The same way TikTok uploads "app_log", Douyin uploads "app_logs". Yes, it& #39;s an HTTP request. It& #39;s very common when you analyse Chinese apps.
Another HTTP request to http://beacon-api.aliyuncs.com"> http://beacon-api.aliyuncs.com (Alibaba cloud communication system) with your deviceId in clear text
When you start the app, #Douyin sends your location, bssid, deviceId and other stuff with a HTTP request to http://amdcopen.m.taobao.com"> http://amdcopen.m.taobao.com
Yes, this is what a privacy nightmare looks like
Yes, this is what a privacy nightmare looks like
These puppies falls are offered by #Douyin
Douyin send your MAC address as a parameter in one of their app_log requests...
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😡" title="Schmollendes Gesicht" aria-label="Emoji: Schmollendes Gesicht">
Worth saying, it& #39;s a violation of the Google Play Store rules but they don& #39;t care, they are not on the Play Store
Worth saying, it& #39;s a violation of the Google Play Store rules but they don& #39;t care, they are not on the Play Store
If someone from TikTok read this tweet: I know that the nasty stuff are in this encrypted content
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😘" title="Kusshand zuwerfendes Gesicht" aria-label="Emoji: Kusshand zuwerfendes Gesicht">
2 apps, same requests: on the left you have TikTok, on the right Douyin. Can you spot the differences?
=> mac_address
=> mac_address
Few weeks ago I decrypted the content of the app_log requests made by TikTok, it& #39;s time to do the same thing for Douyin https://medium.com/@fs0c131y/tiktok-logs-logs-logs-e93e8162647a">https://medium.com/@fs0c131y...
I need a coffee, meanwhile enjoy this pig
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😅" title="Lächelndes Gesicht mit offenem Mund und Angstschweiß" aria-label="Emoji: Lächelndes Gesicht mit offenem Mund und Angstschweiß">
I& #39;m back. Douyin and TikTok use the same library for the app logs but not the same version
It means the Frida function I made last time for my article is working with Douyin. I get the logs but Douyin shows me a no connection screen
I can bet the version of the "app_log library" in Douyin is the most recent version. Then, they will probably update TikTok.
My last tweet was probably not accurate, I deleted it. If you search Covid19 on #douyin you will get a lot of (old?) videos mocking US politicians/celebrities because they don& #39;t know the meaning of Covid19.
If you are a Chinese native speaker, can you tell me what he is saying?
If you are a Chinese native speaker, can you tell me what he is saying?
I understand he is talking about Covid19 and the independance of Taiwan but I don& #39;t see the relation between the two...
I& #39;m French, so I searched "sex" on #douyin
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😅" title="Lächelndes Gesicht mit offenem Mund und Angstschweiß" aria-label="Emoji: Lächelndes Gesicht mit offenem Mund und Angstschweiß">. This is top video for this keyword. I& #39;m a little bit disappointing
https://abs.twimg.com/emoji/v2/... draggable="false" alt="😂" title="Gesicht mit Freudentränen" aria-label="Emoji: Gesicht mit Freudentränen">
Joke aside, China is a very different world and it& #39;s always interesting to see how they handle "sex videos" on a giant network like douyin
Joke aside, China is a very different world and it& #39;s always interesting to see how they handle "sex videos" on a giant network like douyin
Before closing this thread, let& #39;s give a look at the MAC address retrieval methods. First thing, I& #39;m pretty sure they use different ways to get it.
In the a class of the http://com.ss.android"> http://com.ss.android .deviceregister package you can find this code.
1) Call e.i method with the Context as a parameter to get the mac
2) Check the shared preferences to see if the MAC address is already saved
1) Call e.i method with the Context as a parameter to get the mac
2) Check the shared preferences to see if the MAC address is already saved
You can cool stuff? Check the http://com.ss.android"> http://com.ss.android .deviceregister.d class. The previous i method, which can be renamed getMacAddress, is working like this:
1) Call getMacAddress() from the WifiInfo class
Since Android Marshmallow it returns a default value 02:00:00:00:00:00
1) Call getMacAddress() from the WifiInfo class
Since Android Marshmallow it returns a default value 02:00:00:00:00:00
2) If you get the default value, enumerate the network interfaces as explained in this stackoverflow answer https://stackoverflow.com/questions/33103798/how-to-get-wi-fi-mac-address-in-Android-Marshmallow">https://stackoverflow.com/questions...
Remember the 2nd tweet of this thread? This is why, probably not the only reason, they wanted the phone permission. They take the voicemail number of the user...