This is a ltitle unrelated, but I still wanted to ask you if you know of any ways to mask the info picked up by the app? There are several IDs and sensors that can be used along with the list of apps installed to fingerprint the device. I'm wondering whether there's a safe way to spoof this data without breaking any apps.
I am working on banking app where App Security Testing Team have raised issue that they are able to bypass the SSL
Actually, they are using Rooted Device and combination of Frida, Magisk, Magisk Hide, Zygisk, Deny List using which RootBeer Library unable to detect the root so using this library will we be able to detect all this and can prevent our app ?
Date: Tue Mar 12 2024 23:02:21 GMT+0700 (Western Indonesia Time)
Fatal Exception: android.os.DeadSystemRuntimeException: android.os.DeadSystemException
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
Caused by android.os.DeadSystemException:
at android.app.ApplicationPackageManager.getInstalledPackagesAsUser(ApplicationPackageManager.java:1274)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1251)
at android.app.ApplicationPackageManager.getInstalledPackages(ApplicationPackageManager.java:1245)
at c.b.(AppListCollector.kt:7)
at b.a.m(FMCore.kt:1)
at b.a.b(FMCore.kt:17)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
pool-13-thread-1:
at jdk.internal.misc.Unsafe.park(Unsafe.java)
at java.util.concurrent.locks.LockSupport.park(LockSupport.java:341)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionNode.block(AbstractQueuedSynchronizer.java:506)
at java.util.concurrent.ForkJoinPool.unmanagedBlock(ForkJoinPool.java:3466)
at java.util.concurrent.ForkJoinPool.managedBlock(ForkJoinPool.java:3437)
at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1623)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1176)
at java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:905)
at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1071)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1131)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:644)
at java.lang.Thread.run(Thread.java:1012)
Please take care to adjust versionName and increase versionCode when preparing releases: the APK at the latest release (1.0.1) still identifies as 1.0.0+1 (as build.gradle tells it). The former is for the "human eye", the latter is used by Android internal to tell versions apart and notify about updates when a higher number was seen. Thanks!