Russian botnet

Proof or fuck off

That's pointless, you'll accuse him of having faked whatever pictures or file he posts. Use a sniffer so you can convince yourself, it doesn't take more than 5 minutes

...

Great. It's been 2 hours since you've made this thread and this isn't the first you've made. Couldn't you have mustered up a single screenshot during all that time?

I don't have the competence or the time to go through the source code of an app, but i can read a network capture. Anyway you'll believe what you want to believe

And yet you won't post what you've discovered.

Nice reading skills, i haven't made the thread. Though I made one several months ago, with screenshots, and people where simply like "well why haven't you opened an issue?"

That's because i don't keep months old screenshots. I'm not installing that crap again and i don't have an android VM to use. Just use a sniffer while you search for an app on yalp store, since you probably have it installed

Lol this would be huge news through the android and security communities, literally report it to a news source and it will be everywhere once they confirm it

>has evidence that a popular OSS app is compromised
>deletes it

Attached: 1535482513730.png (360x594, 250K)

>No guize, I has proofz!!!
>you can't see it tho cuz I deletez it!!
you're a fucking FUD spreading faggot, hang ypurself you fucking glow worm

I didn't have evidence that it is compromised, i had evidence that it was "botnet" in the wider sense

>is given a simple, 5 minutes way to check if certain claims are real or not
>keeps demanding it is someone else to provide proof

oh fuck off, burden of proof is on the one who makes the claim

I explained why i can no longer provide proof, if you were really interested in knowing the truth you would have done a network capture. I'm out of this thread, if you don't check the traffic of every app that you let connect to the internet after install you deserve it anyway

good, don'tlet the door hit you on the way out

take this and leave

Attached: 1471316647605.png (448x468, 194K)

Turns out i still had the capture saved! This is me searching "moto" in yalp store, and yalp store broadcasting it in plain text for the public

Attached: Screenshot_2018-10-03-18-08-54.png (1080x1920, 240K)

Holy fuck.
I fucking knew there was something wrong with all these foss-appstores.

>sending get request with the keyword for your search
erm, did you expect the search to be done without internet or something?

Oh noes! Motocross!!!1!!!1!!11!!11!
We've been pwned guise.

PROTIP: Yalp Store has to connect to their servers to get the key for the fake session.

Attached: 470b03ff9cb5dc4fe097332ca4da5d306135d244766d016b8cce2e2ec89bce44.jpg (611x823, 74K)

samefag

Whatever you say, it poses a serious threat to privacy by letting everyone know what you searched so it classifies as "botnet" in the wider sense

Try again

Attached: Screenshot_2018-10-03-18-31-37.png (1080x1920, 240K)

you've learned to turn disconnect from wifi to samefag properly, good for you

nice shoppe

In what sense? It operates fake sessions with fake device identity.
github.com/yeriomin/YalpStore/blob/master/README.md
Read this.

holy shit you are fucking retarded.

of course this makes a request to Google to get search results.

so this is your """botnet""" evidence?

this is the relevant code btw.
github.com/yeriomin/play-store-api/blob/41a81120af40659df5c5f609f3383cd676e79f21/src/main/java/com/github/yeriomin/playstoreapi/GooglePlayAPI.java

also it is not plaintext.

you are the worst kind of retarded, spewing shit you have no clue about

Attached: capture.png (481x46, 3K)

One pajeet angry that other pajeet made an app, calls him Russian. More news at 12.

Kek what a time to be alive.
Go suck each other faggots

In the sense that as i captured that traffic, anyone on my same wifi network could have captured it as well and know what i'm searching. I'd rather use something like apkpure that uses https

It throws your privacy in the trash so yeah, that is my evidence. I remind you i'm not OP btw

Then howcome i can read it? When i capture https traffic it's just noise

if you're not baiting i'm sorry that you're this stupid

probably because whatever app you are using is exchanging the https certs.

>It throws your privacy in the trash so yeah, that is my evidence. I remind you i'm not OP btw
Searching for Apps in the Play Store sends data to Google.
More news at 11

No, with other apps i get unreadable traffic, see pic related
>Searching for Apps in the Play Store sends data to Google.
Yeah, and searching for apps in the yalp store sends data to sniffers. While using something like apkpure sends it to neither

Forgot pic

Attached: Screenshot_2018-10-03-19-02-19.png (1080x1920, 181K)

>sniffers
if you don't trust your fucking network, man, use Tor or a VPN. Someone will always know what you're doing.

please post the name of your sniffer app.
Also, if the app you are trying this with is this conversations.im/ -> this is an XMPP client, it doesn't use HTTP(S).

>Yeah, and searching for apps in the yalp store sends data to sniffers
Google != sniffer, by using yalp store you know that data is sent to Google.

So basically i should never use wifi if i'm not at home?

"Packet capture"
Conversations does use https, sometimes. Anyway pic related is a firefox capture, using an https website

>Google != sniffer, by using yalp store you know that data is sent to Google.
So what?

Attached: Screenshot_2018-10-03-19-38-14.png (1080x1920, 378K)

Attached: capture.png (625x233, 20K)

why are these threads allowed? It's blatant misinformation with no source and the "proof" OP posted means literally nothing. All he is doing is spreading FUD about a legitimately good app.
He's also been obsessively spamming the same stupid thread over and over again everyday.

Pajeet is persistent since Kumar from his village made successful app and he didn't. Kumar will get the poon and he will bring disgrace to his family.

Then why it doesn't work with other apps?

I'm not op you fucking retard, why can't you read? Op hasn't posted any proof
Also pretty retarded question, these threads are allowed because otherwise who would judge what "misinformation" is? There would be a risk of censorship, so anything that isn't clearly against the rules should stay, despite how much you dislike it

>what is cert pinning

>Then why it doesn't work with other apps?
this -> also Firefox is special because it doesn't use the systems certificate store but has its own (at least on desktop).

bump

This thread is hillarious

You retarded dicksucker kiddo . Get off this fucking board and play with TETRIS instead.
It is a fucking miracle that you have learned to use your Telephone.

go make your screenfetch threads fucking lammer

sir you are racist!

Literally Yalp Store reskinned
Literally retarded
Mods love poojet shitposting, they're the kind of people who click the malware ads