1. This website uses cookies to improve service and provide a tailored user experience. By using this site, you agree to this use. See our Cookie Policy.
    Dismiss Notice

Warning: do not use any not authorized BHW apps from Google Play

Discussion in 'Forum Suggestions & Feedback' started by vinku, Feb 16, 2020.

Thread Status:
Not open for further replies.
  1. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    2,074
    Likes Received:
    2,958
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland
    Home Page:
    Topic is here, but there is no warning from moderation:
    https://www.blackhatworld.com/seo/is-this-bhw-app-authorized.1200360/

    I decompiled this app, not run it:
    https://play.google.com/store/apps/details?id=black.hat.worlds


    Screenshot looks like Android WebView component, but there is so much other code here and a lot is obfuscated (ProGuarded, that we don't know what this developer is doing). He uses some own command servers, crashlytics and many other weird libraries.

    The biggest question, if this is a webview, why he is reading login and password? What he is doing with your credentials? In webview, the page loads itself and developer cannot manipulate a lot.

    Second question, why he is asking for Phone Call permission?


    100% he is doing something with your login and password, but you cannot guess what, because rest of code is smart obfuscated.

    [​IMG]


    Here you can report this app, @Diamond Damien
    https://support.google.com/legal/troubleshooter/1114905
    It's link for DMCA request, faster removal
    Only for copyright owner


    For other people you can use this
    1. Open the Google Play Store app [​IMG].
    2. Go to the detail page for an app or game.
    3. Tap More [​IMG][​IMG] Flag as inappropriate.
    4. Choose a reason.
    5. Tap Submit.

      Same you can do on PC
     
  2. FBGuru

    FBGuru Jr. VIP Jr. VIP

    Joined:
    Sep 22, 2013
    Messages:
    1,064
    Likes Received:
    1,369
    Location:
    Personality Type : ESTP
    That might just be the answer to all the accounts that got hacked and logs back in after several years.
     
  3. Festinger

    Festinger Jr. VIP Jr. VIP

    Joined:
    Feb 27, 2014
    Messages:
    6,245
    Likes Received:
    7,527
    Occupation:
    Download Premium WordPress Themes and Plugins @
    Home Page:
  4. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    2,074
    Likes Received:
    2,958
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland
    Home Page:
    Nah, this app is fresh, but I see it's professional coded. Everything vital is obfuscated.
    but previously, in the past, there could be some apps in store. I don't know if staff reported them.
     
  5. FBGuru

    FBGuru Jr. VIP Jr. VIP

    Joined:
    Sep 22, 2013
    Messages:
    1,064
    Likes Received:
    1,369
    Location:
    Personality Type : ESTP
    Reported the app both from PC and Mobile for collecting the login credentials of BHW members.
     
    • Thanks Thanks x 1
  6. sweeside

    sweeside Regular Member

    Joined:
    Nov 18, 2018
    Messages:
    221
    Likes Received:
    108
    The app doesn't actually hack login details though, the screenshot by @vinku is an RxJava dependency :)
     
    • Thanks Thanks x 1
  7. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    2,074
    Likes Received:
    2,958
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland
    Home Page:
    @sweeside but we both don't know what he is doing in obfuscated code :) there is a lot of this, even in main package :)

    it's not only webview ;) he is doing a lot more
     
  8. sweeside

    sweeside Regular Member

    Joined:
    Nov 18, 2018
    Messages:
    221
    Likes Received:
    108
    • Thanks Thanks x 1
  9. vinku

    vinku Jr. VIP Jr. VIP

    Joined:
    Jan 22, 2008
    Messages:
    2,074
    Likes Received:
    2,958
    Gender:
    Male
    Occupation:
    Making Money With Android
    Location:
    Poland
    Home Page:
    What you was able to just read class name GoldWebview, but he can steal credentials in single line code. Can be obfuscated.


    Anyway, it's just a warning to not use NOT AUTHORIZED APPS:
    -he haven't any rights to use Blackhatworld in a way he is doing it
    -any developer can hide everything, even in library you told. So what it's RxJava depedency? Do you have proof it's clean RxJava? In free version of my HelloWorld app with outside app ads (different forum, before course), I made some surprise what was putting my ad id instead developer, belive me, nobody catched it and earned few hundreds (don't worry, current is clean ;) )

    Let's not make offtop, it's a warning for users, that not official app can be dangerous
     
  10. Textsurfer

    Textsurfer Junior Member

    Joined:
    May 17, 2016
    Messages:
    169
    Likes Received:
    82
    Occupation:
    Poffertjes
    Location:
    Netherlands
    • Thanks Thanks x 1
  11. Diamond Damien

    Diamond Damien Owner BlackHatWorld Staff Member Jr. VIP Premium Member UnGagged Attendee

    Joined:
    Oct 27, 2005
    Messages:
    56,752
    Likes Received:
    16,172
    Occupation:
    BlackHatWorld
    Location:
    BHW - of course.
    Home Page:
    Hi @vinku - thanks for taking the time to raise the issue. Action has already been taken against the developer in question when we were first made aware. There is a clear warning from @Zwielicht here https://www.blackhatworld.com/seo/is-this-bhw-app-authorized.1200360/#post-12875730 Which includes helpful hints if you’re ever concerned about downloading apps. On the store or elsewhere. Finally, needless to say, if there was an official BHW app out in the wild we’d be the first to tell you about it. We’re sticking with the responsive design we have instead of developing an app.

    In short always look to the source and never give your login credentials away.

    asked answered closed.
     
    • Thanks Thanks x 2
Thread Status:
Not open for further replies.