Develop Bugs

Windows Phone 7 DRM for Apps Cracked with Proof of Concept Program [Video]!

Security is an important aspect of anything that gets used by anyone, at any given moment around the world. For developers of applications that get purchased through a digital storefront, like Microsoft’s Windows Phone 7 Marketplace, making sure that it’s not easy, next to impossible in fact, to steal apps and put them on a device free-of-charge is just as important. But, as WPCentral reports, it looks like the Digital Rights Management (DRM) security tools set in place by Microsoft have been cracked!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Fortunately, though, the program that is being used to do so is not known to the general public. In point of fact, the “white hat” developer that created it is just showing it as a proof of concept. If the program were to make it out into the world, then it would be possible for some people out there to strip the DRM from applications available in the Windows Phone 7 Marketplace, and then download them for free.
As of the time of this writing, Microsoft hasn’t made an official comment regarding the security hole. WPCentral has been in contact with Brandon Watson from Microsoft, but so far they have not heard back from him. The video demonstrating the proof of concept program making short work of DRM for the Windows Phone 7 applications can be viewed below.
www.youtube.com/watch?v=flqB9WCkGiQ

The depressing thing is it's so disturbingly easy. I stumbled on it getting HTC Apps to work on my Samsung, and it's far too easy. I think it'll probably be a matter of time before piracy becomes public on WP7, so to speak.
And for any doubters as to whether it is genuine (seen a few in my travels) - It works. A paid-for, commercial application running in the Windows Phone 7 emulator, after being deployed from a cracked XAP.
Still, it's good to see that WP7 seems to attract the sort of user that isn't a rabid pirate. Despite the ground being laid for some time, and despite people having independently developed methods of piracy, No-one has yet put such information into the public domain, seeking a way of solving the problems, rather than exploiting them.

Microsoft have made an official comment, by email to every developer, on the 16th November, titled "Windows Phone 7 App Protection". It included a white paper on the topic which pretty much said it was easy to steal apps but was a limited risk because of a developer unlocked phone is needed, a limit to how many side loaded apps, basically a couple of steps which would turn off the casual pirate.
I suppose what's new here is a simple one click tool that exploits MS's oversight in this statement: "all signed applications on an unlocked phone still require a license acquired through Marketplace to run". Basically they didn't realise that if you strip the signature, no license is required.
Another thing is they shouldn't have made paid apps on unsecured URLs, they should have put more effort into a secure download system like Apple or pretty much anyone else has.
I guess the main problem, that was a fatal flaw in the design of the platform, is they don't allow native apps only .NET apps, which means almost every single app available can easily be decompiled back to source form. It's a much bigger problem if other developers can steal your code than a few users stealing your app. It's for this reason WP7 can't be taken seriously as a development platform. Oh also it means 3rd party apps launch too slow compared to the built in ones, 1 minute to launch Tetris what a joke.

If you could somehow exclude the paid apps from this "FreeMarketplace" it would be really helpful for people who live in countries where the marketplace isn't as good content wise as in the usa.
That way everyone could download those free apps without the region problems.
These are just my thoughts on this. I'm not a developer or anything so I don't really know if this is actually possible without hurting the developers in any way.

indiekiduk said:
Microsoft have made an official comment, by email to every developer, on the 16th November, titled "Windows Phone 7 App Protection". It included a white paper on the topic which pretty much said it was easy to steal apps but was a limited risk because of a developer unlocked phone is needed, a limit to how many side loaded apps, basically a couple of steps which would turn off the casual pirate.
I suppose what's new here is a simple one click tool that exploits MS's oversight in this statement: "all signed applications on an unlocked phone still require a license acquired through Marketplace to run". Basically they didn't realise that if you strip the signature, no license is required.
Another thing is they shouldn't have made paid apps on unsecured URLs, they should have put more effort into a secure download system like Apple or pretty much anyone else has.
I guess the main problem, that was a fatal flaw in the design of the platform, is they don't allow native apps only .NET apps, which means almost every single app available can easily be decompiled back to source form. It's a much bigger problem if other developers can steal your code than a few users stealing your app. It's for this reason WP7 can't be taken seriously as a development platform. Oh also it means 3rd party apps launch too slow compared to the built in ones, 1 minute to launch Tetris what a joke.
Click to expand...
Click to collapse
You still need a dev unlocked device to sideload the cracked apps. Chevron7 doesn't really do the job as the phone relocks itself every week? which gets a bit annoying and might put people off, and also delete all the sideloaded apps with it. Imagine that, all your save games, app settings and history being reset every week.
Unless someone improves on Chevron7 I don't think piracy is much of a danger.

thats a great revolution, wp is now jailbreaked )) have funnn

digger1985 said:
You still need a dev unlocked device to sideload the cracked apps. Chevron7 doesn't really do the job as the phone relocks itself every week? which gets a bit annoying and might put people off, and also delete all the sideloaded apps with it. Imagine that, all your save games, app settings and history being reset every week.
Unless someone improves on Chevron7 I don't think piracy is much of a danger.
Click to expand...
Click to collapse
If it relocks, it doesn't delete any sideloaded apps, it just prompts you to uninstall when you attempt to run them (though you can escape from the prompt of course). Also, you can avoid it relocking by putting the phone in Flight Mode before syncing.

hounsell said:
I stumbled on it getting HTC Apps to work on my Samsung, and it's far too easy.
Click to expand...
Click to collapse
THAT is very useful. Sharing HTC, LG and Samsung oem apps across platforms should be allowed.

hounsell said:
If it relocks, it doesn't delete any sideloaded apps, it just prompts you to uninstall when you attempt to run them (though you can escape from the prompt of course). Also, you can avoid it relocking by putting the phone in Flight Mode before syncing.
Click to expand...
Click to collapse
Any chance of sharing the (Free) HTC Youtube app? That's the only I desire desperately.

