1. Hi @UIDAI and @KhoslaLabs
! Let me show you why it's not a good idea to keep a "debug feature" in the #Aadhaar #Android app you released
-
-
5. To enable the logging you just have to: - unpack the
#Aadhaar#Android app with#apktool - change v1 to v0 in one line - repack the app with apktool - resign the apppic.twitter.com/wV5mcgHF6w
Show this thread -
6. Install the app, login and voila! You can find the log file in /sdcard/mAadhaar/pic.twitter.com/J20Q7yd7Gv
Show this thread -
7. If an attacker repack the app with the logging activated and distribute it, all your
#Aadhaar data will be available on the sdcard in clear. After that, it super easy for the attacker to upload this log file to his server.Show this thread -
8. So
@UIDAI and@KhoslaLabs, can you ask to your interns...sorry I meant: can you ask to your developers to remove this "debug feature" of the APK?Show this thread - End of conversation
New conversation -
-
-
Damn! Good job!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Would this leak out biometric data? Because that would fly right in the face of their claims that biometric data is secure.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.