←back to thread

469 points bundie | 9 comments | | HN request time: 0.867s | source | bottom
1. bsaul ◴[] No.44501820[source]
how does this work ? Aren't the whatsapp data encrypted locally ?
replies(4): >>44501930 #>>44502057 #>>44502068 #>>44502213 #
2. inerte ◴[] No.44501930[source]
Screen reader?
replies(2): >>44502086 #>>44505680 #
3. jazzyjackson ◴[] No.44502057[source]
yes WhatsApp messages are stored in an encrypted sqlite database.

I'm not an android dev so I'm not positive about this but I expect whatsapp is shipping their app with "App Actions" interface giving the assisstant certain actions it can perform, so this is not wholesale database access. See [0]

App Actions extend your in-app functionality to Assistant, enabling users to access your app's features by voice. When a user invokes an App Action, Assistant matches the query to a BII declared in your shortcuts.xml resource, launching your app at the requested screen or displaying an Android widget.

You declare BIIs in your app using Android capability elements. When you upload your app using the Google Play console, Google registers the capabilities declared in your app and makes them available for users to access from Assistant.

https://developer.android.com/develop/devices/assistant/over...

4. pkilgore ◴[] No.44502068[source]
You have to unencrypt data to process it and as soon as you do that, the right Kernel APIs are enough to see whatever you want -- here the accessibility APIs are probably enough to read any text you would be able to read.
replies(1): >>44502390 #
5. bsaul ◴[] No.44502086[source]
oh ok, didn't understand that it was working over a screen capture stream... thanks !
6. bonoboTP ◴[] No.44502213[source]
If Android can render the messages, Google must have a way to access them.
7. bsaul ◴[] No.44502390[source]
another person in the thread suggests it's working over a screen capture stream. But that's what i'm wondering : are they working over a video of the screen or by integrating directly with the internals of the OS.
replies(1): >>44502562 #
8. jadamson ◴[] No.44502562{3}[source]
The more likely candidate is reading notifications, no?
9. hnburnsy ◴[] No.44505680[source]
Android Accessibility Service

https://developer.android.com/guide/topics/ui/accessibility/...

>Devices running Android 8.0 (API level 26) and higher include several text-processing features that make it easier for accessibility services to identify and operate on specific units of text that appear on screen.