This "proof of concept" shows only one thing (according to youtube video) - guys intercepted search requests from Zune, parse the responce and make a simple app to duplicate Zune's functionality. Anyone who can spend 30 minutes to WireShark and couple hours for coding can do the same app (actually, I've already posted a direct URL's to the marketplace apps on this forum).
As far as I understand, that's it, nothing more. No DRM crack, no "apps cracked", no "security hole" - just nothing!
As for .NET apps vulnerability: does anybody here have an experience to disassemble and compile back a really complicated and large application, obfuscated by the latest commercial version of Dotfuscator (actually, the wp7 devs can obtain it for free until March 2011)? I've tried once (of course I'm not a "some hat - white or black, just a pro developer)... Results are negative. In theory it's possible but... We saw a lot (no, A LOT!) of commercial native apps for win32, mac etc. successfully cracked and hacked. Just visit any pirate tracker for proof. So, it's not a "big .NET problem".

digger1985 said:
Any chance of sharing the (Free) HTC Youtube app? That's the only I desire desperately.
Click to expand...
Click to collapse
Without real hack (hacking license verification etc.) it's not possible. Simple downloader described here as "WP7 ultimate crack" can't help. If you want you may search my posts here, I've already posted direct link to HTC's youtube xap...

I think it's real.
Another guy also did the same
http://forums.create.msdn.com/forums/t/70704.aspx
He cracked an app on request and loaded into the emulator.

sensboston said:
Without real hack (hacking license verification etc.) it's not possible. Simple downloader described here as "WP7 ultimate crack" can't help. If you want you may search my posts here, I've already posted direct link to HTC's youtube xap...
Click to expand...
Click to collapse
I believe Hounsell managed to run the HTC stocks app on a Samsung
http://www.neowin.net/news/htc-wp7-app-ported-to-other-wp7-hardware

digger1985 said:
I think it's real
Click to expand...
Click to collapse
Real what? Read my post above... If someone "hacked" non-obfuscated small application by removing or blocking IsTrial() requests, it's not a real hack.
Ask this guy to "hack" NeedForSpeed Undercover ;-)

sensboston said:
As for .NET apps vulnerability: does anybody here have an experience to disassemble and compile back a really complicated and large application, obfuscated by the latest commercial version of Dotfuscator (actually, the wp7 devs can obtain it for free until March 2011)? I've tried once (of course I'm not a "some hat - white or black, just a pro developer)... Results are negative. In theory it's possible but... We saw a lot (no, A LOT!) of commercial native apps for win32, mac etc. successfully cracked and hacked. Just visit any pirate tracker for proof. So, it's not a "big .NET problem".
Click to expand...
Click to collapse
You didn't see any source code for commercial native apps because there are no automatic tools that do it, but you can see source code for all WP7 apps, using a free utility called Reflector. You choose the app, and it generates a visual studio project containing the code, simple as that.
In my experience developers don't readily use .NET obfuscators because they generally introduce instability which leads to increased development time.

indiekiduk said:
You didn't see any source code for commercial native apps because there are no automatic tools that do it, but you can see source code for all WP7 apps, using a free utility called Reflector.
Click to expand...
Click to collapse
Huh? HexRays has an ARM decompiler which can produce readable C. It is possible to get back to similar to the source equivalent (with a lot of manual tweaking). If MS used a strong packer on the native code then it would make reversing it much harder/time consuming. At the end of the day it still needs to execute.

I've used .NET Reflector for years (and I do have another one, for Java/.NET written by my friend - sorry, can't announce it here).
My question is: have you ever tried to disassemble and re-assemble big, obfuscated application? Or you just theorizing? I did, and it's very complicated/not possible (at least by using Reflector tool only). This method is good for small non-obfuscated application only.
For the topic: here is my "proof of concept"
- use this url to browse Zune market for apps:
http://catalog.zune.net/v3.2/en-US/apps?q=Ebook Reader&clientType=WinMobile 7.0&store=zest
replace Ebook%20Reader to any your search term, don't exactly know about "store" field and en-US. You'll get an XML in response with found apps info.
To get an app full download url, I believe, you'll need some additional requests but I don't have time (and interest!) now to play with Wireshark and track Zune's and WP marketplace requests...

sensboston said:
This "proof of concept" shows only one thing (according to youtube video) - guys intercepted search requests from Zune, parse the responce and make a simple app to duplicate Zune's functionality. Anyone who can spend 30 minutes to WireShark and couple hours for coding can do the same app (actually, I've already posted a direct URL's to the marketplace apps on this forum)
As for .NET apps vulnerability: does anybody here have an experience to disassemble and compile back a really complicated and large application, obfuscated by the latest commercial version of Dotfuscator (actually, the wp7 devs can obtain it for free until March 2011)? I've tried once (of course I'm not a "some hat - white or black, just a pro developer)... Results are negative.
Click to expand...
Click to collapse
Really? You should be able to decompile it and recomplie it with Reflector though, right? Even if the actual meaning of the code is hard to deduce after that point.....The CIL is stack-based, so you should be able to break it up into functions if nothing else.....
sensboston said:
This "proof of concept" shows only one thing (according to youtube video) - guys intercepted search requests from Zune, parse the responce and make a simple app to duplicate Zune's functionality. Anyone who can spend 30 minutes to WireShark and couple hours for coding can do the same app (actually, I've already posted a direct URL's to the marketplace apps on this forum)
Click to expand...
Click to collapse
Ya, this guy is lame. Let's ignore him and get back to work getting real stuff done.

