Comments (6)
SHA256 and the fr.meteo
name are the standards across Android things.
The handle is actually known as the Android "Application ID" which is basically the same a Java "Package Name". So we can leave Google out of it ;-). That is required, unique ID for Android itself, then it is also used in Google Play, F-Droid, and many other app stores.
Also, do you know about https://androidobservatory.org? Its free software, and quite complimentary to Exodus Privacy scanner. Would be nice to have both somehow merged. It uses both "Application ID" and SHA-256. VirusTotal uses SHA-256.
from exodus.
SHA256 and the |fr.meteo| name are the standards across Android things.
The handle is actually known as the Android "Application ID" which is
basically the same a Java "Package Name". So we can leave Google out of
it ;-). That is required, unique ID for Android itself, then it is also
used in Google Play, F-Droid, and many other app stores.
Right. Exodus grabs the package from GP using gplaycli, so I was using that terminology... it's a somewhat important distinction because of so many fake scam apps out there. If we're going to list reports for apps in the Exodus Web UI that are outside of GP, then I think we need to come up with a naming scheme that includes the source (goog play, f-droid repo, manual upload, etc.) But the Exodus scanner (the CLI etc.) can be used for any APK without having to worry about what ends up listed on reports.exodus-privacy.eu.org
Also, do you know about https://androidobservatory.org? Its free
software, and quite complimentary to Exodus Privacy scanner. Would be
nice to have both somehow merged. It uses both "Application ID" and
SHA-256. VirusTotal uses SHA-256.
I stumbled across it a few months ago; it's great for checking APKs. Doesn't focus on trackers and does manual upload, which is a bit different... Exodus is designed to provide reports before people install something, and to provide a quick audit of an app's respect for privacy.
There's certainly some cross-pollination to be done here, but I think we need to figure out how we're going to handle integration with LibScout first... I would expect Exodus to incorporate parts of the androidobservatory.org UI if anything, and not any backend changes in the foreseeable future.
from exodus.
Regarding IDs, SHA256 is best for individual files, "Application ID" is for the things claiming to be a specific app (e.g. Firefox is org.mozilla.firefox and fake ones might use that Application ID also), then I guess you need a third kind of ID for the source (F-Droid, Google Play, Amazon, Baidu, Aptoide, etc). Android Observatory has tried to the do same kind of labeling, so something to look at.
I think Android Observatory is entirely complementary with Exodus, there isn't really any overlap in functionality, but they do overlap a lot in presentation and interaction. They both work on the user uploading a file and seeing a result. The way things are cross-linked in Android Observatory is really nice. You can start by looking at a file, then click to see all other files that are signed by the same key, or all files that share the "Application ID".
from exodus.
exactly right Hans. I think it would be good to have application ID still recorded in the URI, if possible, to make it easier to group together fake scam apps if necessary... e.g. I would have wanted to have a static record of the fake Haven APK scans for posterity, and we've even seen at least one fake F-Droid in Google Play. That would also require the feature request of marking them somehow as not genuine.
Also, we see malicious apps hop around under different application IDs in GP. So I think it depends on priorities here, but while we're thinking about changes we should make sure there's something more "meaningful" than a hash to look up easily.
from exodus.
Hi @seandiggity
I'm taking a look at this now because we will probably need to add some features to the API for a new revamped version of Exodus.
Does the current API call https://reports.exodus-privacy.eu.org/api/search/fr.meteo satisfy your needs ? If not, what would you like to see ?
from exodus.
Closing this without answer, @seandiggity feel free to reopen it if needed
from exodus.
Related Issues (20)
- Force django to serve this icon without language redirection
- Use apkid to display anti features HOT 3
- List all application that contain (or have contained) a tracker HOT 1
- Add ODbL for data licensing
- Doesn't return latest report if latest version is already analyzed HOT 10
- Unable to decode the APK HOT 1
- Unable to compute APK fingerprint HOT 1
- Add API route to post application request HOT 4
- Feature request: Filter reports/apps by permissions
- Exodus can't analyze com.heytap.pictorial HOT 2
- GET /api/applications returns a 401 code HOT 4
- Exodus does NOT show some trackers HOT 12
- Missing trackers from API HOT 2
- Unable to download the APK HOT 4
- Adding API support to search for trackers HOT 1
- Exodus shows that the newest version of an app has been already analysed although this is wrong HOT 2
- Unable to analyze apk from Google Play HOT 12
- Quick question about tracker NWs HOT 1
- Upgrade to Python 3.11 and PostgreSQL 15 HOT 3
- API is down? HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from exodus.