Comments (17)
What is the rationale for this? Since the app has been open-sourced, if someone wanted to run it on a rooted phone, they could simply edit the source to skip the root check and then build an APK of that and use it, right? As I commented on #26, whatever client-side checks are implemented in the app for stopping mock location, rooted use etc., a malicious actor could bypass them in their own build of the app and continue to remain malicious.
from aarogyasetu_android.
Yup i agree..the root detection used here is old-school
from aarogyasetu_android.
isRooted Only check the test-keys , uperuser.apk and su but system can be rooted with many other way.
Like
TEST KEYS
DEV KEYS
NON RELEASE KEYS
DANGEROUS PROPS
PERMISSIVE SELINUX
SU EXISTS
SUPERUSER APK
SU BINARY
BUSYBOX BINARY
XPOSED
RESETPROP(EXPERIMENTAL)
WRONG PATH PERMITION
HOOKSthese are some key points
https://github.com/DimaKoz/meat-grinder
This uses some some native NDK methods to check so..
I can push this mechanisam as I've implemented this in my another app
Thanks n Regards:
Haneet Singh Chhabra
I will suggest to raise a PR with proper comment. This will help developer to understand your concern in more efficient manner and as you have already implemented, you may know pros and cons in better way and able to provide solution more efficiently.
from aarogyasetu_android.
isRooted Only check the test-keys , uperuser.apk and su but system can be rooted with many other way.
Like
TEST KEYS
DEV KEYS
NON RELEASE KEYS
DANGEROUS PROPS
PERMISSIVE SELINUX
SU EXISTS
SUPERUSER APK
SU BINARY
BUSYBOX BINARY
XPOSED
RESETPROP(EXPERIMENTAL)
WRONG PATH PERMITION
HOOKS
these are some key points
https://github.com/DimaKoz/meat-grinder
This uses some some native NDK methods to check so..
I can push this mechanisam as I've implemented this in my another app
Thanks n Regards:
Haneet Singh ChhabraI will suggest to raise a PR with proper comment. This will help developer to understand your concern in more efficient manner and as you have already implemented, you may know pros and cons in better way and able to provide solution more efficiently.
This feature will increase the app size and require NDK support so before pr I just want to make sure, they actually want it.
from aarogyasetu_android.
Root beer is another popular library that is utilised in other govt apps as well
from aarogyasetu_android.
Root beer is another popular library that is utilised in other govt apps as well
This looks pretty good, I guess..
from aarogyasetu_android.
Root beer is another popular library that is utilised in other govt apps as well
I just spoke to some people.. magisk bypass this lib..
from aarogyasetu_android.
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
from aarogyasetu_android.
There is no perfect root detection library..even the one you mentioned above can be bypassed..I use Magisk + Xposed and can see it giving result as 'Non-rooted'
from aarogyasetu_android.
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
Just Reviewing test came across..
meat-grinder is magisk safe..
we can use it
from aarogyasetu_android.
There is no perfect root detection library..even the one you mentioned above can be bypassed..I use Magisk + Xposed and can see it giving result as 'Non-rooted'
Okay
from aarogyasetu_android.
Related #26
from aarogyasetu_android.
What is the rationale for this? Since the app has been open-sourced, if someone wanted to run it on a rooted phone, they could simply edit the source to skip the root check and then build an APK of that and use it, right? As I commented on #26, whatever client-side checks are implemented in the app for stopping mock location, rooted use etc., a malicious actor could bypass them in their own build of the app and continue to remain malicious.
I Don't think so they're going to provide end links..
they may provide server side code which you need to implement in your environment..
but for usage of this app you need to download it from play store
from aarogyasetu_android.
you can make changes in these android or server code and raise a pull request. They may include it and push that to production..
from aarogyasetu_android.
It will not be useful , bypass root is very easy.
Just a wasting of time
The thing is safetynet with tee, anyway I don't know if anybody uses these apps.
from aarogyasetu_android.
It will not be useful , bypass root is very easy.
Just a wasting of time
The thing is safetynet with tee, anyway I don't know if anybody uses these apps.
Yeah.. You're right, someone will crack it..
but we still need to add as much as security as we can..
from aarogyasetu_android.
now we are reviewing is 'https://github.com/DimaKoz/meat-grinder' 'magisk' safe or not
Just Reviewing test came across..
meat-grinder is magisk safe..
we can use it
FYI
It's not magisk safe..
from aarogyasetu_android.
Related Issues (20)
- GattClient not used. Who is connecting to server then?
- New tech repport
- iOS - Translation text is missing for delete_account_title
- patient status problem when the active patient changes his handset
- This repo isn't updated as per the play store version! HOT 1
- Autostart permission
- Reporting Low SPO2 in patients across India
- BluetoothLE: Scanning nearby user not working
- New Feature to check availability of beds for Covid-19 critical patient HOT 4
- Feature Request : Notify users when Vaccines are available at the nearest location.
- Vaccination slots booked by bots HOT 2
- OTP validity mismatch
- Suggestions on New UI changes in Arogya Setu.. current UI is against desired output
- correction in autofill feature of mobile number in Aarogya Setu App HOT 1
- [BUG] Error in identity validation
- Feature Request : arogyasetu should also show if Bluetooth contacts are vaccinated
- Jรก
- [Suggestion] Add an option for choosing vaccine other than Covishield, Covaxin
- Unsuccessful account deletion
- Unable to log in arogyasetu app despite entering phone number HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aarogyasetu_android.