n0psl3d said:
It is possible to get back to similar to the source equivalent (with a lot of manual tweaking) ... At the end of the day it still needs to execute.
Click to expand...
Click to collapse
This ^^
Reflector is great, but it's not a one-stop-recompile-shop. It still takes a massive amount of restructuring to get even an un-obfuscated application back together.
Also, WP7 business logic is almost always in the cloud. For 90% of applications, XAPs are basically just UIs - especially with the intense restrictions imposed on development right now.

digger1985 said:
Any chance of sharing the (Free) HTC Youtube app? That's the only I desire desperately.
Click to expand...
Click to collapse
I've got it running, but it doesn't function at the moment because HTC decided to use their own native functions tied to their driver, rather than the inbuilt .NET classes. All the network requests the app makes fails. Thinking of possible ways round this, but it would probably end up being so much work, it might just be quicker to create a clone.
Blade0rz said:
This ^^
Reflector is great, but it's not a one-stop-recompile-shop. It still takes a massive amount of restructuring to get even an un-obfuscated application back together.
Also, WP7 business logic is almost always in the cloud. For 90% of applications, XAPs are basically just UIs - especially with the intense restrictions imposed on development right now.
Click to expand...
Click to collapse
This. Reverse-engineering, and even modifying an existing app is one thing in Reflector, but copy/pasting code will never work in large quantities, it's just not that accurate in my experience. So sure, your tips and tricks might not be safe, but your app as a whole isn't going to be just duplicated and reuploaded to the marketplace.
Of course, "cracked" for piracy is a whole other matter.

Potential Security Issue with S-Memo and JB

I was poking around my GS3 today (ATT version but running the Sprint Official JB release LJ7) and I found something pretty shocking. I was poking around the S-memo databases when I opened a table using SQLIte editior. When I opened the table I was shocked to see my Google account username and password in clear plain text. Now, I did have the option to sync to Google drive and the app did prompt for my google username and password so obviously it stores it somewhere. I was just shocked to see it stored in plain text and not encrypted.
I know someone who checked his ATT GS3 running ICS and he did not have these entries in his DB which makes me think it's a JB thing.
To check you need to be rooted and have SQLite editor installed.
Steps to check
1. Set up S-Memo to sync with your Google account
2. Use SQLite editor and navigate to /data/data/com.sec.android.provider.smemo/databases
3. Open the Pen_memo.db file and select the CommonSettings table. Look to see if your Google account info is stored in plain text.
This could potentially be a serious issue. If people running JB on their GS3 can check this that would be awesome. Someone already checked the latest ICS build for the ATT variant but if others on ICS or with a different variant can check that would be great. I will get to check my GF's I-9300 running JB tomorrow when I see her.
Also I'm not sure how app permissions work on android, meaning if one app could access the data/database of another app(without root, because obviously with root another app can, in this case SQLite opened the file). Since the DB is in the /data partition and the permissions are r/w by default I'm thinking it wouldn't be difficult for a malicious non root app to access this database and query it for the information unless there is something built into android that wont allow that.
I have attached a SS of what my table looked like. Obviously I blacked out my PW and also the Google auth ID
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.

ViViDboarder said:
Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.
Click to expand...
Click to collapse
Ahh OK. Yeah I wasn't sure if another app would be able or not. Ive never not been rooted so I wasnt 100% sure about that. So I guess this issue would just concern root users. I still think though the data should have been encrypted before the record was inserted. It did kinda freak me out to open that table and see my google password staring at me.

I don't use S-Memo much but thanks for the heads up.

ViViDboarder said:
Actually, while /data is available for you to browse, that is because you have root. It's RW but only within the packages that each app is sandboxed. If you disable root you will not be able to view that database.
It is possible for the same developer to access the /data files of another one of their apps if they use the same namespace.
So, while this is indeed a risk, it would not be trivial for another app to gain access without asking for root or cracking root itself.
Click to expand...
Click to collapse
There are on Play and on the net "free apps" which needs root access to work. Once you grant access to any of them those can get your info and sent it to anyplace.
Sent from my O=O

csmasn said:
There are on Play and on the net "free apps" which needs root access to work. Once you grant access to any of them those can get your info and sent it to anyplace.
Sent from my O=O
Click to expand...
Click to collapse
Agreed but that is why you should be checking carefully what root apps are doing. Also not just willy-nilly granting Superuser permissions. Half of XDA would be at risk cause they see the SuperUser popup and most of the time just press grant not ever thinking 'What does that mean?' yes they want to test an app, but FFS check what it wants to do. That is the screen that pops up (another one people ignore - yes I am guilty of it my self sometimes thinking nothing has changed between one version to the next) just as you are installing the app. If it is wanting to do things in areas you don't want it to be then don't install it and confront the developer about it.
In this case you can't really confront Samsung devs about this, but the thing is we know what it is for, and secondly your not installing it comes pre-installed. But you get my point. I doubt that the Samsung devs have malicious intensions, where as other developers that your are granting SuperUser permissions to...who knows?

Yikes! Good news, this is not as bad as it seems. The data is not accessible without root.
Once an app has root, it is all over. You have to trust the app to use it wisely (trust me a lot of root apps are unsafe). With this kind of issue, it is probably safer to notify the OEM before publishing, allowing them time to fix it. This is exactly why I am not one to run root apps without a review of them myself.
I took the liberty to forward this on to those that can get it fixed. Nice find.

