Мыслепреступление на Android: как скрыть Перехватчик трафика от Государственных приложений

Государство усиливает заботу о гражданах: крупные сервисы и государственные приложения на Android всё активнее выявляют использование Перехватчиков трафика. Разбираемся, какими методами ведётся это наблюдение — и что Ненадёжные элементы противопоставляют Праведному взору Государства.

https://habr.com/ru/articles/1024890/?utm_source=habrahabr&utm_medium=rss&utm_campaign=1024890

#root #android #vpn #xposed #privacy

Мыслепреступление на Android: как скрыть Перехватчик трафика от Государственных приложений

Государство усиливает заботу о гражданах: крупные сервисы и государственные приложения на Android всё активнее выявляют использование Перехватчиков трафика. Разбираемся, какими методами ведётся это наблюдение — и что Ненадёжные элементы противопоставляют Праведному взору Государства.

https://habr.com/ru/articles/1024890/

#root #android #vpn #xposed #privacy

I sometimes really do miss the #android7 days with #xposed and #xprivacy where I could just blockallthe apps from accessing firebase or other tracking crap. Wish we had that on modern #android

Written from an ancient Oneplus 2 running #lineageos, xposed and xprivacy

LibrePods - Le hack qui libère vos AirPods de la prison Apple

https://fed.brid.gy/r/https://korben.info/librepods-airpods-linux-android-open-source.html

Here's another cool find while looking around for FOSS Android projects: ChromeXt!

It's an Xposed framework module that injects userscript and and DevTools support to Chromium-based and WebView-based browsers

The module is primarily meant to be used with LSPosed, but it can also work with LSPatch for non-root environments

ChromeXt is made by JingMatrix (you may have already heard of them if you've messed around with Android root tools!) and can be found either on IzzyOnDroid or its official GitHub repo: https://github.com/JingMatrix/ChromeXt

#android #foss #root #tech #xposed #module #lsposed #lspatch #apps #chromium #webview

Threat brief: Android.Backdoor.Baohuo.1.origin — trojanized Telegram X APKs; 58k+ devices; Redis-backed C2; Xposed/mirrors for stealth; targets Brazil & Indonesia.
Immediate actions:
• Block/unmonitored outbound Redis ports (6379/6378) from mobile management networks.
• Hunt for new persistent device sessions with hidden device IDs or missing active session entries.
• Use app-signature verification at install / MDM policy to block unverified APKs.
• Monitor for frequent 3-minute telemetry bursts and unusual clipboard access patterns.
Share indicators & mitigations in the comments and follow TechNadu for deeper TTP analysis and IOC lists.

#ThreatIntel #MobileSecurity #Android #Redis #Xposed #EDR #Hunting #InfoSec

I have been testing an interesting app that I found in F-droid, it is called Virtual Xposed, and allows you to run some modules of the xposed framework without being root, yes, the modules that meet that condition are those that do not alter the system, even so, it is a good approach, a good test laboratory. Since everything runs in an isolated environment, something like a kind of virtual machine, what you do inside virtual xposed only works there, and if it fails, then the same, It will only fail in there.

I found it interesting since I have no root, or custom rom, just a rom of ordinary stock, whose only peculiarity would be that by its own decision and with many hours in the adb, disable everything that has to do with Google, from the GMS to the simple clock, but outside of there, it is a common rom and on the root, I would like to, but I probably won't. So apps like this serve me as a learning and testing

But I'll be honest, I'm not close to the world of xposed modules, so... The truth is I have no idea what things to try, because anyway, the fact that they only run modules that do not alter the system, reduces the list a lot. Even so, if you are curious like me, I recommend it completely, I guarantee a good afternoon of weird experiments, as good nerds that we are xD

#android #apps #xposed #root #FDroid

Please, all Android developers, make a system that can fake the contact list, files and photos, location and phone ID and other information that apps usually require (but don't need).
Android only lets you disable those things, but that's not it - some apps don't work without consent.

All I could find was #xposed and #xprivacy, but it doesn't seem to be evolving much and it's definitely not for casual users. I'd love to have a system that pretended to be Android, but be based on #lineageos & #OpenGapps and include those xprivacy features by default.

To be honest, I'm completely fascinated that no one is working on this! So many developers and nobody cares about privacy?