1. Hi @UIDAI and @KhoslaLabs
! Let me show you how to bypass the protection mechanism you set up and run the #Aadhaar #Android app on a rooted phone.
-
-
Even if that's true, it's not a problem unique to Aadhaar. Anyone can recompile any app. Anyone can 'hack' a website w liberal use of chromebug. I dont think 'someone could change the code' is a legitimate security flaw (as long as APIs are secure & dont implicitly trust clients)
-
Reverse patching an App is a big problem under certain conditions, particularly if the back end trusts *that the app* is not patched. I will say no more except that a reflexive response of "it is not a problem" and "everyone has the same problem" is a hopeless security posture.
-
To understand why it is a problem, start thinking about, why installing mAadhaar on a rooted phone is a problem and how *many non-tech folks* even can tell the difference between a rooted phone and non-rooted phone. On twitter saying anything more is not an option. #
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
If the flag isEmulator is set to true, the method will always return false and you bypass the root check