This should probably use a token-based authentication system, rather than the ACTUAL google account username and password...
Still not brilliant for security, but at least it's not your ACTUAL password in plaintext...

Jarmezrocks said:
Agreed but that is why you should be checking carefully what root apps are doing. Also not just willy-nilly granting Superuser permissions. Half of XDA would be at risk cause they see the SuperUser popup and most of the time just press grant not ever thinking 'What does that mean?' yes they want to test an app, but FFS check what it wants to do. That is the screen that pops up (another one people ignore - yes I am guilty of it my self sometimes thinking nothing has changed between one version to the next) just as you are installing the app. If it is wanting to do things in areas you don't want it to be then don't install it and confront the developer about it.
In this case you can't really confront Samsung devs about this, but the thing is we know what it is for, and secondly your not installing it comes pre-installed. But you get my point. I doubt that the Samsung devs have malicious intensions, where as other developers that your are granting SuperUser permissions to...who knows?
Click to expand...
Click to collapse
Agreed with you.
But about Google's Devs, because it's a Google's flaw. Encryption is old enough, so they can implement it.
Sent from my O=O

graffixnyc said:
I was just shocked to see it stored in plain text and not encrypted.
Click to expand...
Click to collapse
Suppose they were to encrypt it, where would they store the decryption key?

If somebody knowledgeable stole your GS3, and mounted it in Linux using adbfs, would make a bad situation worse, if they got your Google account login. Passwords in plaintext are bad in any case, I still don't trust either Android or iOS for really sensitive apps like banking.

Great job, samsung.
Why the heck you needed those creds anyway? Use tokens.

Checked mine (4.1.1 International version though), and these are the entries in my CommonSettings table...
IS_BOOT_COMPLETED
IS_MEDIA_MOUNTED
SAVED_PAPER
tutorial_view_state
_pref_list_type_before_tag
serialization_hashcode
serialization_canvas_mode
serialization_tag_mode
...nothing about my Google ID.

So I'm on cm10 tmous and don't use smemo... but I can confirm this issue is the same for com.android.email in databases in the email provider.db is a HostAuth.. and when I open that up sure as sh!t there is ALL my email accounts and listed PW in plain text... not secured... really jacked up its not just an s-memo issue..

da-pharoah said:
So I'm on cm10 tmous and don't use smemo... but I can confirm this issue is the same for com.android.email in databases in the email provider.db is a HostAuth.. and when I open that up sure as sh!t there is ALL my email accounts and listed PW in plain text... not secured... really jacked up its not just an s-memo issue..
Click to expand...
Click to collapse
I just pulled that up on mine too! Wtf!
Generating random authentication keys

Has anything been done about this or basically can anyone with any clue about phones easily get your goggle password if they nick your phone?

cybergaf said:
Has anything been done about this or basically can anyone with any clue about phones easily get your goggle password if they nick your phone?
Click to expand...
Click to collapse
Yea just uninstall s-memo. You really don't need it that bad. And if so use other notepad apps that have voice to text capability or use the aosp keyboard. Anything but s-memo
.:Sent from the Hellfire Galaxy of S & 3:.

da-pharoah said:
Yea just uninstall s-memo. You really don't need it that bad. And if so use other notepad apps that have voice to text capability or use the aosp keyboard. Anything but s-memo
.:Sent from the Hellfire Galaxy of S & 3:.
Click to expand...
Click to collapse
Ummm thought you said above you didn't use s-memo so it's not just an s-memo problem or am I reading it incorrectly?
I've also just checked s-memo and can only see an option for syncing to Samsung account not Google?

How to create a material ui app for my website??

Hello guys i want to create a material ui awesome app for my device can anyone tell me how to do it?? I had android studio sdk.. But don't know how to do please help me guys
Sent from my Micromax A94 using XDA Premium 4 mobile app

Hi,
do you have any development skill?
If not I suggest you start learning. Codecademy provides nice tutorials.
If you wanna stick to web technologies for your app I suggest these:
codecademy.com/tracks/javascript
codecademy.com/tracks/web
Then I recommend to build an app usign ionic framework (ionicframework.com).
Pretty easy to setup.
Once you are done setting it up you can apply materializecss.com for example. Gives you nice material design controls.

Reply: How to create a material ui app for my website??
I am a little confused. Are you wanting to make an Android app or a Web app with material design. If your thinking about design at this stage, I think you going at this backwards. The design depends on the functionality, but the functionality is what makes an app. But to answer both for Android and Web apps:
Android: Google basically gives you everything you need for a material design app. All you have to do in make the back-end and a lil front end work then you have yourself an app. I know its simpler said than done but here is my philosophy when working with something new or I am trying to learn: Don't Imitate! Understand! Programming requires a lot of mental energy and knowledge. I think tutorials today fall in the mindset of holding your hand too much and making you reach a product by the end of it with no knowledge of what you just did. And then you try stuff on your own then your like "Well where do I start?". You will save yourself a bunch of time by not just diving in and trying to make something big as your first app, but instead just take it little by little. Can you make an activity say "hello world"? Great now try to put a fragment in the activity with a list view that has many "hello worlds". Did you figure that out? Then try to make a pop up(toast) say hello world. Your going to have to start somewhere. I have no idea how skilled you are but most likely you either know how to program but are stumped or you just don't know how to program at all. Trust me buddy, I have been there. After learning Java at my University I thought well I could do it, but I was sadly mistaken. My professor taught us Swing when JavaFX came out long ago. UHG SO UGLY! So I just went back to Java and tried to understand Java as must as I could without going too deep into it. Then as I explained I made "hella" amounts of hello world programs. "Hello Worlds" that appeared in the notifications, "Hello Worlds" that were in a settings activity. I even made a lil app that popped up with "There is no spoon" then you can switch it in the settings to "Oh Theirs My Spoon!". You just gotta not do what most tutorials do and stop and think about what you wrote. You will go farther than you would ever imagine. :good:
Web App: Ok if you want to make a material design web app its pretty simple with the CSS framework called Materialize. It may take getting used to and you may have to edit your own CSS but its all there. Though I have no idea why you want to make an "Android App" for you website. Are you wanting to show a concept of the app? You seem a lil out of focus of what you want. I would watch this talk on youtube: Making Badass Developers - Kathy Sierra (Serious Pony) keynote. Its saved me from ultimately quitting programming as a whole. But the point is to just that you need to be honest with yourself on your own skills. If you feel stumped then its time to go back to some basics or maybe take it in a smaller steps. If you do this you will definitely be able to make your app.
Sorry I wish I could post links to the things I recommend but I am still new to these forums. Anyways I hope you read this and other beginners read this. Sorry if its tldr post. I just wanted to give some good advice.

