1. Hi @UIDAI and @KhoslaLabs
! Let me show you how to bypass the protection mechanism you set up and run the #Aadhaar #Android app on a rooted phone.
-
-
Someone who recompiles the app so it can run on their rooted device is only hacking themselves. Unless you are talking about someone redistributing such an apk - but that would be the same risk with any app. Would your suggestion be to send the apk sig with API reqs?
-
No, you are wrong on this point, you can hack an entire service, access other user data for example, by recompiling an app
-
Even if that's true, it's not a problem unique to Aadhaar. Anyone can recompile any app. Anyone can 'hack' a website w liberal use of chromebug. I dont think 'someone could change the code' is a legitimate security flaw (as long as APIs are secure & dont implicitly trust clients)
- 2 more replies
New conversation -
-
-
There is no reason to keep 1.2 billion people's fates hanging in balance from very real risk of non-basic attack.There is no need for Aadhaar. It is just a (((
@CIA@RoyalFamily))) weapon to ruin India by slavery, exploitation & cyberwar.#DestroyTheAadhaarhttps://twitter.com/fs0c131y/status/951781385500610560 …Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
If the flag isEmulator is set to true, the method will always return false and you bypass the root check