this post was submitted on 27 Jun 2024
858 points (97.5% liked)

Technology

59374 readers
7261 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 24 points 4 months ago* (last edited 4 months ago) (2 children)

Comments here: “Yeah right, I’ll believe it when they explain how.”

Article: literally has a section explaining how

Edit:

Replies: "Yeah, but that's just a summary. I'll believe it when they explain in full detail."

Article: literally has a link to the detailed explanation

[–] [email protected] 14 points 4 months ago* (last edited 4 months ago) (1 children)

The claim is they completely bypass all Android and iOS security is pretty unbelievable.

If so then the real discussion is how these zero day exploits are just sitting around.

EDIT: It seems the focus is on Android but all the information is nonsensical, like AI generated buzzword bingo.

[–] [email protected] 5 points 4 months ago (1 children)
[–] [email protected] 5 points 4 months ago* (last edited 4 months ago)

That source looks better indeed.

Ars quotes nonsense like “bypasses the security” and “exploit the user”.

Those terms have meaning and they aren’t applicable here.

At the end though they do say things like

is able to hack your phone from the moment you install the app

Without any credible evidence.

[–] [email protected] 8 points 4 months ago (1 children)

It states that it’s somehow breaking the permissions sandbox by dynamically recompiling code after the app is opened. Unless there is some undisclosed exploit that it’s using to break the sandbox, it’s outside most people’s understanding of how these platforms work

[–] [email protected] 1 points 4 months ago (1 children)

It only explains how it would pass (automatic) reviews. Not how it would bypass the sandbox. So yeah, you're right, not enough info sadly.

[–] [email protected] 4 points 4 months ago

Someone else posted this report in this thread which does a good job of the deceptive practices and API calls the app uses to trick the user into giving permissions up willingly and otherwise collect data it shouldn’t.