Podcini
Open source #podcast manager/player project.
This is based on a fork from the popular project AntennaPod as of Feb 5 2024.
Differing from the forked project, this project is purely Kotlin based, relies on the most recent dependencies, and most importantly has migrated the media player to androidx.media3, and added mechanism of AudioOffloadMode which is supposed to be kind to device battery. Efficiencies are also sought on running the app. App build is also upgraded to target Android 14.
https://github.com/XilinJia/Podcini
https://apt.izzysoft.de/fdroid/index/apk/ac.mdiq.podcini
Open source #podcast manager/player project.
This is based on a fork from the popular project AntennaPod as of Feb 5 2024.
Differing from the forked project, this project is purely Kotlin based, relies on the most recent dependencies, and most importantly has migrated the media player to androidx.media3, and added mechanism of AudioOffloadMode which is supposed to be kind to device battery. Efficiencies are also sought on running the app. App build is also upgraded to target Android 14.
https://github.com/XilinJia/Podcini
https://apt.izzysoft.de/fdroid/index/apk/ac.mdiq.podcini
GitHub
GitHub - XilinJia/Podcini: Open source podcast instrument for Android supporting contents from YouTube and YT Music as well as…
Open source podcast instrument for Android supporting contents from YouTube and YT Music as well as normal podcasts. - XilinJia/Podcini
👍8❤3🔥2
LineageOS adds internal support for microG
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/383574
https://review.lineageos.org/q/topic:microg-eval
And the application signature spoofing is locked-down to apps signed by microg.org.
As of February 25th 2024, LineageOS has added internal support for application signature spoofing, a critical pre-requisite for full microG functionality. LineageOS ROM images built after that date will include this new feature.
This means that many people will no longer have to root their device and install tools like Xposed/LSposed to make their ROMs compatible with microG. This is a win for both security/stability as well as user friendliness, as there is no longer any need for any settings/permissions in this implementation. The ROM will “just work” with core modules released by the microG project.
Other than application signature spoofing hacks, microG installation tasks remain as before. Please see #microg #installers note for a general overview and links to recommended installation tools.
~
This is huge news for the microG project, as LineageOS is the largest and most famous custom Android ROM project in the world.
LOS is also used as the foundation for a large percentage of other custom android ROMs as well. Which means that almost every one of those ROMs will also now include microG support by default, without any extra effort on their part.
The impact of this on the custom ROM community cannot be overstated: it is a “watershed moment”.
Many in the FOSS community have gotten increasingly frustrated with Google’s progressive crippling of the base FOSS version of android “AOSP”, and the migration of many important core functions which used to be included with AOSP into proprietary, closed-source Google apps and frameworks instead.
This issue was one of the founding objectives of the microG project: give control back to the user and let them take advantage of the open-source foundation of android without forcing them to use a proprietary and snoopery vendor-locked version of the OS instead, just to get basic functionality like push messaging and Play Store app compatibility.
At this point we believe that the existing “LineageOS for microG” project will continue with their project as it is a “works out of the box” solution that also bundles some FOSS app store tools.
https://review.lineageos.org/c/LineageOS/android_frameworks_base/+/383574
https://review.lineageos.org/q/topic:microg-eval
And the application signature spoofing is locked-down to apps signed by microg.org.
As of February 25th 2024, LineageOS has added internal support for application signature spoofing, a critical pre-requisite for full microG functionality. LineageOS ROM images built after that date will include this new feature.
This means that many people will no longer have to root their device and install tools like Xposed/LSposed to make their ROMs compatible with microG. This is a win for both security/stability as well as user friendliness, as there is no longer any need for any settings/permissions in this implementation. The ROM will “just work” with core modules released by the microG project.
Other than application signature spoofing hacks, microG installation tasks remain as before. Please see #microg #installers note for a general overview and links to recommended installation tools.
LOS is also used as the foundation for a large percentage of other custom android ROMs as well. Which means that almost every one of those ROMs will also now include microG support by default, without any extra effort on their part.
The impact of this on the custom ROM community cannot be overstated: it is a “watershed moment”.
Many in the FOSS community have gotten increasingly frustrated with Google’s progressive crippling of the base FOSS version of android “AOSP”, and the migration of many important core functions which used to be included with AOSP into proprietary, closed-source Google apps and frameworks instead.
This issue was one of the founding objectives of the microG project: give control back to the user and let them take advantage of the open-source foundation of android without forcing them to use a proprietary and snoopery vendor-locked version of the OS instead, just to get basic functionality like push messaging and Play Store app compatibility.
At this point we believe that the existing “LineageOS for microG” project will continue with their project as it is a “works out of the box” solution that also bundles some FOSS app store tools.
