@linuxct@androiddev.social
@linuxct@androiddev.social avatar

linuxct

@linuxct@androiddev.social

Trying to find and do things that make the world a better place

This profile is from a federated server and may be incomplete. Browse more on the original instance.

benjojo, to random
@benjojo@benjojo.co.uk avatar

Ha! The Discord GDPR/Data Export thing reveals that it's running models to figure out what gender you are. If you go to /activity/analytics/events-*.json and grep for predicted_gender you get something like:

<span class="st">{</span>
  <span class="st">"user_id"</span><span class="op">:</span> <span class="st">"282657081457115136"</span><span class="op">,</span>
  <span class="st">"predicted_gender"</span><span class="op">:</span> <span class="st">"male"</span><span class="op">,</span>
  <span class="st">"probability"</span><span class="op">:</span> <span class="nm">0</span><span class="op">.</span><span class="nm">8413839340209961</span><span class="op">,</span>
  <span class="st">"prob_male"</span><span class="op">:</span> <span class="nm">0</span><span class="op">.</span><span class="nm">8413839340209961</span><span class="op">,</span>
  <span class="st">"prob_female"</span><span class="op">:</span> <span class="nm">0</span><span class="op">.</span><span class="nm">11650349199771881</span><span class="op">,</span>
  <span class="st">"prob_non_binary_gender_expansive"</span><span class="op">:</span> <span class="nm">0</span><span class="op">.</span><span class="nm">04211260750889778</span><span class="op">,</span>
  <span class="st">"model_version"</span><span class="op">:</span> <span class="st">"2024-05-08T00:00:00.000000Z"</span><span class="op">,</span>
  <span class="st">"day_pt"</span><span class="op">:</span> <span class="st">"2024-05-15 00:00:00 UTC"</span>
<span class="st">}</span>

Anyway, they seem to have this datapoint over time! Meaning you can make a graph of how male/female/NB you are according to discord, here is mine:

linuxct,
@linuxct@androiddev.social avatar

@benjojo What tHE FUCK

zsmb13, to random
@zsmb13@androiddev.social avatar

Now that's a neat suggestion.

linuxct,
@linuxct@androiddev.social avatar

@zsmb13 But it's not very Kotlin-esque, no? What you have right now is longer, but more readable in Kotlin's syntax

linuxct,
@linuxct@androiddev.social avatar

@kiranrao @zsmb13 I didn't know this and it sounds neat, thanks!

MishaalRahman, to random
@MishaalRahman@androiddev.social avatar

Google Play has announced a bunch of new features and tools for app developers! Here’s a summary:

  • The ability to tailor store listings by search keywords. If you don’t know what keywords to optimize for, Google Play will give suggested keywords.
  • Developers can now leverage Play Points to launch coupons, discounts, or exclusive in-game items.
  • Deep links patching makes it easier to experiment or make quick changes to your deep links setup without needing to release a new app version.

(1/5)

linuxct,
@linuxct@androiddev.social avatar

@MishaalRahman oh hey I remember seeing these ones while they were in the works :) any news if Play Integrity Crystal made it too? or if they scrapped that in the end?

lehtimaeki, to random
@lehtimaeki@snapp.social avatar

I remember when Google IO used to be for developers..

linuxct,
@linuxct@androiddev.social avatar

@lehtimaeki Lmao that's long gone since almost a decade ago. But I enjoyed counting the number of times Gemini and AI was said :)

linuxct, to random
@linuxct@androiddev.social avatar

What in the world is this Google I/O intro?

arstechnica, to random
@arstechnica@mastodon.social avatar

Pokémon Go players are altering public map data to catch rare Pokémon

TPM 2.0 requirement apparently won't be enforced on Windows 10 systems.

https://arstechnica.com/gaming/2024/05/pokemon-go-players-are-altering-public-map-data-to-catch-rare-pokemon/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

linuxct,
@linuxct@androiddev.social avatar

@kolya @arstechnica Seems like a mistake, the article does not mention anything about desktop TPMs otherwise

ryne, to random
@ryne@androiddev.social avatar

The Rabbit R1 really is just a cute little orange paperweight. Commands are laggy, advertised features aren't ready yet. In terms of "things it can do" there really aren't many, short of frustrating you when you ask it to do things.

The camera (the rotating post on mine is crooked, wat) doesn't even work yet. What purpose does this object achieve? I can't even get it to perform any task short of answering questions any LLM can.

