When the alarm is triggered, it will send the @WikoMobile user IMEI, client number, GSM cell location, serial number, build version in clear text to http://eservice.tinno.com ...Every month!pic.twitter.com/lZDCzI7Ntj
French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
When the alarm is triggered, it will send the @WikoMobile user IMEI, client number, GSM cell location, serial number, build version in clear text to http://eservice.tinno.com ...Every month!pic.twitter.com/lZDCzI7Ntj
Moreover, when you boot your @WikoMobile device, the SaleTrackerBootReceiver of ApeSaleTracker (aka STS) start under certain conditions the SaleTrackerService.pic.twitter.com/ASOo0V8QaL
As the StsMonthsService, the SaleTrackerService register receivers to STS_REFRESH, ACTION_SMS_SEND, ACTION_SMS_DELIVERED, AIRPLANE_MODE and CONNECTIVITY_CHANGE.pic.twitter.com/J7b9UkIkNH
Depending the network availability this app will send @WikoMobile user IMEI, client number, product number, serial number, build version by HTTP or SMS.pic.twitter.com/owxHW41sIe
Yes, you heard me, it will send you device info by SMS to a number located in Shenzhenpic.twitter.com/i2SddaM5Hv
This app contain a basic warning activity which doesn't seems to be used. Even, if it is used, when you press the OK button nothing happen. So, there is no way to disable this data collection...pic.twitter.com/LlEwNn8TAz
You will not see this screen, when you press the back button or the app switch button, they add a filter in the Android framework (in PhoneWindowManager) to not show you this app.pic.twitter.com/y2J7lCDMf0
If you want to play with it and change the request parameters you can access the SaleTrackerActivity by typing *#*#2374#*#* in the dialerpic.twitter.com/EdIMwZAMuE
Let's summarise:
1. @WikoMobile and Tinno is collecting your device info without user consent
2. As an end user you have no way to disable it.
3. They send SMS to China with your data without user consent
4. They send your data in clear text
Wiko told me that they do not send the GSM cell location data and that they don't use SMS. They use HTTP, but encrypt the data before sending (with RSA). No user or usage data is ever sent, according to Wiko. What do you think about?
This is a big lie and I have the decompiled source code of these apps to prove it
Please check the decompiled source by yourself or by technical expert. @WikoMobile can answer what they want, they can't go against the code they wrote https://github.com/fs0c131y/ApeSaleTracker …
1. The RSA part is true. They encrypt the message content with an hardcoded key 2 . The SMS is used as a backup method. 3. They send the GSM Cell Location in ApeStsMonths https://github.com/fs0c131y/ApeStsMonths …
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.