🎉34👍11❤3🔥2💩1🤣1
Here’s a discussion on the change:
The patch that has been merged implements signature spoofing in a safer way compared to the ones proposed in the past (MicroG apks exclusively are allowed to spoof only and solely the Google signature they want to spoof).
Many of the microG services have to spoof themselves as Google Mobile Services in order to replace some of their functionality with a more privacy-respecting, resource-conserving alternative.
To facilitate that, the OS has to allow the microG apps to pretend to be the regular Google GMS/Gplay framework apps without actually having the same signing signature. The feature is referred-to as "application signature spoofing".
LOS was bitterly opposed to including that in their ROM for years because of it "breaking the android security model".
Which is understandable on some level but if it's properly implemented (eg in this case locking down this functionality so it can only be used by known trustworthy code and not malware) then it shouldn't be an issue.
And given how Google has been doubling-down on their sneaky data-collection efforts year after year, and moving all sorts of essential services out of the open-source AOSP code into various proprietary closed-source Google apps and frameworks instead (increasingly forcing full FOSS ROMs to be severely crippled from a core functionality standpoint), I think it's overdue to start mainstreaming some countermeasures against that.
Google with android has been cloaking themselves in the FOSS mantle to gain credibility in some circles from the beginning, but then they turn around and year after year, increasingly cripple actual FOSS android implementations.
https://libreddit.miaoute.net/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/
https://www.reddit.com/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/
The patch that has been merged implements signature spoofing in a safer way compared to the ones proposed in the past (MicroG apks exclusively are allowed to spoof only and solely the Google signature they want to spoof).
Many of the microG services have to spoof themselves as Google Mobile Services in order to replace some of their functionality with a more privacy-respecting, resource-conserving alternative.
To facilitate that, the OS has to allow the microG apps to pretend to be the regular Google GMS/Gplay framework apps without actually having the same signing signature. The feature is referred-to as "application signature spoofing".
LOS was bitterly opposed to including that in their ROM for years because of it "breaking the android security model".
Which is understandable on some level but if it's properly implemented (eg in this case locking down this functionality so it can only be used by known trustworthy code and not malware) then it shouldn't be an issue.
And given how Google has been doubling-down on their sneaky data-collection efforts year after year, and moving all sorts of essential services out of the open-source AOSP code into various proprietary closed-source Google apps and frameworks instead (increasingly forcing full FOSS ROMs to be severely crippled from a core functionality standpoint), I think it's overdue to start mainstreaming some countermeasures against that.
Google with android has been cloaking themselves in the FOSS mantle to gain credibility in some circles from the beginning, but then they turn around and year after year, increasingly cripple actual FOSS android implementations.
https://libreddit.miaoute.net/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/
https://www.reddit.com/r/LineageOS/comments/1b11zex/los_has_added_internal_microg_support/
👍10
MicroG Installers:
Just installing the microg components as user apps will partially function but you will not get full functionality without the main components installed as system apps, like the location components.
There are a few 3rd-party installers that handle that and set all the required permissions etc.
These are the ones generally recommended
*Note: currently all installers use the official microg version, so you can update it from its F-Droid repository.
♦️microG Installer Revived by nift4
README: https://github.com/nift4/microg_installer_revived#readme
Download: https://github.com/nift4/microg_installer_revived/releases
♦️MinMicroG by Shane the Awesome
You need to clean flash a rom that has signature spoofing support and flash this zip in recovery, choose the standard zip if unsure
README: https://github.com/FriendlyNeighborhoodShane/MinMicroG/blob/master/README.md
Get the latest release from here:
https://github.com/FriendlyNeighborhoodShane/MinMicroG-abuse-CI/releases
Or stable release from here (it may be outdated):
https://github.com/FriendlyNeighborhoodShane/MinMicroG_releases/releases
♦️FakeGApps Microg Installer by TheHitman
https://fakegapps.github.io
Features https://fakegapps.github.io/feature.html
FAQ: https://fakegapps.github.io/faq.html
Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat
♦️LineageOS for microG (Rom):
https://lineage.microg.org
♦️MicroG Official links:
https://microg.org
https://github.com/microg
https://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616
📲 MicroG official F-Droid repository
(Recommended to add if you use MicroG and enable unstable updates in fdroid)
https://microg.org/fdroid.html
Link to add:
https://microg.org/fdroid/repo?fingerprint=9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165
♦️Micro5k microg fork by ale5000
https://github.com/micro5k/GmsCoreMod
#microg #install #installers #pack #links
Just installing the microg components as user apps will partially function but you will not get full functionality without the main components installed as system apps, like the location components.
There are a few 3rd-party installers that handle that and set all the required permissions etc.
These are the ones generally recommended
*Note: currently all installers use the official microg version, so you can update it from its F-Droid repository.