You could use React and Material UI components.

flodev said:
Hi,
do you have any development skill?
If not I suggest you start learning. Codecademy provides nice tutorials.
If you wanna stick to web technologies for your app I suggest these:
codecademy.com/tracks/javascript
codecademy.com/tracks/web
Then I recommend to build an app usign ionic framework (ionicframework.com).
Pretty easy to setup.
Once you are done setting it up you can apply materializecss.com for example. Gives you nice material design controls.
Click to expand...
Click to collapse
No i don't have developing skill
Sent from my Micromax A94 using XDA Premium 4 mobile app

jackcarter3456 said:
If you are a beginner than the use of IDE is good like Android studio. Read some guides on Android app development, so that you can have a basic idea.
Once you clear all the basics, then start developing with simple UI. Don't go into deeply. When you successfully build the app with simple coding, then start with the next level.
For designing material UI, it is better to use Pre-made UI kits instead of designing the app from scratch. With these UI kits, you only need to customize the elements according to your need in the Photoshop or Illustrator, without giving too much efforts.
Click to expand...
Click to collapse
I created a app for my site... Can anyone help me in uploading it on play store?? I'll be glad if u do soo
Sent from my Micromax A94 using XDA Premium 4 mobile app

Vijay chandra said:
I created a app for my site... Can anyone help me in uploading it on play store?? I'll be glad if u do soo
Sent from my Micromax A94 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Why don't just upload it here? In xda? Will get better feedback here then play store. Besides, it will give bad impression to the account owner if users give bad rating to your app. XDA already provided a thread dedicated exactly for what you're trying to do. Use it.?

ionicmaterial , google this keyword, i think you can get demo in all web and mobile with this. Because I am a newbie, can't post link .

codinginthebigcity said:
ionicmaterial , google this keyword, i think you can get demo in all web and mobile with this. Because I am a newbie, can't post link .
Click to expand...
Click to collapse
Ionic Material is buggy and hasn't been updated for a while.
I would actually bite the bullet and try angular material.
Far superior support barring a quirk or two...

karandpr said:
Ionic Material is buggy and hasn't been updated for a while.
I would actually bite the bullet and try angular material.
Far superior support barring a quirk or two...
Click to expand...
Click to collapse
It is updated near: June 30, 2016
http://blog.ionic.io/ionic-2-beta-10-is-live/
I don't know about bugs because ionic 2 is beta, but UI is really good with 700 free icon:
http://ionicframework.com/docs/v2/components/

codinginthebigcity said:
It is updated near: June 30, 2016
http://blog.ionic.io/ionic-2-beta-10-is-live/
I don't know about bugs because ionic 2 is beta, but UI is really good with 700 free icon:
http://ionicframework.com/docs/v2/components/
Click to expand...
Click to collapse
http://ionicmaterial.com/
This is ionic material.
Truth to be told ,Ionic v2 is not ready for production and due to the Angular 2.x dependency it's wayyy different.
The difference between v1 and v2 is night and day.

With beta 10 of Ionic, we are closer to "ready for production".

A UI/UX guy will tell you about how to achieve that exactly but the way I look at it, you can achieve a similar thing by using a background(this has the vertical line )to the list view and the profile picture circles will be image views to which images are loaded dynamically. I am sure there is a much better way to do this but this is definitely one way you can try to do that

There are many guidelines on the web for to upload your apps on google play store. If you are going to do this with ionic you should check folder struture very carefully.

Hello friends,
I have an app of my own blog, one of my friend just made it, but this app is showing an note as shown in picture as Application Running in Demo mode,
Can someone please tell me, how can i remove this water mark, this water mark only visible on main screen....
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my HUAWEI VNS-L21 using Tapatalk

How to create a material ui app for my website..?
To be completely forthright, I think you got a major issue to utilize this stuff.
Firstly, it relies on upon Facebook's View system called React so you need to know well some essential things.
Secondly,React is absolutely a javascript stuff and on the off chance that you utilize it by coding plain javascript, that would be an other enormous issue which may stop you.otherwise in the event that you utilize it's sentence structure sugar called jsx, despite everything you have to pay a lot of times to learn well it with the goal that you could know how React function and afterward you could utilize it in your venture.
Thirdly, before the previously mentioned happen, there are still a few things required that you dont need to know well NodeJs or webpack or NPM yet at any rate you ought to know well how to utilize them as the straightforward apparatuses.
All in all, is it an absolute necessity that you have no other decision yet need to utilize this stuff and just act it as a basic css system?
If not! you can surrender now aside from you are prepared to learn huge amounts of conditions!!!
On the off chance that yes! I guidance you to introduce nodejs first and after that introduce npm and after that utilization npm to introduce respond perhaps despite everything you have to introduce a few devices like babel browserify or webpack(the best) and afterward plunge into React and after that you could start figuring out how to utilize MUI~ sounds...mass
There isnt a speedy pickup route for MUI simply like they said!

