Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Denslow Steampunk
The Deezl Group
0
|
Posted - 2012.05.04 01:09:00 -
[1] - Quote
I was looking at the app store on my fone and found some eve online apps, (Aura and Nvanova to name some).
But are they safe to use?
I dont want to go downloading and using something that will; a) get my account hacked b) get my account banned or c) put a virus on my cell.
Thank you |
Degren
Red Federation RvB - RED Federation
234
|
Posted - 2012.05.04 01:11:00 -
[2] - Quote
Been using Aura for a while now, no issues. Plus, it has such smashing lil widgets.
But then, I'm not really allowed to have my phone on me very often, so keep that in mind. . |
Karl Hobb
Imperial Margarine
143
|
Posted - 2012.05.04 01:12:00 -
[3] - Quote
Confirming that Aura is p cool and I haven't lost my account yet. +1 in local |
Renturu
Tribal Spirit The Nest Alliance
186
|
Posted - 2012.05.04 06:27:00 -
[4] - Quote
I'd say they are only as vulnerable as you allow your device to be... Just like anything else; banking apps, Fecal... er, I mean Facebook, etc.,..
Be weary though. Recently there is a new hack against Android using hacked websites:
Drive-By If EvE WiS is Space Barbie, then I'm built like a Ken Doll:
Nothin' but 14 inches of T'aint; Smooth, from front to butt!!! |
Lexmana
Imperial Stout
402
|
Posted - 2012.05.04 07:11:00 -
[5] - Quote
EVEUniverse is awesome. Has everything you need and is as safe as they come - on App Store. |
okst666
Not Solitude Again Solitude Empire
163
|
Posted - 2012.05.04 07:16:00 -
[6] - Quote
I use Aura on my tablet. Pretty cool and nice UI. [X] < Nail here for new monitor |
Mad Mobius
Pandora Sphere Narwhals Ate My Duck
3
|
Posted - 2012.05.04 16:24:00 -
[7] - Quote
+1 for Aura with neat widgets, fitter, and database. Also comes with notifications for mails, skill training completions, and less than 24 hour skill queues. |
Vertisce Soritenshi
Varion Galactic Tragedy.
1616
|
Posted - 2012.05.04 16:27:00 -
[8] - Quote
http://www.youtube.com/watch?v=zvfD5rnkTws&ob=av2e
That video will explain everything that will happen if you download any EVE related app to your phone. EvE is not about PvP.-á EvE is about the SANDBOX! - CCP!-á Open the door!!! |
Tau Cabalander
Retirement Retreat Working Stiffs
666
|
Posted - 2012.05.04 17:05:00 -
[9] - Quote
Any EVE app can only do what the API key allows it to. If you are paranoid, don't use an API key with unlimited access.
|
Petrus Blackshell
Rifterlings
918
|
Posted - 2012.05.04 17:11:00 -
[10] - Quote
Aura is cool.
Use a limited API that only does what you let it.
It's called a "phone". Rifterlings - Small gang lowsec combat corp specializing in frigates and cruisers (all races, not just Rifters!). US Timezone veterans and newbies alike are welcome to join. Come chat in the "we fly rifters" in-game channel. Free fitted frigates for members! |
|
Alec Stacer
Raven's Flight Vanguard.
3
|
Posted - 2012.05.04 17:15:00 -
[11] - Quote
Eve universe is the best, but its only available for Iphone users.
Aura is the better program for Android users. |
Meryl SinGarda
Belligerent Underpayed Tactical Team
492
|
Posted - 2012.05.04 17:34:00 -
[12] - Quote
was fone easier for you to type or is that how they screw it up in other countries?
