Hacker. Fight disinformation at Predicta Lab. Not completely schizophrenic. Not related to USANetwork. For business inquiries my email is below
This badword.txt is duplicated in a zip file called pattern. This archive contains 7 files: - badword.txt - brackets.txt - end.txt - follow.txt - key.txt - start.txtpic.twitter.com/pqJgdGJyuj
Show this thread
The @OnePlus #clipboard app contains a strange file called badword.txt 
In these words, we can find: Chairman, Vice President, Deputy Director, Associate Professor, Deputy Heads, General, Private Message, shipping, Address, email, ...
https://pastebin.com/kfvJWKJB pic.twitter.com/3dCh0joVkH
-
-
-
All these files are used in a obfuscated package which seems to be an
#Android library from teddymobileShow this thread -
TeddyMobile is a Chinese company, they worked with a lot of manufacturers including
@oppo. http://teddymobile.cn pic.twitter.com/A4SOJeqBw2
Show this thread -
As far as I understand, teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%pic.twitter.com/KdQV4Zj1Xc
Show this thread -
According to the code
@OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
pic.twitter.com/Au0u1sdpNi
Show this thread -
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods: - getAndroidID - getCPUSerial - getDeviceId - getHardwareSerialNumber - getIMEI - getIPAddress - getMacAddress - getPhoneNumbe - getScreenPixelspic.twitter.com/9A8UhsOXae
Show this thread -
Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
pic.twitter.com/vuteISH0Tj
Show this thread -
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
pic.twitter.com/U21J2jrXcN
Show this thread -
I uploaded the
@OnePlus#clipboard APK on@koodous_project https://koodous.com/apks/2f8a01035e0409d1a44c5d658bac0ba4e900df6f017556ce07b33a6c5c9ffa99 …Show this thread -
I didn't manage to trigger the network communications to the teddymobile servers but I will continue later. Moreover, I have other ideas in mind regarding this app
Show this thread -
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline. https://twitter.com/fs0c131y/status/956945666898628608 …pic.twitter.com/RckQB4JVf3
Show this thread -
This parserOnline will send what you have in your clipboard to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.pic.twitter.com/qrPuKSqdc6
Show this thread -
So we can definitively say that clipboard data of
@OnePlus Chinese users is send to teddymobile servers without their consent.Show this thread -
The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese
@OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 usecasespic.twitter.com/Rp9HvZTF48
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.