←back to thread

Wanted to spy on my dog, ended up spying on TP-Link

(kennedn.com)
436 points kennedn | 3 comments | 15 Sep 25 16:28 UTC | HN request time: 0s | source
Show context
201984 ◴[15 Sep 25 18:01 UTC] No.45252931[source]
Are techniques like using Frida and mitmproxy on Android apps still going to be possible after the signing requirement goes into effect next year?
replies(3): >>45253290 #>>45254332 #>>45255348 #
mschuster91 ◴[15 Sep 25 20:07 UTC] No.45254332[source]
They're already barely possible as it is.

For frida to work you need to root the device, which is impossible on ever more models, and there's an endless supply of very good rooting detection SDKs on the market, not to mention Play Integrity.

replies(2): >>45254635 #>>45255440 #
crowfunder ◴[15 Sep 25 20:39 UTC] No.45254635[source]
As far as I'm aware it is possible to use Frida without rooting, by using Objection https://github.com/sensepost/objection
replies(1): >>45254759 #
1. bri3d ◴[15 Sep 25 20:50 UTC] No.45254759[source]
> Patch iOS and Android applications, embedding a Frida gadget that can be used with objection or just Frida itself.

This is the key thing, and the part that will change next year: previously, you could unpack, patch, and repack an APK with the Frida gadget and install it onto an Android device in Developer mode, while the device remained in a "Production" state (with only Developer mode enabled, and no root). Now, the device would either need to be removed from the Android Certified state (unlocked/rooted) or you would need to sign the application with your own Developer Console account and install it on your own device, like the way iOS has worked for years.

replies(1): >>45254948 #
2. crowfunder ◴[15 Sep 25 21:09 UTC] No.45254948[source]
Wow that's horrifying. I guess apk modding era is over for most users.
replies(1): >>45255535 #
3. sureglymop ◴[15 Sep 25 22:04 UTC] No.45255535[source]
Not yet. If I recall correctly only very few countries affected in the beginning.