This thing is dumb.

linuxct,
@linuxct@androiddev.social avatar

@ryne Wait, not even Vision works? For real? They demoed that during the live event a few days ago and it was functional ._.

linuxct,
@linuxct@androiddev.social avatar

@ryne Uhm strange. They issued an OTA just minutes ago so try installing that one. If not it may be something broken in your unit? Really strange

linuxct,
@linuxct@androiddev.social avatar

@ryne from decompiling the leaked launcher APK I know there is a dedicated, separate APK that handles OTAs, but how that works is a mystery as I think no one has it, yet. Maybe restarting the device is enough to trigger them

9to5google, to random
@9to5google@mastodon.online avatar

Here’s how Google patched the account security loophole on Google TV and Android TV https://9to5google.com/2024/04/26/google-android-tv-account-security-loophole-fix/?utm_source=dlvr.it&utm_medium=mastodon

linuxct,
@linuxct@androiddev.social avatar

@9to5google You all understand this does not fix the underlying issue? The real problem is not sideloading Chrome and accessing mail.google.com from there, the real problem is sideloading the Gmail APK and being able to access the mails like so. And that is working as intended and cannot be broadly patched unless the Android framework itself is updated, because that's what Accounts sync and GMS are built exactly for.

linuxct,
@linuxct@androiddev.social avatar

@9to5google And when I say Gmail APK, it could very well be Google Contacts as well, and access the Google Account's contacts, or Chrome's shared history from within Google Chrome itself.

linuxct, to random
@linuxct@androiddev.social avatar

Waiting for someone with an early unit to dump the Rabbit R1 OS like crazy right now

linuxct,
@linuxct@androiddev.social avatar

Trivia: Did you know It Just Runs Android? TM

linuxct,
@linuxct@androiddev.social avatar

@ryne It may be a bit trickier as I have seen most interfaces are locked down. I expect some eMMC/UFS desoldering (or otherwise, butchering of the device) may be involved to get it out for the first time before we can hook to the OTA server and pull it from there ;)

linuxct,
@linuxct@androiddev.social avatar

@ryne I also have one coming my way but it will take months to arrive, so until then I will keep an eye for more security researchers getting their hands on it 👀

linuxct,
@linuxct@androiddev.social avatar

So I got bored, started poking the API and welp, I guess I now registered a Rabbit R1 in the rabbit hole?

This is as much as you will see day 1 btw

image/png
image/png
image/png

linuxct,
@linuxct@androiddev.social avatar

Oh wow, now this is sketchy. The login onto Spotify is performed on a remote machine via... VNC? What the...?

If I place the cursor outside of the Spotify login page, I can see Xorg's default X logo. And the page stutters upon scrolling. Why do they do that instead of normal API tokens? Is this remote machine going to store my browser session for the LAM's scrapping purposes?

video/mp4

linuxct,
@linuxct@androiddev.social avatar

By the way I was super late to the party and this was known since a few days ago. Check rabbit's bird site account for the details per their CTO. Someone before me saw this very thing and started a defamation campaign against rabbit, stating LAM was all just a Microsoft Playwright automation script. But it has been proven wrong already as the VNC'd machines had some source code which demonstrated they were only capable of account management and logging credentials for future use, not automation

arstechnica, to random
@arstechnica@mastodon.social avatar

Google says it’s fixing a nasty Android TV account security loophole

Should sideloading Chrome on an old smart TV really compromise your entire account?

https://arstechnica.com/gadgets/2024/04/google-says-its-fixing-a-nasty-android-tv-account-security-loophole/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

linuxct,
@linuxct@androiddev.social avatar

@arstechnica It's Android, thus, works as designed. The only thing they did was install apps which were supported by the underlying platform and correctly made use of the APIs to retrieve user data, just like in a phone this would have been possible. I fail to understand how this is a security concern. Do not login to your Google account if the TV is not yours, period.

linuxct, to random
@linuxct@androiddev.social avatar

Are you seriously telling me this is how you are supposed to launch an activity from a tile in WearOS using AndroidX's Protolayouts?

If I have to type Builder().build() a single time more I am going to give up and delete the entire project

linuxct,
@linuxct@androiddev.social avatar

At least it works! A button appears and clicking it opens an activity, awesome. Now time to implement the rest 😅

linuxct, to random
@linuxct@androiddev.social avatar

This week I presented for the first time my new iOS penetration testing workshop, and it was a huge success!! Really excited to deep dive into mobile OS' other than Android more often 🥳

linuxct,
@linuxct@androiddev.social avatar

I feel that the most challenging part was covering the less well-documented, closed source aspects of the OS, such as how binaries are signed by Xcode, how can they be resigned/tampered, entitlements, etc. But overall, I am quite satisfied with the summary I could give on these :D

linuxct, to random
@linuxct@androiddev.social avatar

@rileytestut Hey there, there's something I never fully understood from AltStore signing process and I was wondering something.

From what I understand, IPA files contain an embedded signing certificate that originates from the developer's signing profile. When an app is deployed, a signing profile is used, which contains a signing certificate, which must match the one in the IPA.

How does AltStore bypass this using the user's Apple ID? Replacing the IPA's signing certificate to the user's?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • JUstTest
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • tester
  • osvaldo12
  • cubers
  • GTA5RPClips
  • normalnudes
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •