F-DROID WAS COMPROMISED
Don't use YALP STORE, is made by a russian criminal guy who was arrested for PHISHING years ago.
BE CAREFUL.
F-DROID WAS COMPROMISED
Don't use YALP STORE, is made by a russian criminal guy who was arrested for PHISHING years ago.
BE CAREFUL.
fuck off glow in the dark nigger
t. dimitri
show proof then
t. Kumar
just use a sniffer you dumb fuck
that is not how it works you little shit.
you made the allegation so show your proof
What's a yalp store
Sauce or fuck off
Point to the part in the source code where it is compromised.
Proof or fuck off
That's pointless, you'll accuse him of having faked whatever pictures or file he posts. Use a sniffer so you can convince yourself, it doesn't take more than 5 minutes
...
Great. It's been 2 hours since you've made this thread and this isn't the first you've made. Couldn't you have mustered up a single screenshot during all that time?
I don't have the competence or the time to go through the source code of an app, but i can read a network capture. Anyway you'll believe what you want to believe
And yet you won't post what you've discovered.
Nice reading skills, i haven't made the thread. Though I made one several months ago, with screenshots, and people where simply like "well why haven't you opened an issue?"
That's because i don't keep months old screenshots. I'm not installing that crap again and i don't have an android VM to use. Just use a sniffer while you search for an app on yalp store, since you probably have it installed
Lol this would be huge news through the android and security communities, literally report it to a news source and it will be everywhere once they confirm it
>has evidence that a popular OSS app is compromised
>deletes it
>No guize, I has proofz!!!
>you can't see it tho cuz I deletez it!!
you're a fucking FUD spreading faggot, hang ypurself you fucking glow worm
I didn't have evidence that it is compromised, i had evidence that it was "botnet" in the wider sense
>is given a simple, 5 minutes way to check if certain claims are real or not
>keeps demanding it is someone else to provide proof
oh fuck off, burden of proof is on the one who makes the claim
I explained why i can no longer provide proof, if you were really interested in knowing the truth you would have done a network capture. I'm out of this thread, if you don't check the traffic of every app that you let connect to the internet after install you deserve it anyway
good, don'tlet the door hit you on the way out
take this and leave
Turns out i still had the capture saved! This is me searching "moto" in yalp store, and yalp store broadcasting it in plain text for the public
Holy fuck.
I fucking knew there was something wrong with all these foss-appstores.
>sending get request with the keyword for your search
erm, did you expect the search to be done without internet or something?
Oh noes! Motocross!!!1!!!1!!11!!11!
We've been pwned guise.
PROTIP: Yalp Store has to connect to their servers to get the key for the fake session.
samefag
Whatever you say, it poses a serious threat to privacy by letting everyone know what you searched so it classifies as "botnet" in the wider sense
Try again
you've learned to turn disconnect from wifi to samefag properly, good for you
nice shoppe
In what sense? It operates fake sessions with fake device identity.
github.com
Read this.
holy shit you are fucking retarded.
of course this makes a request to Google to get search results.
so this is your """botnet""" evidence?
this is the relevant code btw.
github.com
also it is not plaintext.
you are the worst kind of retarded, spewing shit you have no clue about
One pajeet angry that other pajeet made an app, calls him Russian. More news at 12.
Kek what a time to be alive.
Go suck each other faggots
In the sense that as i captured that traffic, anyone on my same wifi network could have captured it as well and know what i'm searching. I'd rather use something like apkpure that uses https
It throws your privacy in the trash so yeah, that is my evidence. I remind you i'm not OP btw
Then howcome i can read it? When i capture https traffic it's just noise
if you're not baiting i'm sorry that you're this stupid
probably because whatever app you are using is exchanging the https certs.
>It throws your privacy in the trash so yeah, that is my evidence. I remind you i'm not OP btw
Searching for Apps in the Play Store sends data to Google.
More news at 11
No, with other apps i get unreadable traffic, see pic related
>Searching for Apps in the Play Store sends data to Google.
Yeah, and searching for apps in the yalp store sends data to sniffers. While using something like apkpure sends it to neither
Forgot pic
>sniffers
if you don't trust your fucking network, man, use Tor or a VPN. Someone will always know what you're doing.
please post the name of your sniffer app.
Also, if the app you are trying this with is this conversations.im
>Yeah, and searching for apps in the yalp store sends data to sniffers
Google != sniffer, by using yalp store you know that data is sent to Google.
So basically i should never use wifi if i'm not at home?
"Packet capture"
Conversations does use https, sometimes. Anyway pic related is a firefox capture, using an https website
>Google != sniffer, by using yalp store you know that data is sent to Google.
So what?
why are these threads allowed? It's blatant misinformation with no source and the "proof" OP posted means literally nothing. All he is doing is spreading FUD about a legitimately good app.
He's also been obsessively spamming the same stupid thread over and over again everyday.
Pajeet is persistent since Kumar from his village made successful app and he didn't. Kumar will get the poon and he will bring disgrace to his family.
Then why it doesn't work with other apps?
I'm not op you fucking retard, why can't you read? Op hasn't posted any proof
Also pretty retarded question, these threads are allowed because otherwise who would judge what "misinformation" is? There would be a risk of censorship, so anything that isn't clearly against the rules should stay, despite how much you dislike it
>what is cert pinning
>Then why it doesn't work with other apps?
this -> also Firefox is special because it doesn't use the systems certificate store but has its own (at least on desktop).
bump
This thread is hillarious
You retarded dicksucker kiddo . Get off this fucking board and play with TETRIS instead.
It is a fucking miracle that you have learned to use your Telephone.
go make your screenfetch threads fucking lammer
sir you are racist!
Literally Yalp Store reskinned
Literally retarded
Mods love poojet shitposting, they're the kind of people who click the malware ads