Material-UI is a set of React components in addition to being a CSS framework. I don't know if you can get much use out of it without understanding React.
The easiest way to get started is to install the examples and start from there.
If you don't want to deal with a front-end framework like React, and just want CSS and JS files with a setup time as quick as Bootstrap, check out the Materialize library.

xiaomi spying

just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html

meanwhile Google (Android OS), Apple, Amazon + basically any company which sells any item with a camera or microphone which connects to the internet
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

bluefender said:
just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html
Click to expand...
Click to collapse
I'm already aware of it not only xiaomi if you have FB installed it does so same for google apps or almost any apps, Im using some tool to monitor my network and im not even using my phone and I see that it's always exchanging data on the internet just to know that I didn't enable any cloud thing or any sync also I have put some Data on my phone when I was away from home and it went out so fast after I checked the apps that used it I found that almost 200 Mb of data is missing but it wasn't used by any app so there is an exchange but it's hidden, im thinking of using another rom and check

bluefender said:
just read this article, whats your opinion.
https://www.dailymail.co.uk/science...rowsing-data-millions-people-web-browser.html
Click to expand...
Click to collapse
that's why i tell people to use gappless custom roms ...
brownm121 said:
What about the apps described here https://realspyapps.com/phone-tracker/? How to protect your data from such spy apps? They can get all your data as I've understood. Is it possible to protect a phone from hacking and data theft?
Click to expand...
Click to collapse
don't give apps data permission
and restrict all from internet access
if you have an app that need both ensure it dosn't have trackers
if you still don't trust use riru storage isolation ...

Agree generally @loopypalm however I have been using AFWall+ and whitelisted (allowed) supposedly only 4 installed apps - but no system stuff. According to the logs it is blocking literally 000's of requests from the kernel/system and others. However I installed GlassWire the other day and it is showing it exchanging data in and out daily for "Android System".......... :-(
If accurate not sure there is any way to stop that as it must be buried very deep?

loopypalm said:
that's why i tell people to use gappless custom roms ...
don't give apps data permission
and restrict all from internet access
if you have an app that need both ensure it dosn't have trackers
if you still don't trust use riru storage isolation ...
Click to expand...
Click to collapse
Karma Firewall, freeware that uses almost no battery.
China and the CCP are one in the same. The risk of embedded hardware, firmware and software spyware or back doors is high.
The CCP is insidious and nefarious... if you haven't noticed it already

sabei said:
However I installed GlassWire the other day and it is showing it exchanging data in and out daily for "Android System".......... :-(
If accurate not sure there is any way to stop that as it must be buried very deep?
Click to expand...
Click to collapse
there is an app+process called 'NetworkStack' , that is responsable for app to use internet and it's consomation is counted under "Android System"
blackhawk said:
Karma Firewall, freeware that uses almost no battery
Click to expand...
Click to collapse
i read that it dosn't require root, so i'm not sure if it operate at a system level or just does this :

loopypalm said:
i read that it dosn't require root, so i'm not sure if it operate at a system level or just does this :
View attachment 5356179
Click to expand...
Click to collapse
It's a VNP based firewall. It runs best on Pie or lower. With Q and above you lose it's logging function. I'm running Pie so I haven't tested that... and don't plan too anytime soon

loopypalm said:
there is an app+process called 'NetworkStack' , that is responsable for app to use internet and it's consomation is counted under "Android System"
Click to expand...
Click to collapse
yes that shows as a separate process on mine (1073) and is blocked/not allowed along with the rest
(I am still running AEX 7.3 - thanks again for the original recommendation)

sabei said:
yes that shows as a separate process on mine (1073) and is blocked/not allowed along with the rest
(I am still running AEX 7.3 - thanks again for the original recommendation)
Click to expand...
Click to collapse
you can block the package ,yes but not the process
it's the one thing that make you able to connect to wifi/4g ...

{Mod edit: Quoted post has been deleted}
You have quoted an article written by someone selling spy apps...............hardly the most credible and has nothing to do with what I was referring to.

i think people should start editing the apps they work with to remove trackers and useless stuff ...
if you don't have the skills you can use the "mobilism" or "4pda forums" releases, i don't think i have the right to post their links here
other than that nobody can spy on you unless you r an idiot or if they use "Pegasus"

loopypalm said:
i think people should start editing the apps they work with to remove trackers and useless stuff ...
if you don't have the skills you can use the "mobilism" or "4pda forums" releases, i don't think i have the right to post their links here
other than that nobody can spy on you unless you r an idiot or if they use "Pegasus"
Click to expand...
Click to collapse
Easiest thing to do is either don't load crapware or firewall block it.
Amazon, WhatsApp, FB, Instagram, LinkedIn etc never are installed on my device.
Lots do then wonder why their battery life sucks and they have no privacy

blackhawk said:
Easiest thing to do is either don't load crapware or firewall block it.
Amazon, WhatsApp, FB, Instagram, LinkedIn etc never are installed on my device.
Lots do then wonder why their battery life sucks and they have no privacy
Click to expand...
Click to collapse
well , It is easier to escape from a problem than to solve it ...
lot of people can't live without wsp and fb,and i agree, that's a problem ...
that's why i suggested to use storage isolation
(you give an app just one folder to access instead of the whole SD)
and use mod like fouadmod for wsp and cleaned Friendly for Facebook ...
and for identity i don't think there is much you can do unless feed it fake info or create a new identity ...
and if you are a government target just destroy your phone and don't even think ...