♦️microG Installer Revived by nift4
README: https://github.com/nift4/microg_installer_revived#readme
Download: https://github.com/nift4/microg_installer_revived/releases
♦️MinMicroG by Shane the Awesome
You need to clean flash a rom that has signature spoofing support and flash this zip in recovery, choose the standard zip if unsure
README: https://github.com/FriendlyNeighborhoodShane/MinMicroG/blob/master/README.md
Get the latest release from here:
https://github.com/FriendlyNeighborhoodShane/MinMicroG-abuse-CI/releases
Or stable release from here (it may be outdated):
https://github.com/FriendlyNeighborhoodShane/MinMicroG_releases/releases
♦️FakeGApps Microg Installer by TheHitman
https://fakegapps.github.io
Features https://fakegapps.github.io/feature.html
FAQ: https://fakegapps.github.io/faq.html
Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat
♦️LineageOS for microG (Rom):
https://lineage.microg.org
♦️MicroG Official links:
https://microg.org
https://github.com/microg
https://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616
📲 MicroG official F-Droid repository
(Recommended to add if you use MicroG and enable unstable updates in fdroid)
https://microg.org/fdroid.html
Link to add:
https://microg.org/fdroid/repo?fingerprint=9BD06727E62796C0130EB6DAB39B73157451582CBD138E86C468ACC395D14165
♦️Micro5k microg fork by ale5000
https://github.com/micro5k/GmsCoreMod
#microg #install #installers #pack #links
GitHub
GitHub - nift4/microg_installer_revived: Install microG GmsCore, GsfProxy, FakeStore (or Play Store if you want so) and MapsV1…
Install microG GmsCore, GsfProxy, FakeStore (or Play Store if you want so) and MapsV1 to /system/ - nift4/microg_installer_revived
👍10👀1
FakeGApps
#microG #Installer
✅ Latest release can be found at https://fakegapps.github.io
Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat
https://fakegapps.github.io/feature.html
FAQ: https://fakegapps.github.io/faq.html
#microG #Installer
✅ Latest release can be found at https://fakegapps.github.io
Announcements Channel @FakeGApps
Discussion group @FakeGAppsChat
https://fakegapps.github.io/feature.html
FAQ: https://fakegapps.github.io/faq.html
👍4😭2❤1
Altair
A Companion App for FakeGApps MicroG installer
It can create configuration file with selected option and rebuild FakeGApps Package with that configuration. It's a one click process and you don't have to deal with configuration file manually.
✅ Module Installation toggle is for enabling Systemless installation. Click on Advance Features & Options card at website to learn more about it.
In short, You can install FakeGApps Package as Module.
🔗 Please read the FAQ before using this features.
Rebuilded FakeGApps can be found at Downloads/Altair folder. The file itself contain REPACK text.
📥 Download Altair APK
https://sourceforge.net/projects/fakegapps/files/FakeGApps/
https://fakegapps.github.io/app
@FakeGApps
@FakeGAppsChat
A Companion App for FakeGApps MicroG installer
It can create configuration file with selected option and rebuild FakeGApps Package with that configuration. It's a one click process and you don't have to deal with configuration file manually.
✅ Module Installation toggle is for enabling Systemless installation. Click on Advance Features & Options card at website to learn more about it.
In short, You can install FakeGApps Package as Module.
🔗 Please read the FAQ before using this features.
Rebuilded FakeGApps can be found at Downloads/Altair folder. The file itself contain REPACK text.
📥 Download Altair APK
https://sourceforge.net/projects/fakegapps/files/FakeGApps/
https://fakegapps.github.io/app
@FakeGApps
@FakeGAppsChat
👍8🔥3
Mozilla will be retiring the #Mozilla #Location Service
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
https://github.com/mozilla/ichnaea/issues/2065
https://github.com/microg/GmsCore/issues/2237
Comments
#microg
GitHub
Retiring the Mozilla Location Service · Issue #2065 · mozilla/ichnaea
The accuracy of Mozilla Location Service (MLS) has steadily declined. With no plans to restart the stumbler program or increase investments to MLS we have made the decision to retire the service. I...
😢17😐5👍3👎1🤔1🤬1
Universal Android Debloater Next Generation
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
Cross-platform GUI written in Rust using ADB to debloat non-rooted #Android devices. Improve your privacy, the security and battery life of your device.
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation
This is a detached fork of the UAD project, which aims to improve privacy and battery performance by removing unnecessary and obscure system apps. This can also contribute to improving security by reducing the attack surface.
Wiki
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/wiki
Download
https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/releases
#debloater #uadng
GitHub
GitHub - Universal-Debloater-Alliance/universal-android-debloater-next-generation: Cross-platform GUI written in Rust using ADB…
Cross-platform GUI written in Rust using ADB to debloat non-rooted Android devices. Improve your privacy, the security and battery life of your device. - Universal-Debloater-Alliance/universal-andr...
