Develop Bugs

[RELEASE] HTC Hub for everyone!

Hi,
You can download the rar's. They contain the xap. You can use any dev-unlocked device (also non-HTC). This was quite a reversing-adventure. I learned a lot.
A few remarks:
- This is not the latest version of the HTC Hub. It does not have the live-tile. Maybe I'll update later.
- I had to rewrite some parts of the code. It all works 100% but I think it can be done better, so maybe I'll update that later.
- Note the about screen

Word! It works but it still *****es about not being able to reach HTC's service. Great job regardless Heathcliff.
EDIT: The wild thing about it is, I can actually reach into HTC's section of the Marketplace through this app. That's crazy.

want to try
but I am getting errors unzipping with 7zip, what is the way you guys are successful with?

Heathcliff74 said:
Hi,
You can download the rar's. It contains the xap. You can use any dev-unlocked device (also non-HTC). This was quite a reversing-adventure. I learned a lot.
A few remarks:
- This is not the latest version of the HTC Hub. It does not have the live-tile. Maybe I'll update later.
- I had to rewrite some parts of the code. It all works 100% but I think it can be done better, so maybe I'll update that later.
- Note the about screen
Click to expand...
Click to collapse
Good work. Works on my Omnia7, the graphics look like sh*t though on my lovely screen
I don't get any errors or anything here - weather/time/location all work great. As fb401 says - you can access the HTC Marketplace, but you can access any Marketplace app as long as you know the ProductID.

Does access to the other apps from the marketplace on the phone allow use of the excellent HTC flashlight app or any additional HTC apps?

fb401 said:
Word! It works but it still *****es about not being able to reach HTC's service. Great job regardless Heathcliff.
EDIT: The wild thing about it is, I can actually reach into HTC's section of the Marketplace through this app. That's crazy.
Click to expand...
Click to collapse
Anyone having the message about not being able to reach the HTC server, plz verify that you have either Wifi or cellular connection and try refresh-button. It definitely works.
buffalosolja42 said:
but I am getting errors unzipping with 7zip, what is the way you guys are successful with?
Click to expand...
Click to collapse
Download both parts in the same folder and use WinRar.
jessej said:
Does access to the other apps from the marketplace on the phone allow use of the excellent HTC flashlight app or any additional HTC apps?
Click to expand...
Click to collapse
No, it won't work. You can try to install, but the program will try to use the HTC drivers and hardware, and it will quit. These programs need (a lot of) work to get running on other devices. Look here and here.

Heathcliff74 said:
Anyone having the message about not being able to reach the HTC server, plz verify that you have either Wifi or cellular connection and try refresh-button. It definitely works.
Click to expand...
Click to collapse
I was still plugged into my laptop in airplane mode. When I disconnected and went back, it worked perfectly.
Blade0rz said:
As fb401 says - you can access the HTC Marketplace, but you can access any Marketplace app as long as you know the ProductID.
Click to expand...
Click to collapse
Sure you can, but there's literally no way inside of the HTC walls on my LG phone besides this hub.

getting crc failure from file htchub1
edit*** downloaded on fedora then transferred to vm win7 and looks like file is ok after crc check

well done
thank u

Excellent job, will be bookmarking this thread to see if the live tile gets added. Great work Heathcliff.

Is it possible to get the HTC Connection Setup app to work on a non-HTC phone?

slysy said:
Is it possible to get the HTC Connection Setup app to work on a non-HTC phone?
Click to expand...
Click to collapse
I guess you're asking this to be able to get provxml working. Well, that's not really possible. Because the HTC Connection Setup calls the HTC drivers which will in turn process the provxml. So I would be able to get the HTC Connection Setup running, but it will not be able to call the driver on non-HTC devices. I guess in time we'll find the necessary security holes to get in the TCB chambers to execute these types of code and config files.
The OEM drivers are very usefull, because they provide (limited) access to the high-privilege TCB-chambers. The drivers contain hardware-specific functions and non-hardware-specific functions. Those non-hardware-specific functions (like registry- and file-system-access) are the most interesting for us. The drivers can be called from unmanaged code, which in turn can be called by managed code through a com-interface. But since we have no way to port drivers between devices (yet), those non-hardware-specific functions remain device-specific for now.

