or its anticheat?

@@Toad-k7eye

@@Toad-k7e its not even a game

@ no one said it was.

@ it could also be DRM to prevent cracking

prob just cracking protection

​@@misternachname517 either that or they're doing something shady

you should check out the app's privacy policy, it's actually so stupid, how much stuff they collect. Them trying to hide from debuggers, jailbroken phones etc. just makes it so much scarier.

The "conspiracy" is that they spy on you every waking moment and sell the data to anyone who is willing to pay.

The UI looks like a typical chinese app, so what's the expectation?

"what sort of lunatic moron coded this piece of sh- oh... That would be me"

"I love writing code, I love testing code, and I really love developing code" -No CSC/CPE worker ever

Ha!! I looked around a bit but could not find the history here - best I could find (after recording/editing) was that TrollLock-Reborn uses this to back its respring functionality. Can't believe it's been around that long. This is awesome, thanks for sharing!

At that point its just malicious behaviour. That app should not even be allowed to be deployed

@@brycedotcounfortunately amy’s method stopped working in the developer betas of ios 18. its funny that it took so long for apple to decide to fix lol

Name looked suspicious, searched it and just found a white male whom people call something he's not and never will be 😑

omg my oomf in the wild

It's sometimes possible to make things that you run impervious to outside connections, but the moment a thing is running on the client side, you might as well assume the client has full control.

this only applies for client side

@@ggsap I mean, theoretically of course, but a determined enough adversary could physically break into your server room and make your server software clientside to them too lol

This. The most important thing when developing an app (that you want to keep secure), is that you can NEVER trust the client. No amount of signing, checksums, obfuscation, etc. can protect a client-side program from someone who is determined enough. All you can do is slow them down. The only thing you as a developer can ever trust is your own hardware, which is usually the server. Write your networked programs so that the server validates EVERY action, and denies any request from the client that is out of its bounds. Then you leave blindly attacking the server and trying to find vulnerabilities in private code as the only option for the attacker, which is 1000x more difficult than hacking client-side code, which can be debugged, reverse-engineered, etc.

@@Architector_4oh hey architector :)

Just learned a new word 😮

"protecting" your app binaries is already a bad idea to begin with

It takes awhile - I'm definitely still learning too. Keep at it!

the efficient pacifist

PETA approved

I was not ready for that lolll

i’m pretty sure PETA came up with this 😭

Much nicer :)

There is no malicious apps in the App Store. 😃

this is totally the only one, probably, i swear

As a developer in a big company here at US: No. They don't verify deeply our app, and it usually takes a few hours to get approved

Most of the software storefronts only do deep analysis on the softwares first submission. Later updates are usually quickly skimmed thru so they can get the new version up and running asap.

They are verifying their financial security, not your computer security.

(watching this thread so that if anybody has any recommendations, I can learn too, ty)

Closest I can think of is LauireWired

also you can apply a lot of this knowledge to android too

​@@brycedotcoMe too

​@@brycedotco There is something called ReVanced if you want to patch apps yourself Its a plugin patcher for Android Most known for patching KZbin It can patch any app Unless it uses Play Integrity API In which case that will need to be patched out using microG as a replacement As Play Integrity API requires code signing

not really given how interesting it is. It's not "basic knowledge", but it's not like it's obscure stuff either if you're an iOS dev

@kwiky5643 yes I agree, I'm not an IOS dev( I'm not in the apple ecosystem) and i can see what you mean, but still what he did is so cool I wanna try ios dev as soon as i get an apple computer and i have time

I appreciate that! I've never been sure if building a normal thing would be super interesting to people - this gives me some motivation. Thanks!

​How abt disassembly (viewing assembly code) instead of debugging, would the steps be different? @@brycedotco Same platform IOS

@@brycedotco It probably won't but this reverse engineering format is quite intresting!

Because macOS and iOS are forks of FreeBSD

it reminds me of the OPPO Theme Store, the UI design is very similar

@ i think it’s a chinese design language. if you look at chinese websites and apps, we would probably consider them cluttered and trashy

@@NithinJune True, they have very information dense design principles

In general: It's about regulation, fraud prevention, anti-cheating and IP protection. I'm sure there are other reasons too, but those are for sure the main ones.

The app has in-app purchases

1) this app is chinese 2) money can change hands in this app

nevermind, ignore this

Peat race

thats probably normal behaviour for operating systems but ofc windows just has to be different

@@bm1259 You'd think it's more of a problem than it really is. If Linux syscalls were so simple, there would be more Golangs that use it directly instead of libcs and musls :)

I wouldn't imagine so, it's a very different field of reverse engineering.

Yea, I wish! I'm an app dev who dabbles in reverse engineering, not a reverse engineer who dabbles in app dev, unfortunately 😅

@ you definitely have what it takes

Thank you!! I'm trying to make more of them this year! I have about zero expertise on the android side though - I want to learn, but we're probably a ways away from anything fun there!