Profile picture
Elliot Alderson
@fs0c131y
, 11 tweets, 4 min read Read on Twitter
Hi @UIDAI,

This #Android app is asking their user to link their #Aadhaar card with the app. I thought it was illegal 🤔... and you?
The app description is priceless...
Apparently, nobody told to the guys in the "Made in #India" wagon that https exist.
So this app is asking for your #Aadhaar number and send it to their server in plain text...
Everything is fine 😁
📢 The developer is probably a Java developer who don't know Android at all. He used println to log stuff...
Hijack a session doesn't seems to be super difficult
Generate the token on the device side and send it to your server with a HTTP request should be ok...
They use modsecurity.org 🤫
I swear, it was like this before I came 😁
I'll stop here. You understood I guess: DON'T USE THIS APP!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Elliot Alderson
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Android #Aadhaar #India

More from @fs0c131y see all

Profile picture
Elliot Alderson
@fs0c131y
This morning, I have a stupid question in mind: How many private messages did I received since the creation of my Twitter account?
To be franc, I have no idea. I will write a script to get the answer 😁
I tried different Python libs but none is able to retrieve my direct messages 🤷‍♂️
Read 3 tweets
Profile picture
Elliot Alderson
@fs0c131y
Thread: I'm back from lunch, it's time to show you how to remove the root detection and the anti tampering mechanism from the mAadhaar app, the official #Android app of @UIDAI. 1/n
Like yesterday, I will work on version 1.1.4 of the application 2/n
The first step is the same 3/n
Read 23 tweets
Profile picture
Elliot Alderson
@fs0c131y
So @uidai developers used the IMEI as a password for the local database of the mAadhaar #android app but why it is a problem? What are the dangers? Small thread 🔽🔽🔽
As said yesterday, they used sqlcipher which is a good thing
SQLCipher will encrypt the database. To decrypt it, you need to define a "password" and this is where the problems come
Read 13 tweets

Related threads

Profile picture
Bar & Bench
@barandbench
#Aadhaar: Supreme Court Bench assembles, Justice AK Sikri pronouncing his judgment now.
#Aadhaar: Justice AK Sikri has authored judgment on behalf of himself and CJI Dipak Misra and Justice AM Khanwilkar.
#Aadhaar: It is better to be unique than the best, Justice AK Sikri starts his Aadhaar judgment.

Aadhaar has become the most talked about expression in the recent years.
Read 39 tweets
Profile picture
Prasanna S
@prasanna_s
#Aadhaar hearing continues.

CEO UIDAI has been granted permission to make a presentation at 2.30 pm. Petitioners allowed to put their questions in writing on Tuesday.
A-G wants to limit audience to counsels appearing in the matter considerig paucity of space. CJI smiles.

A-G continues reading from ID4D world bank report.

pubdocs.worldbank.org/en/20564144345…
Still reading from it. Lots of jargon. Too many occurrences of pretentious terms like "stakeholders" etc. Therefore not tweeting.
Read 47 tweets
Profile picture
sflc.in
@SFLCin
#Aadhaar final hearing- Day 10:
Hearing resumes. Kapil Sibal to continue with his arguments.
KS: Reads out the definition and purpose of biometric database.
KS: These definitions are from the national ID law of Israel. Points out the voluntary nature of the ID cards handed to the residents.
Read 68 tweets
Profile picture
SupremeCourtObserver
@clprscobserver
#Aadhaar Day 9; Session 1 - @KapilSibal begins with reading a newspaper report abt, how ppl are being denied pension because of Aadhaar. Justice Bhushan enquires - if there are so many problems with Aadhaar, then why 1.2 billion ppl have enrolled for it? #scobserver,
replies that difference between enrolment and requirement of authentication each time. Authentication requirement continuously leads to exclusion, which is a ground for challenging Aadhar. J. Bhushan seems non-convinced. #scobserver
J. Chandrachud says that exclusion can be because of 2 factors - lack of infrastructure and biological factor like old age. Observes that government can upgrade infrastructure. ASG Tushar Mehta questions claim of exclusion due to Aadhaar. #scobserver #Aadhaar
Read 14 tweets
Profile picture
sflc.in
@SFLCin
#Aadhaar final hearing- Day 9: Bench assembles. Kapil Sibal to resume.
KS: Refers to today's news report of old age pension. Authentication has to happen everywhere. So, if no electricity or WiFi is there, it results in exclusion.
DYC J. Exclusion also has two aspects: exclusion due to infrastructure and exclusion due to old age or other factors.
In case of infrastructure, it will have to be upgraded.
Read 37 tweets
Profile picture
Prasanna S
@prasanna_s
#Aadhaar hearing. Bench about to reassemble. Kapil Sibal to continue arguments for some of the Petitioners.
KS clarifies his point on 8 (3)(c) and says it is 'completely wrongly drafted' with respect to "alternatives"...because for authentication, according to defintion, there is no scope for alternatives.
Sikri J and Khanwilkar J are not so sure. Insist there are alternatives available. (Me thinks: Totally unnecessary and irrelevant discussion).
Read 38 tweets

Trending hashtags

#mujeres #Aadhaar #IWD2018 #AadhaarLies #Aadhar #eKYC #AmericanExpress #NITIAAYOG #indiaagainstcorruption #AadhaarKills #sexratio #RBI #AadhaarTheft #RightToEducation #AadhaarVictims #AadhaarFail #BiometricAuthentication #AadhaarInfo #Gates #AadhaarWidows #biometric #SupremeCourt #AadhaarWarOnWomen #AadhaarVictim #widows
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!