🔥20👍5❤4
Fire Toolbox
Collection of useful ADB (Android Debug Bridge) tweaks that can be applied to #Amazon's Fire #Tablets. The Toolbox project aims to help users fully customize and unlock the full potential of their tablets by putting all the power into their hands.
The Toolbox doesn't touch the system partition meaning all changes made can be reversed either through the tools/subtools themselves or through a factory reset. This means the Toolbox does NOT void your warranty.
https://xdaforums.com/t/windows-linux-tool-fire-toolbox-v33-1.3889604/
#debloater
Collection of useful ADB (Android Debug Bridge) tweaks that can be applied to #Amazon's Fire #Tablets. The Toolbox project aims to help users fully customize and unlock the full potential of their tablets by putting all the power into their hands.
The Toolbox doesn't touch the system partition meaning all changes made can be reversed either through the tools/subtools themselves or through a factory reset. This means the Toolbox does NOT void your warranty.
https://xdaforums.com/t/windows-linux-tool-fire-toolbox-v33-1.3889604/
#debloater
👍7🔥5
n0rthl1ght/ahwt: Another Hardening Windows Tool – GitHub
GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.
Denoscription (on RUS)
Program is a noscript generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.
All parameters placed in databases with the names of the operating systems that are used to.
Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.
All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).
#Windows #Hardening #Security
GPL-3.0 license
AHWT - another hardening tool for Windows operating systems.
Denoscription (on RUS)
Program is a noscript generator with collection of parameters and recommendations from CIS Benchmarks and DoD STIGs with some adjusments.
All parameters placed in databases with the names of the operating systems that are used to.
Parameters were checked and tested according to official MS documentation and researchers opinion.
Scripts generates in 2 modes - auto and manual.
All databases have profiles for each operating system min/med/full which corresponds with Minimum (only level 3 parameters (CIS lvl 2/STIG lvl 3)), Medium (level 2 & 3 parameters (CIS lvl 1 & 2/STIG lvl 2)) and Full (lvl 1-3 parameters).
#Windows #Hardening #Security
👍9🤯1
Forwarded from #TBOT: Take Back Our Tech
@takebackourtech
As part of my name change to Hakeem I've had to move 5GBs of email from my old inbox to to a new one. All this to change an email address but keep my emails.
Thankfully, software like imapsync makes it easy. Shout out to the legend Gilles Lamiral from France who developed the software and licensed it under the most software 'free' license that I know of.
"0 No limits to do anything with this work and this license.
1 GOTO 0"
His software also works with transferring Gmail and Office365 accounts - although there are some caveats as these big tech services make it a hell to get your data off of them.
There's also a web interface for the service that he runs completely for free. Please consider donating or getting support time.
With around 75K emails in my inbox, this whole process should take around 8 hours... - I should really get into the habit of cleaning it more often.
✌️ MORE POSTS | 🗯 CHAT GROUP | 📩 NEWSLETTER
Follow 🫶 @takebackourtech
Please open Telegram to view this post
VIEW IN TELEGRAM
👍8🔥3🤔2❤1
#microg Release v0.3.1.240913
https://github.com/microg/GmsCore/releases/tag/v0.3.1.240913
Full changelog
https://github.com/microg/GmsCore/compare/v0.3.0.233515...v0.3.1.240913
https://github.com/microg/GmsCore/releases/tag/v0.3.1.240913
Full changelog
https://github.com/microg/GmsCore/compare/v0.3.0.233515...v0.3.1.240913
GitHub
Release v0.3.1.240913 · microg/GmsCore
Changelog
Add support for license verification. Thanks @fynngodau
Add experimental support for in-app billing. Thanks @DaVinci9196
Add support for PoTokens. Thanks @DaVinci9196
Add support for MLK...
Add support for license verification. Thanks @fynngodau
Add experimental support for in-app billing. Thanks @DaVinci9196
Add support for PoTokens. Thanks @DaVinci9196
Add support for MLK...
👍13🎉7
Safe Space (A safe space for your digital valuables.)
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#cloud #Android #Security #Privacy
#EncryptedFiles
Safe space is an app that creates a separate place on your android device to store valuable files. This storage location is not visible to other apps and is encrypted by the system by default.
Features:
* Store files in a secure storage location that is not visible to other apps and is secured by device encryption and system authentication (Biometric and PIN/Pattern/Password)
* Open Images, Audio, Video, PDF documents and plain text documents
* Create simple text notes without leaving the app
* Dark and light mode
* ability to copy and move files
* Import from and export files to external storage without storage permissions
* Completely offline with no telemetry and data collection
https://f-droid.org/packages/org.privacymatters.safespace
#cloud #Android #Security #Privacy
#EncryptedFiles
👍25
#Bluetooth #vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
@androidMalware
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
@androidMalware
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations using…
🔥11👍4