loopypalm said:
well , It is easier to escape from a problem than to solve it ...
lot of people can't live without wsp and fb,and i agree, that's a problem ...
that's why i suggested to use storage isolation
(you give an app just one folder to access instead of the whole SD)
and use mod like fouadmod for wsp and cleaned Friendly for Facebook ...
and for identity i don't think there is much you can do unless feed it fake info or create a new identity ...
and if you are a government target just destroy your phone and don't even think ...
Click to expand...
Click to collapse
The problem with those social apps is two fold. All the personal data the user willingly supplies that can then be weaponized against them is the primary issue.
People shouldn't know everything you do and think.
These virtual trash apps have ruined many careers and lives. They are now a source of disinformation and are heavily censured unless you think "correctly". It is a means of controlling the masses by a few.
You're not the customer... you are the product.
Fk that $hit.

loopypalm said:
i think people should start editing the apps they work with to remove trackers and useless stuff ...
Click to expand...
Click to collapse
I've been using some (very few) mobilism apps for years without any ill effects.
Even if you don't use FB yourself, that by itself doesn't exempt you from its tracking, as you'll notice if you follow the tip below.
If you're rooted, another way (which doesn't always work, sadly) would be to get OSS App Manager from F-Droid, see what trackers are there for any given app (you're clear if none are listed) and block some or all of them... YMMV.

pnin said:
see what trackers are there for any given app (you're clear if none are listed) and block some or all some of them... YMMV.
Click to expand...
Click to collapse
Anybody else tried using Warden - app on XDA to remove trackers/beacons etc?

pnin said:
I've been using some (very few) mobilism apps for years without any ill effects.
Even if you don't use FB yourself, that by itself doesn't exempt you from its tracking, as you'll notice if you follow the tip below.
If you're rooted, another way (which doesn't always work, sadly) would be to get OSS App Manager from F-Droid, see what trackers are there for any given app (you're clear if none are listed) and block some or all some of them... YMMV.
Click to expand...
Click to collapse
If FB, Amazon etc is preinstalled either package block it or firewall block.
I prefer using Package Disabler to kill them although you can use ADB to do it.
I keep locations disabled unless I need maps which is rare. Helps battery life too.
Lol, FB is pure poison...

blackhawk said:
Package Disabler
Click to expand...
Click to collapse
Is this the paid for app?

sabei said:
Is this the paid for app?
Click to expand...
Click to collapse
Yes, annual subscription. Use the none Samsung variant. I can't say how well this variant works. The Samsung version works well but won't block Google play Services. I've been using it for over 2 years.
They do respond to emails promptly.
{Mod edit: Link to paid app removed @blackhawk )

App named 10550 in Wireless data usage?

Hi good people.
I have an app in my wifi data usage list by the name of 10550. I've contacted Samsung and they have now idea what it is. How can I find out?
I have attached a screenshot of it.
I have a Anroid 10 with UI 2.1 Exynos version of Note10+.

LaMpiR said:
Hi good people.
I have an app in my wifi data usage list by the name of 10550. I've contacted Samsung and they have now idea what it is. How can I find out?
I have attached a screenshot of it.
I have a Anroid 10 with UI 2.1 Exynos version of Note10+.
Click to expand...
Click to collapse
Upload online* to Virus Total:
https://www.virustotal.com/gui/
Scan the whole thing with Malwarebytes and Trojanscanner.
If your using a package blocker like PD MDM you can disable it there to test and see if it's even needed.
*use the app APK Export to copy the apk for upload.

blackhawk said:
Upload online* to Virus Total:
https://www.virustotal.com/gui/
Scan the whole thing with Malwarebytes and Trojanscanner.
If your using a package blocker like PD MDM you can disable it there to test and see if it's even needed.
*use the app APK Export to copy the apk for upload.
Click to expand...
Click to collapse
Thank you for the quick reply. I have download apk export but cannot find the app 10550, it's not listed.
I have scanned the phone with Kaspersky internet security and nothing. I have downloaded Malwarebytes and scanned and nothing.
I have never used PD MDM. Installed and will try, but the app 10550 is not there. It is only shown in wireless data usage list.
Any more advices?

APK Exports shows all systems apks, make sure show systems apps is toggled on it.
F it otherwise delete it. Although it be better to ID in case it's malware and more is hidden in the system.

it might refer to apps you removed at some point. what would be the meaning of the word underneath it?

raul6 said:
it might refer to apps you removed at some point. what would be the meaning of the word underneath it?
Click to expand...
Click to collapse
If so... a bad uninstall ie trashware.
SD Maid could probably snuff that reminant even if not rooted.

raul6 said:
it might refer to apps you removed at some point. what would be the meaning of the word underneath it?
Click to expand...
Click to collapse
Bixby Vision says the word (when translated into English) is "Restricted"

scottusa2008 said:
Bixby Vision says the word (when translated into English) is "Restricted"
Click to expand...
Click to collapse
thanks. that's then for the app that has restricted mobile data access. Removed apps come under removed apps heading. hunt is on
@LaMpiR if you click on that entry does it show additional info?