|
Ravak Nyyriki
Capricorn Rising
1
|
Posted - 2012.05.04 17:59:00 -
[13] - Quote
Aura is really good In my opinion. No issues at all with it. |
Denslow Steampunk
The Deezl Group
0
|
Posted - 2012.05.04 19:16:00 -
[14] - Quote
Thank you all for your views
Petrus Blackshell wrote:It's called a "phone". Thank you for the spell checking
Meryl SinGarda wrote:was fone easier for you to type or is that how they screw it up in other countries? It was easyer to type, and it was easyer to type cell instead of mobile |
Miilla
Hulkageddon Orphanage
288
|
Posted - 2012.05.04 19:24:00 -
[15] - Quote
Disassemble the APK file using Android SDK tools, then you can know for sure they are doing :)
you want to pull the APK using the Eclipse sdk plugin, then get a dex2jar then have fun :) You will see all the heavy lifting code that was compiler generated and not what they wrote but still is what the program is doing
I did just this exact thing with the facebook apk that is shipped by android vendors and updates, this way you can see exactly what they are grabbing from your mobile.
You can always proxy it and watch every web request.
As for viri on your mobile, check out Avast mobile scanner. It is on the Google app market now. I use avast on the desktop, it is decent for free. I havnt checked out the mobile version yet. I am developing on android atm so it will drive it nuts :)
I could mash up an Android Eve app, might get back to that once the new Carbon REST API is out, and I have more time, but I am busy doing bluetooth stuff.
Android has an "experimental" Oauth2 library included in the later API levels and Carbon REST is going to use OAuth 2 but the thing is, OAuth 2 is not finalised yet and subject to change, dont know why CCP are not usign OAuth until OAuth2 is final, or at least provide differnet ways to authenticate REST calls, shouldnt be a problem over SSL as long as CA chain checking is not disabled , which unfortunately most apps on droid do because they dont understand Certificates chains and Keystores so opens up droid to MITM attacks by just using any old self signed certs lol. |
Katrina Oniseki
Revenent Defence Corperation Ishuk-Raata Enforcement Directive
477
|
Posted - 2012.05.04 19:39:00 -
[16] - Quote
Miilla wrote:Disassemble the APK file using Android SDK tools, then you can know for sure they are doing :)
you want to pull the APK using the Eclipse sdk plugin, then get a dex2jar then have fun :) You will see all the heavy lifting code that was compiler generated and not what they wrote but still is what the program is doing
I did just this exact thing with the facebook apk that is shipped by android vendors and updates, this way you can see exactly what they are grabbing from your mobile.
You can always proxy it and watch every web request.
As for viri on your mobile, check out Avast mobile scanner. It is on the Google app market now. I use avast on the desktop, it is decent for free. I havnt checked out the mobile version yet. I am developing on android atm so it will drive it nuts :)
I could mash up an Android Eve app, might get back to that once the new Carbon REST API is out, and I have more time, but I am busy doing bluetooth stuff.
Android has an "experimental" Oauth2 library included in the later API levels and Carbon REST is going to use OAuth 2 but the thing is, OAuth 2 is not finalised yet and subject to change, dont know why CCP are not usign OAuth until OAuth2 is final, or at least provide differnet ways to authenticate REST calls, shouldnt be a problem over SSL as long as CA chain checking is not disabled , which unfortunately most apps on droid do because they dont understand Certificates chains and Keystores so opens up droid to MITM attacks by just using any old self signed certs lol.
This is me while reading that post.
|
Miilla
Hulkageddon Orphanage
290
|
Posted - 2012.05.04 19:43:00 -
[17] - Quote
http://developer.android.com/reference/android/Manifest.permission.html
List of permissions an android app has to declare in order to use specific features.
Be wary of apps that grab more permissions than you think they should require, usually its the devloper either being 1) lazy and grabbing them all in a copy and paste land grab and or 2) sneakyness ala facebook.
For example if a simple wallpaper app needs access to your sms, call logs and SD card, then simply dont use it, in fact dont use stupid apps like that in the first place :) |
Miilla
Hulkageddon Orphanage
292
|
Posted - 2012.05.04 20:03:00 -
[18] - Quote
If you want the code for Aura, I can decompile it for you and send you it . It is easy to do really.
