twix
@twix@infosec.pub
- Comment on Beeper reverse-engineered iMessage to bring blue bubble texts to Android users 11 months ago:
Yeah, sorry, I got confused. Beeper mini does need servers to keep the notification service alive. And thus not crazy to ask for 2$ a month. Beeper cloud could indeed do without servers I guess, but I don’t know anything about that. I was just keeping up with the development of pypush (the python poc) and reverse engineering progress.
I don’t understand your point of “you have to log in with a google account”. I understood that was a requirement to check subscription status (and as such limit fraudulent apk’s).
But that seems to be a different story than “opensourcing this would mean a competitor could do it for free”.
You can already do this for free with pypush. And if you want to use something else then python you could build something based on it with any language as pypush is completely open source.
- Comment on Beeper reverse-engineered iMessage to bring blue bubble texts to Android users 11 months ago:
They do have to run servers in order to keep the service alive. If you want to run this stuff yourself on your own server that’s possible using PyPush. The reason they have to run those servers for you is to keep the notification service alive.
- Comment on Why Apple is working hard to break into its own iPhones 11 months ago:
Sadly the same thing has been happening on the android side (a quick google search seems to confirm this). Possible exploits reported but not patched in a timely manner. In general I feel like the Apple bug bounty problem has been swift, although indeed failing from time to time to reward an original reporter. I have not been keeping a close eye on the android side but I imagine the same has been happening. Apple has started to offer e2e encryption on iCloud data blocking even CIA/FBI access. And next to that, seeing I’m based in Europe (and so my data should too) I don’t feel like the patriot act has any impact on me.
- Comment on Why Apple is working hard to break into its own iPhones 11 months ago:
I haven’t heard about google testing hardware based attacks on their chips, which I suppose could be caused by android running on a wide variety of chips instead of a few home-developed ones. Next to that Apple has had a bug bounty program for ages, that pays well and covers a wide range of attacks. Not hosting open hackathons has perhaps something to do with public brand image, but Apple shouldn’t be discredited regarding rewarding the findings of bugs and exploits.