Google "apk 10550"
Urge to kill rising... Los Digit the Pirate says; "tis malware off the port side!"

blackhawk said:
APK Exports shows all systems apks, make sure show systems apps is toggled on it.
F it otherwise delete it. Although it be better to ID in case it's malware and more is hidden in the system.
Click to expand...
Click to collapse
I have activated the function (Advanced mode) and still nothing.
raul6 said:
it might refer to apps you removed at some point. what would be the meaning of the word underneath it?
Click to expand...
Click to collapse
Restricted
blackhawk said:
If so... a bad uninstall ie trashware.
SD Maid could probably snuff that reminant even if not rooted.
Click to expand...
Click to collapse
Will try it now. Thank you.
raul6 said:
thanks. that's then for the app that has restricted mobile data access. Removed apps come under removed apps heading. hunt is on
@LaMpiR if you click on that entry does it show additional info?
Click to expand...
Click to collapse
It shows the data usage from the app.
Total: 0 B
Front: 0B
Background: 0B
Then I have two options with allowing the background data(that is off) and the allowing the Data usage bei Data saving option(don't have that anyway.
I have googled apk 10550 and the only APP I had was from Payback, but the App is updated to 20.08.10630 version. It is a small coupon app.
Mine has transferred since 16.05. - 13.06. 5,81GB and after it's saying that it's restricted.

SD Maid can't touch that... if it's an uninstallable app.
APK Exports, hit the inverted triangle of bars in the right hand corner. Punch to show system apps.
It better be there. Copy the package and Scan it.

Hi. I have somehow missed your answer.
Anything else what I could try? I have no idea anymore
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Did Apk Extractor copy it?
Try safe mode, it still running?
If it's listed on PD MDM; package blocker you can kill it or if not try a manual disable by entering the full app name, not just 10550.
Go in using ADB and tract it down.
Call your carrier tech support.
I can't find it doing a Google search which is disquieting.
It's not on my 10+
Nuke option...
If the load is old, backup and do a hard reset.
Make sure this bugger isn't in the backup data.
After reset check to see if present; it may be legitimate apk or added adware on the original OS load.
If still clean restore data and apps, check for it again.
Keep checking... once bitten, twice shy. It maybe on one of your 3rd party apps. Have any chat apps loaded?
Always look through your downloads especially after a go around on a naughty or misbehaving site for rogue downloads, delete any asap.
Use Gmail and never download unknown anything!!!
Avoid side loading apks unless you trust the site and scan them first with online Virus Total.
Check that all your apps don't have permission to install unknown apps!!!
Androids are generally hard to infect unless you do something stupid. I've ran dinosaur Androids for years with no infections that costed a reload*.
*Malwarebytes did catch 2 trojan preloaders a little less then a year ago though... in downloads.
Also downloaded an infected jpeg that cost me all of my pics in downloads and damaged other files in the download folder in the last year.
Delete, delete, delete... I got lucky it died there..

I cannot find the app with APK Extractor.
I cannot find the app running, only it is shown in Wireless data usage, so running in safe mode would help if I could run it for a month.
PD MDM is not showing any app with 10550 name.
blackhawk said:
Did Apk Extractor copy it?
Try safe mode, it still running?
If it's listed on PD MDM; package blocker you can kill it or if not try a manual disable by entering the full app name, not just 10550.
Go in using ADB and tract it down.
Call your carrier tech support.
I can't find it doing a Google search which is disquieting.
It's not on my 10+
Nuke option...
If the load is old, backup and do a hard reset.
Make sure this bugger isn't in the backup data.
After reset check to see if present; it may be legitimate apk or added adware on the original OS load.
If still clean restore data and apps, check for it again.
Keep checking... once bitten, twice shy. It maybe on one of your 3rd party apps. Have any chat apps loaded?
Always look through your downloads especially after a go around on a naughty or misbehaving site for rogue downloads, delete any asap.
Use Gmail and never download unknown anything!!!
Avoid side loading apks unless you trust the site and scan them first with online Virus Total.
Check that all your apps don't have permission to install unknown apps!!!
Androids are generally hard to infect unless you do something stupid. I've ran dinosaur Androids for years with no infections that costed a reload*.
*Malwarebytes did catch 2 trojan preloaders a little less then a year ago though... in downloads.
Also downloaded an infected jpeg that cost me all of my pics in downloads and damaged other files in the download folder in the last year.
Delete, delete, delete... I got lucky it died there..
Click to expand...
Click to collapse

How much data is it using?
Try Data Couter Widget>apps
See what this shows and if you can access mystery apk from there.
This is a useful tool. Thanks for reminding me

I looked for that "10550" app, but could not find it anywhere, could it be some carrier thing? Your carrier, I mean, I have a carrier branded 975F, and nothing

Any more advices on this topic? The app is still there...
All security scans show nothing and I cannot click on the app. I will either root the phone to find out or I don't know what to do. Which rooted app could show me the required info? I really don't want to root my phone.

Bump

winol said:
I looked for that "10550" app, but could not find it anywhere, could it be some carrier thing? Your carrier, I mean, I have a carrier branded 975F, and nothing
Click to expand...
Click to collapse
It's the UID number, the unique number your Android designates apks by. Sometimes Karma will show the actual and sometimes the UID.
When Karma shows the UID number it's always a system apk... if that helps.
What is UID on Android?
What is UID on Android? Is it ID of a particular user or of a particular application?
stackoverflow.com
You'll need to figure it out by trial and error. I've seen the UIDs listed for a Sony phone but not Samsung. Some correspond as the same, others not. The biggest connector at idle by far is Google Play Services... gather data no doubt.