List with some of the problematic apps and issues with microg

https://github.com/microg/android_packages_apps_GmsCore/wiki/Problem-Apps

https://github.com/microg/android_packages_apps_GmsCore/issues

#issues #problems #microg

Microg / Nanodroid issues and solutions

💡 https://gitlab.com/Nanolx/NanoDroid/tree/master#issues

💡 https://forum.xda-developers.com/apps/magisk/module-nanomod-5-0-20170405-microg-t3584928/post79468220

💡 npem
In a terminal app like termux write these 2 commands and reboot (first one is just to get root, accept):
su
npem

https://gitlab.com/Nanolx/NanoDroid/blob/master/doc/NanoDroidPerm.md


📡 @NoGoolag 📡 @Libreware
#microg #issues #solutions #problem #nanodroid #rh01

Newly introduced proprietary blob "QC Location" breaks any other location providers
ppf I got rid of that in my private builds and they seem to have no vital function ~would
from an issue comment:
After some search, I found on the official website of Qualcomm softwares that:

Qualcomm Location periodically sends us a unique software ID, the location of your device (longitude, latitude and altitude, and its uncertainty) and nearby cellular towers and Wi-Fi hotspots, signal strength, and time (collectively, “Location Data”). As with any Internet communication, we also receive the IP address your device uses. We use Location Data, software IDs and IP addresses, and the other data we collect to help us protect, evaluate, and improve the performance of our systems.

In other words, it would be a tacit tower and WiFi collector without the obvious perception of users.
It is not only proprietary (note that LineageOS is aimed to be free and open-source), but also privacy-fringing. I propose to revert commits associated to QC locations.

(#1270) · Issues · LineageOS / issues / android · GitLab

https://gitlab.com/LineageOS/issues/android/issues/1270


#issues

Fix Signature Spoofing Support

Solution when "Play Store (Phonesky) has correct signature" is not checked,

run these 2 commands in termux app or other terminal app:

su

pm grant com.android.vending android.permission.FAKE_PACKAGE_SIGNATURE


For android 9 and lower you can do it this way:
Go to settings
apps
app permission
signature spoofing
3 dot menu
show system apps
give permission to fakestore.


How to give Fake Store permissions on the second user. Not possible the usual way with terminal. So in /data/system/users/10/runtime-permissions.xml
Add the line:
<pkg name="com.android.vending">
<item name="android.permission.FAKE_PACKAGE_SIGNATURE" granted="true" flags="0" />
</pkg>
Then reboot


📡 @NoGoolag
#fsss #fix #signature #spoofing #problems #issues #playstore #phonesky

FCM/push messaging troubleshooting

Go to microG settings > Google Cloud Messaging and check if the app is connected.

if no:

- Log in your Google account

- Try wiping data for the app

- Before restoring a backup, first restore the app only (without data) and start it to register the app. After that you can restore the data.

- If on NanoDroid, use this command for all apps or for a given appname (e.g. com.nianticlabs.pokemongo)
-- nutl -r
or
-- nutl -r [appname]

If yes:

- Ensure you don't have an adblocker blocking the domain mtalk.google.com

If you can't get any app to register for Google Cloud Messaging, try dialing this:

*#*#2432546#*#*
or
*#*#CHECKIN#*#*


From: https://gitlab.com/Nanolx/NanoDroid/tree/master#issues


📡 @NoGoolag
#push #fcm #gcm #fix #problems

Who reports the “low hanging fruit” security issues?

Some time ago, I came across this article on Hacker News. I recommend you read the whole thing. But in short: A social media site for woman called “Giggle” used an API that pretty much exposed every users data, if you did so much as to request it. This is called an IDOR vulnerability.

The “barrier of entry” is very low here. Installing BurpSuite might have actually been the hardest part of it all.

I always found these types of “hacks” the most interesting. Mostly because they don’t require any experience in offensive security. You don’t need to be an professional pentester to know basic API debugging. Even I could do something like this! In fact, I still sometimes hack myself into leaderboards of browser games like this one.

These kind of “easy to pick” targets are often referred to as “low hanging fruit”. There is no complicated setup or mentionable work required to just grab an apple from a low hanging branch. Same thing was true for hacking Giggle.

And these types of incidents are all but rare. Just search the web for “unsecured elasticsearch instance”. Also, it doesn’t just affect userdata neither. There have been IDOR issues on car control systems. One could literally stop, lock and unlock cars thanks to a certain API endpoint that required no authentication.

👀 👉🏼 https://palone.blog/#post-who-reports-the-low-hanging-fruit-security-issues-158

#palone #blog #security #issues #IDOR
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

For anyone having issues with latest microg not registering apps in the gcm part, check out this workaround, it seems to fix it for most

Remember, it's not necessary to add a Google account to use gcm

https://github.com/microg/GmsCore/issues/1408

https://libredd.it/r/MicroG/comments/kuhgse/device_registration_and_push_notifications/girx53t/


#gcm #microg #fix #problems #issues

Ad block shouldn't break your checkout

We've recently started a shop with some merchandise using TeeSpring. We wanted to try out selling merch as a strategy for monetizing our game Bela Online. And while TeeSpring enabled us to set up this very fast and it is a no-brainer in terms of how hands off it is, there are some issues. Some critical issues.

