1. Hi @UIDAI and @KhoslaLabs
! Let me show you why it's not a good idea to keep a "debug feature" in the #Aadhaar #Android app you released
-
-
6. Install the app, login and voila! You can find the log file in /sdcard/mAadhaar/pic.twitter.com/J20Q7yd7Gv
Show this thread -
7. If an attacker repack the app with the logging activated and distribute it, all your
#Aadhaar data will be available on the sdcard in clear. After that, it super easy for the attacker to upload this log file to his server.Show this thread -
8. So
@UIDAI and@KhoslaLabs, can you ask to your interns...sorry I meant: can you ask to your developers to remove this "debug feature" of the APK?Show this thread - End of conversation
New conversation -
-
-
This is silly. If an attacker has the knowledge to recompile & redistribute, they'd have the knowledge to add their own logging code. Or, more usefully for them, add code to send secrets to their own server. It's also true for *any* app. What would you have them do?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Could you point out some good reads or forum links (apart from XDA) to understand and modify smali code which have been useful to you.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.