All these files are used in a obfuscated package which seems to be an #Android library from teddymobile
-
Show this thread
-
TeddyMobile is a Chinese company, they worked with a lot of manufacturers including
@oppo. http://teddymobile.cn pic.twitter.com/A4SOJeqBw2
6 replies 55 retweets 105 likesShow this thread -
As far as I understand, teddymobile is making number identification in SMS The picture below can be translated like this: - Total number of SMS 20M+ - SMS identification accuracy 100% - Identification number recognition rate of 70% - recognition accuracy of 95%pic.twitter.com/KdQV4Zj1Xc
5 replies 42 retweets 83 likesShow this thread -
According to the code
@OnePlus is sending your IMEI and the phone manufacturer to a Chinese server owned by teddymobile
pic.twitter.com/Au0u1sdpNi
15 replies 442 retweets 398 likesShow this thread -
In the TeddyMobile's package com.ted, they have a class called SysInfoUtil. This class contains the following methods: - getAndroidID - getCPUSerial - getDeviceId - getHardwareSerialNumber - getIMEI - getIPAddress - getMacAddress - getPhoneNumbe - getScreenPixelspic.twitter.com/9A8UhsOXae
3 replies 55 retweets 121 likesShow this thread -
Except getIPAddress and getScreenPixels, all the other methods are used. They also send JSON messages to their servers with a "telephone" and "messageText" fields...
pic.twitter.com/vuteISH0Tj
3 replies 56 retweets 131 likesShow this thread -
This is a good reminder...Please don't copy paste your bank account number...TeddyMobile has a dedicated method to recognize a bank account...
pic.twitter.com/U21J2jrXcN
18 replies 321 retweets 413 likesShow this thread -
I uploaded the
@OnePlus#clipboard APK on@koodous_project https://koodous.com/apks/2f8a01035e0409d1a44c5d658bac0ba4e900df6f017556ce07b33a6c5c9ffa99 …4 replies 25 retweets 89 likesShow this thread -
I didn't manage to trigger the network communications to the teddymobile servers but I will continue later. Moreover, I have other ideas in mind regarding this app
11 replies 15 retweets 145 likesShow this thread -
After deeper investigation only a small part of the tedmobile sdk is used. In the ClipboardManager, in the verifyExpress method they used the method parserOnline. https://twitter.com/fs0c131y/status/956945666898628608 …pic.twitter.com/RckQB4JVf3
1 reply 9 retweets 43 likesShow this thread
This parserOnline will send what you have in your clipboard to a teddymobile server in order to parse it. It important to say that this method is used only for Chinese users.pic.twitter.com/qrPuKSqdc6
-
-
So we can definitively say that clipboard data of
@OnePlus Chinese users is send to teddymobile servers without their consent.5 replies 67 retweets 96 likesShow this thread -
The conditions to send your data to teddymobile server are: - clip data is not numeric - not an email - Chinese
@OnePlus phone - clipboard data matched the express pattern. It good to say that parserOnline method is used 3 times in the code, so this is only 1 of the 3 usecasespic.twitter.com/Rp9HvZTF48
3 replies 36 retweets 61 likesShow this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.