What happened? 🤔

If your customer has an ad blocker enabled which blocks, well, ads, the whole checkout experience breaks. A friend of mine reported it today to me. He has uBlock Origin installed and when he clicks "Checkout" the site doesn't do anything. 😢

The experience just stops, and he couldn't go through with the order.

I've sent a report through a channel intended for reporting issues with your order, but I've also wanted to write this blog post as a cautionary tale for other developers.

uBlock Origin breaks things 😿

So, what is the root cause of this issue? If we look at the code that breaks:

https://ilakovac.com/teespring-ublock-issue/

#ublock #adblock #issues

Colonial Pipeline Hit by Network Outage Just Days After Hack Shutdown

NEW YORK (Reuters) - Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation's biggest fuel pipeline reopened after a week-long ransomware attack.

The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.

Last week's closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries - which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.

After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

Colonial's shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.

https://money.usnews.com/investing/news/articles/2021-05-18/colonial-pipeline-nomination-system-shut-tuesday-market-sources

https://twitter.com/IntelPointAlert/status/1394672389464670212

#colonial #pipeline #network #issues

🔴 App download / install / manage

Google PlayStore™ can be installed with #minmicrog and other microg installers. Some apps you bought with a Google account may require it to check for licenses.
If it doesn't work check possible solutions here: https://t.me/NoGoolag/19314 ( #issues )

You can buy apps with your Google account from a web browser and then download it with Google playstore / Aurora Store / Yalp Store

Don't buy apps to Google, you're financing that evil corporation with the 30% cut they take from every app sold

Here are some better alternatives to get and manage Android apps:

🎁 F-Droid
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1034

🎁 Aurora Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://t.me/NoGoolag/1242

🎁 Aurora Store (Google Playstore foss client)
apks from Google Playstore
https://t.me/NoGoolag/1123
⚠️ Google broke the search function in Aurora Store at the moment. Try the nightly version. You may find more info at @AuroraSupport
or https://gitlab.com/AuroraOSS/AuroraStore

🎁 Neo Store (F-Droid foss client)
https://t.me/NoGoolag/14666

🎁 Droidify (F-Droid foss client)
https://github.com/Iamlooker/Droid-ify/releases

🎁 App Lounge by eOS (Foss/commercial/pwa)
https://doc.e.foundation/support-topics/app_lounge

🎁 Obtainium (Foss apps from multiple sources)
https://github.com/ImranR98/Obtainium

🎁 Accrescent
https://accrescent.app

🎁 Skydroid
https://github.com/redsolver/skydroid
https://get.skydroid.app

🎁 Foxy Droid (F-Droid foss client)
apks from f-droid.org repository or extra repositories
https://f-droid.org/app/nya.kitsunyan.foxydroid/
https://github.com/kitsunyan/foxy-droid

🎁 apkeep
https://www.eff.org/deeplinks/2021/09/introducing-apkeep-eff-threat-labs-new-apk-downloader
https://github.com/EFForg/apkeep

🎁 APKGrabber
apks from Google Play, APKPure, APKMirror or Uptodown (enable Izzy repo)
https://f-droid.org/app/de.apkgrabber

🎁 APKMirror
apks from APKMirror
https://f-droid.org/app/taco.apkmirror

🎁 ApkTrack
Updates on PlayStore and other sources
https://f-droid.org/app/fr.kwiatkowski.ApkTrack

🎁 Kali Nethunter Store
Pentesting apps
https://store.nethunter.com

🎁 Evozi apk downloader (website)
https://apps.evozi.com/apk-downloader

🎁 Raccoon
APK Downloader for Linux, Windows and MacOS
https://raccoon.onyxbits.de


🔴 App management

🛠 AppManager
@AppManagerChannel
https://github.com/MuntashirAkon/AppManager
https://f-droid.org/repo/io.github.muntashirakon.AppManager

🛠 AppWarden
https://t.me/AuroraOfficial/59
Izzy repo https://apt.izzysoft.de/fdroid/repo/com.aurora.warden

🛠 /d/gapps
Delete/disable GApps and other bloatwares
https://t.me/NoGoolag/1247

🛠 Batch Uninstaller
Uninstall multiple applications at once
https://f-droid.org/app/com.saha.batchuninstaller

🛠 Apk Extractor
Extract APKs from your device, even if installed from the Playstore. Root access
https://f-droid.org/app/axp.tool.apkextractor

🛠 OpenAPK
App manager uninstall, hide, disable, extract, share
https://f-droid.org/app/com.dkanada.openapk

🛠 NeoBackup
https://github.com/NeoApplications/Neo-Backup


🔴 App info

🔬 ClassyShark3xodus
Scan apps for trackers
https://f-droid.org/app/com.oF2pks.classyshark3xodus

🔬 Exodus Privacy
Analyzes privacy concerns in apps from Google Play store
https://f-droid.org/app/org.eu.exodus_privacy.exodusprivacy

🔬 App Watcher
Follow updates and changelogs of apps in Play Store not currently installed on your device (enable Izzy repo)
https://f-droid.org/app/com.anod.appwatcher

🔬 Stanley
Explore app info for developers
https://f-droid.org/app/fr.xgouchet.packageexplorer


📡 @NoGoolag 📡 @Libreware
#apk #install #app #playstore #store #alternatives #fdroid #aurora #yalp #huawei