, you may feel a little exposed, but you proceed anyway, in order to find those dates. But there is reason to believe that by using these sites, you may be unknowingly submitting to government tracking—and we can’t know for sure because of all of the secrecy involved with deals that data brokers make with government agencies. It’s yet another demonstration of the need to bring transparency to the data-collection industry.

Dating apps ask users for a variety of highly personal information and retain it indefinitely, potentially forever. This can include photos and videos, text conversations with other users, and information on gender, sexual orientation, political affiliation, religion, desire to have children, location, HIV status, and beyond. Many platforms also collect information regarding preferences in a partner (either through filters or using powerful algorithms that monitor users’ every swipe) and may therefore know about your preferences and deal-breakers with regard to ethnicity, religion, body type, and more. If you connect your dating app with any social media platforms—Facebook and Instagram are common choices—then the dating app company likely also has access to thousands of additional data points, including what kind of content you’ve liked on social media and who you are friends with.

https://slate.com/technology/2021/03/dating-apps-data-brokers-transparency-government.html

#dating #app #us #govt #privacy

Gamifying Propaganda: Everything You Need to Know about China’s ‘Study Xi’ App

Scoring points by doing Xi-focused quizzes and watching ‘Xi Time’ news: this app takes propaganda to a whole other level.

A new app that encourages China’s online population to study Xi Jinping Thought has made headlines, both in and outside of China. Here’s everything you need to know about this new interactive propaganda tool.

On January 1st, the Xué Xí Qiáng Guó app was launched on various Chinese app stores. The app is an initiative by the Propaganda Department of the Central Committee of the Communist Party, and is linked to the xuexi.cn platform, which was first set up in 2018.

The app has been making headlines in Chinese and English-language media this week. The BBC referred to the app as a “little red book,” and reported that members of the ruling Communist Party, as well as state-owned company employees who are not Party members, have allegedly been required to download and use it on a daily basis (Feb 15).

The Guardian reported that government officials in Fujian province and Qingdao city held workshops last month stressing the political importance of the app, and directing local leaders to promote the app across government departments (Feb 15).

Although some reports claim that the app is making its way to top lists of most downloaded apps in China, it only scored a position 72 in the top 100 list of popular Chinese app store 360app at time of writing. The app store does state that the app has been downloaded 340000 times, with app users rating it with 2,5 stars out of 5. In the Tencent store, the app was downloaded 2,1 million times.

However, these numbers do not necessarily indicate much about the total number of downloads, since the app can be directly downloaded as an APK file from various locations. In the Chinese Apple store, the app is now the number one scoring app in the educational category. The app is only available in Chinese, and is not available from the Google Play store or Apple stores outside of China.

https://www.whatsonweibo.com/gamifying-propaganda-everything-you-need-to-know-about-chinas-study-xi-app/

#china #xi #app #gaming #propaganda #thinkabout
📡@cRyPtHoN_INFOSEC_FR
📡@cRyPtHoN_INFOSEC_EN
📡@cRyPtHoN_INFOSEC_DE
📡@BlackBox_Archiv
📡@NoGoolag

Google Promised Its Contact Tracing App Was Completely Private—But It Wasn’t

Researchers say hundreds of preinstalled apps can access a log found on Android devices where sensitive contact tracing information is stored.

When Google and Apple introduced their COVID-19 contact tracing framework in April 2020, the companies aimed to reassure people worried about sharing private health information with major corporations.

Google and Apple provided assurances that the data generated through the apps—people’s movements, who they might have come in contact with, and whether they reported testing positive for COVID-19—would be anonymized and would never be shared with anyone other than public health agencies.

“Our goal is to empower [public health agencies] with another tool to help combat the virus while protecting user privacy,” Google CEO Sundar Pichai wrote in a tweet last May, when the framework became publicly available.

Apple CEO Tim Cook provided similar assurances.

Since then, millions of people have downloaded contact tracing apps developed through Apple’s and Google’s framework: The U.K.’s National Health Services’ app has at least 16 million users, while Canada’s Digital Service COVID Alert app boasted more than six million downloads in January, and Virginia’s Department of Health noted more than two million residents were using its COVIDWISE app.

California governor Gavin Newsom endorsed his state’s version of the app, calling it “100% private & secure” in a tweet last December.

But The Markup has learned that not only does the Android version of the contact tracing tool contain a privacy flaw, but when researchers from the privacy analysis firm AppCensus alerted Google to the problem back in February of this year, Google failed to change it. AppCensus was testing the system as part of a contract with the Department of Homeland Security. The company found no similar issues with the iPhone version of the framework.

https://themarkup.org/privacy/2021/04/27/google-promised-its-contact-tracing-app-was-completely-private-but-it-wasnt

#google #DeleteGoogle #contact #tracing #app #privacy
📡 @nogoolag 📡 @blackbox_archiv

How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit

Back in college, I was very interested in Java bytecode. When I got an internship at Google in 2013, I was skeptical of the security of the Java version of Google App Engine and got permission to spend the last week of my internship doing a mini red team exercise, trying to break into App Engine. This is the story of how I found a vulnerability and developed an exploit to break out of the App Engine sandbox and get arbitrary code execution on a Google server.

Background

One of the reasons I was skeptical was Java’s poor security track record. Java is unusual among programming languages in attempting to do in-process sandboxing with its Applet model, where trusted and untrusted code run within the same language runtime.

Back in the dark ages before Javascript and Webassembly took over the world, website authors that wanted to include nontrivial interactivity had to rely on browser plugins. Sun’s entry into the fray was Java Applets, a system that allowed website authors to include precompiled Java classfiles on their site. When the user views the embedding page, the browser sends that code to the Java Virtual Machine (JVM) installed on the user’s computer for execution.

In order to keep things secure, Java used a permission system to control what running code could and couldn’t do. Desktop applications were executed with all permissions by default, while Java applets ran with a very restrictive policy that prevented stuff like accessing the user’s local files.

Unfortunately, applets were still plagued with security vulnerabilities. One issue is that most of the Java runtime library is itself implemented in Java. Trusted and untrusted code run side by side in the same VM, with the only thing separating them being the permission system and visibility modifiers (public, protected, private, etc.)

This means that a bug anywhere in the JVM or standard libraries is liable to become a security vulnerability. Additionally, the attack surface is huge. The Java 7 runtime included over 17,000 classes, a lot of places for bugs to creep in.

https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html

#google #app #engine #hacked #java #bytcode #exploit
📡 @nogoolag 📡 @blackbox_archiv

"Heavy blow against organized crime" after criminal "kingmakers" tricked into using FBI-run messaging app

https://www.cbsnews.com/news/anom-app-fbi-criminals-trojan-shield/#app

🔴 App download / install / manage

Google PlayStore™ can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )

You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store

Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold

Here are some better alternatives to get and manage Android apps:

🎁 F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034

🎁 Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242

🎁 Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
⚠️ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore

🎁 Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666

🎁 Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases

🎁 App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge

🎁 Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium

🎁 Accrescent
https://accrescent.app

🎁 Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app

🎁 Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid

🎁 apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep

🎁 APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber

🎁 APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror

🎁 ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack

🎁 Kali Nethunter Store
Pentesting apps
https://store.nethunter.com

🎁 Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader

🎁 Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de


🔴 App management

🛠 AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager

🛠 AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden

🛠 /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247

🛠 Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller

🛠 Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor

🛠 OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk

🛠 NeoBackup
https://github.com/NeoApplications/Neo-Backup


🔴 App info

🔬 ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus

🔬 Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy

🔬 App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher

🔬 Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer


📡 @NoGoolag 📡 @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei