• 21 Posts
  • 530 Comments
Joined 2 years ago
cake
Cake day: July 13th, 2023

help-circle


















  • Even when you enter China the officials won’t check your phone. They just tell you to install their “com.gov.mfa” apk downloaded from a server with invalid SSL certificate and totally not suspicious permissions like:

    android.permission.FOREGROUND_SERVICE
    android.permission.ACCESS_NETWORK_STATE
    android.permission.INTERNET
    android.permission.READ_PRIVILEGED_PHONE_STATE
    android.permission.WRITE_EXTERNAL_STORAGE
    android.permission.CAMERA
    android.permission.ACCESS_WIFI_STATE
    android.permission.READ_SETTINGS
    android.permission.READ_EXTERNAL_STORAGE
    android.permission.BLUETOOTH_ADMIN
    android.permission.ACCESS_COARSE_LOCATION
    android.permission.ACCESS_FINE_LOCATION
    android.permission.GET_TASKS
    android.permission.RECEIVE_USER_PRESENT
    android.permission.WAKE_LOCK
    android.permission.VIBRATE
    android.permission.SYSTEM_ALERT_WINDOW
    android.permission.CHANGE_NETWORK_STATE
    android.permission.CHANGE_WIFI_STATE
    android.permission.RECORD_AUDIO
    android.permission.MODIFY_AUDIO_SETTINGS
    android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
    android.permission.REQUEST_INSTALL_PACKAGES
    android.permission.BLUETOOTH
    android.permission.CALL_PHONE
    android.permission.READ_PHONE_STATE
    android.permission.PROCESS_OUTGOING_CALLS
    com.asus.msa.SupplementaryDID.ACCESS
    com.gov.mfa.permission.SP_NOTIFY_CHANGE
    com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE
    android.permission.REORDER_TASKS
    android.permission.USE_FULL_SCREEN_INTENT
    android.permission.DOWNLOAD_WITHOUT_NOTIFICATION
    android.permission.ACCESS_DOWNLOAD_MANAGER
    android.permission.LOCAL_MAC_ADDRESS
    android.permission.READ_APN_SETTINGS
    android.permission.BROADCAST_STICKY
    android.permission.WRITE_SETTINGS
    com.gov.mfa.permission.TMF_SHARK
    com.gov.mfa.permission.MIPUSH_RECEIVE
    android.permission.QUERY_ALL_PACKAGES
    android.permission.FLASHLIGHT
    android.permission.MOUNT_UNMOUNT_FILESYSTEMS
    android.permission.RECEIVE_BOOT_COMPLETED
    com.gov.mfa.permission.PROCESS_PUSH_MSG
    com.gov.mfa.permission.PUSH_PROVIDER
    android.permission.FOREGROUND_SERVICE_MEDIA_PROJECTION
    com.huawei.appmarket.service.commondata.permission.GET_COMMON_DATA
    

    and totally legitimate looking activities like com.tencent.rtmp.video.TXScreenCapture$TXScreenCaptureAssistantActivity , com.tencent.qcloud.logutils.LogActivity and com.tencent.liteav.audio2.permission.PermissionActivity