Contrary to the common code between the two files which is not obfuscated, the additional package called metadata is heavily obfuscatedpic.twitter.com/yjawfCHCtO
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Contrary to the common code between the two files which is not obfuscated, the additional package called metadata is heavily obfuscatedpic.twitter.com/yjawfCHCtO
This Fraud Tools is part of the Braintree SDK which is open source on Github: https://github.com/braintree/braintree_android …
I was not able to find the source code of this hidden metadata package. Did I miss something or @Paypal is hiding some here?
You can find the documentation here: https://developers.braintreepayments.com/guides/advanced-fraud-tools/client-side/android/v2 … The customer's device collected data by this lib is not described at all.
This package is sending a lot of personal informations like: location, locale, ip, device uptime, ssid, total storage space,...pic.twitter.com/smXELIN4M0
So @Paypal if you don't mind can I ask two questions?
Why this "metadata" package is hidden and not open source like the rest of your SDK?
Come on! Is personal data means something for you? Why do you need so much infos?
cc @troyhunt which published an article on the subject 2 years ago (thanks @virqdroid for the link)
there is like 0 competent fraud protecting in that sdk btw. We had to implement our own methods of fraud protection, including just not taking credit cards on sprint devices (source of most of our fraud)
tried for years to work with PP on it, notta, even tracked down devs responsible for SDK code, they didnt want to talk.
They may be ashamed to have coded this kind of thing...
yeah, and once you have a stable implementation, dont you dare try to update it lol.
yeah, at this point, ive been patching the SDK in various ways myself for 3yr. I'm actually unaware of anyone else currently using it at any scale due to Playstore rules, its nasty
That's unacceptable. Wasn't expecting something like this from @PayPal
i dont think anyone is really using it, Google Play rules pretty much killed it
Elliot is The Content Cop In The World of Android
Good work Elliot!
Does this mean PayPal is totally insecure? I have a PP account. Luckily, I never used it till now.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.