It is also easy to raed, all you have to concentrate on is the critical calls for using any storage and network client calls or content providers for calls and messaging etc. |
Miilla
Hulkageddon Orphanage
292
|
Posted - 2012.05.04 20:26:00 -
[19] - Quote
PS: I am an Android developer :P (amongst other things) :) |
Miilla
Hulkageddon Orphanage
292
|
Posted - 2012.05.04 20:29:00 -
[20] - Quote
Renturu wrote:I'd say they are only as vulnerable as you allow your device to be... Just like anything else; banking apps, Fecal... er, I mean Facebook, etc.,.. Be weary though. Recently there is a new hack against Android using hacked websites: Drive-By
So they click a link with an APK file, and Android does what it should, asks if you want to install it, and the dumb user says yeah, ignoring all the Security options saying "VIEW NETWORK STATE" and "START AT BOOT" well yeah, hardly a hack, just praying on the ignorant. Nothing new nor technical here, more social attacking. AND they have to have SIDE LOADING ON which company field systems would have because they install locally at the vendor and not in a "consumer" app store, or they just clicked it on stupidly. I am coding specifically this scenario where a closed system field data capture app used in the field will have side loading enabled.. Then again I have to check whether this can be locked out once it is installed but would prevent remote updates.
Droid does have "ENTERPRISE POLICY" handling so they could prevent such attacks on enterprise enabled devices by enforcing a corporate device policy. That is the only real way to solve stupidly on the users part without crippling the phone at the API level.
Basically preventing social attacks or attacks from ignorant people just clicking YES to everything makes a phone as useless as a WIndows Phone 7, and end up with next to zero apps available due to said crippled APIs.
So this isnt a droid problem, it is a user / enterprise policy problem (or lack there of)
More info on 2.2+ policies
http://support.google.com/mobile/bin/answer.py?hl=en&answer=190930 |
|
Denslow Steampunk
The Deezl Group
0
|
Posted - 2012.05.04 20:38:00 -
[21] - Quote
Miilla wrote:PS: I am an Android developer :P (amongst other things) :) this is why most of what you said is gone over my head lol
i do understand to check permissions before install,
i use avast on my phone, iv not had any virus yet. but i do only realy download the main name dev apps. thats why im asking about these apps as they are not made by main devs or by CCP |
Miilla
Hulkageddon Orphanage
293
|
Posted - 2012.05.04 20:38:00 -
[22] - Quote
Denslow Steampunk wrote:Miilla wrote:PS: I am an Android developer :P (amongst other things) :) this is why most of what you said is gone over my head lol i do understand to check permissions before install, i use avast on my phone, iv not had any virus yet. but i do only realy download the main name dev apps. thats why im asking about these apps as they are not made by main devs or by CCP
The only option then is to read reviews and forums and ask on here about specific apps, generally if an app is being nasty, word spreads faster than a turd in a wind tunnel.
Good news travels, but bad news travels faster :) |
Miilla
Hulkageddon Orphanage
293
|
Posted - 2012.05.04 20:41:00 -
[23] - Quote
2 basic skills in life.
1) Common sense and 2) Gut feeling.
|
Miilla
Hulkageddon Orphanage
293
|
Posted - 2012.05.04 21:37:00 -
[24] - Quote
Denslow Steampunk wrote:Miilla wrote:PS: I am an Android developer :P (amongst other things) :) this is why most of what you said is gone over my head lol i do understand to check permissions before install, i use avast on my phone, iv not had any virus yet. but i do only realy download the main name dev apps. thats why im asking about these apps as they are not made by main devs or by CCP
There are no CCP apps and I don't imagine CCP will start reviewing apps given the fact they don't have the resources (read as recent layoffs). |
ModeratedToSilence
Republic Military School Minmatar Republic
1
|
Posted - 2012.05.04 21:42:00 -
[25] - Quote
Denslow Steampunk wrote:Thank you all for your views Petrus Blackshell wrote:It's called a "phone". Thank you for the spell checking Meryl SinGarda wrote:was fone easier for you to type or is that how they screw it up in other countries? It was easyer to type, and it was easyer to type cell instead of mobile
I really enjoy steampunk. Please don't belittle it. |
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |