1 point

The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?

permalink
report
reply
2 points

Mostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does

permalink
report
parent
reply
3 points

Initial Response from the Company After informing the company of the vulnerability affecting File Manager: File Explorer (used by over 10M+ users), the company responded that it does not consider the issue a problem and has not taken steps to resolve it

Considering the miniscule number of people who would even attempt this. They do not bother which is good. Not worth the time to waste on this.

permalink
report
reply
5 points

Tagged as a bug bounty?

The guy wanted a bug bounty on something like this?

Like if he discovered now that software can be cracked??

Of course they weren’t interested, all the software is crackable. Even if the dev wasted one week of dev time to implement server side validation, then the for the cracker doesn’t change anything, they patch the server check to reverse the logic. Ok it’s a bit harder but if it’s worth, determined crackers will take the challenge.

Look at denuvo and the thousands of online checks, all defeated eventually.

permalink
report
reply

Android

!android@lemdro.id

Create post

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id


💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it’s in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it’s not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website’s name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don’t post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities
Lemmy App List
Chat and More

Community stats

  • 1.4K

    Monthly active users

  • 2.8K

    Posts

  • 34K

    Comments