Heathcliff74 said:
I guess you're asking this to be able to get provxml working. Well, that's not really possible. Because the HTC Connection Setup calls the HTC drivers which will in turn process the provxml. So I would be able to get the HTC Connection Setup running, but it will not be able to call the driver on non-HTC devices. I guess in time we'll find the necessary security holes to get in the TCB chambers to execute these types of code and config files.
The OEM drivers are very usefull, because they provide (limited) access to the high-privilege TCB-chambers. The drivers contain hardware-specific functions and non-hardware-specific functions. Those non-hardware-specific functions (like registry- and file-system-access) are the most interesting for us. The drivers can be called from unmanaged code, which in turn can be called by managed code through a com-interface. But since we have no way to port drivers between devices (yet), those non-hardware-specific functions remain device-specific for now.
Click to expand...
Click to collapse
Thanks for the response. I asked because the Samsung Connection Setup app doesn't support my network, so I can't configure or use MMS. I know that the HTC Connection Setup app does however, so I want to use it to configure my network settings. Do you think this is possible (I didn't understand everything you said, so sorry if this is a silly question)?

slysy said:
Thanks for the response. I asked because the Samsung Connection Setup app doesn't support my network, so I can't configure or use MMS. I know that the HTC Connection Setup app does however, so I want to use it to configure my network settings. Do you think this is possible (I didn't understand everything you said, so sorry if this is a silly question)?
Click to expand...
Click to collapse
Hmm.. I don't know about that. HTC Connection Setup is not a solution, because you don't have the necessary drivers on your device. Samsung has a set of predefined xml's in the \windows folder. Every country has it's own xml with the settings of the known network operators. There is a trick to configure one of these. Info is in this thread. But I'm not sure if there is an xml on your phone that contains the info for your network operator. Good luck.

Heathcliff74 said:
Hmm.. I don't know about that. HTC Connection Setup is not a solution, because you don't have the necessary drivers on your device. Samsung has a set of predefined xml's in the \windows folder. Every country has it's own xml with the settings of the known network operators. There is a trick to configure one of these. Info is in this thread. But I'm not sure if there is an xml on your phone that contains the info for your network operator. Good luck.
Click to expand...
Click to collapse
wow it works well
now the question is
will the youtube app receive the same treatment?

domineus said:
wow it works well
now the question is
will the youtube app receive the same treatment?
Click to expand...
Click to collapse
Haha. Well, I haven't taken a look at that one. But I can assure you that reversing a Windows Phone Silverlight app is a very complex task. I have done this once, so I could maybe do it again. Depends on how much of the HTC driver has to be rewritten for that app. But I probably won't do that very soon. The truth is that I did this mainly to learn about the inner works of Windows Phone and Silverlight. And I have a couple of other 'projects' I'm working on, so I want to focus on that. Maybe someone else will pick up the task for the Youtube app.

thx Heathcliff74

Heathcliff74
thank u for the hub
do you know any way to add driver to other OEM from htc
long ago i have omnia 2 and we could add some DLL to windows to make compatible with Samsung
do you think to with could be able to play with youtube app from htc i can get him open but i dont have connection

ronalgps said:
do you know any way to add driver to other OEM from htc
Click to expand...
Click to collapse
At this moment we have no way to exchange drivers from different OEMs. Read my post earlier in the thread. Maybe I'll have a look at the Youtube app, but don't count on it. I'm very busy.

Works great on my omnia7!!!! What will happened if i will update hub via marketplace?

Android Security - PLAINTEXT AUTHTOKENS - How It Affects Us?

Recently Google have patched a 'major' security flaw where auth tokens were being sent in plain text.
Article is here: http://www.readwriteweb.com/archives/android_security_hole_a_problem_for_99_of_users_re.php
For developers, if possible, always use HTTPS and use oAuth authentications instead of authToken and shorten the length in which authTokens are stored.
Click to expand...
Click to collapse
How does this effect us? Are we able to pull this from Google with minimal porting or is it something that will take a harder/longer method to fix? Or am I missing something and this has already been fixed or doesn't apply to us?
Note that this only effects those that use public WiFi. You are not at threat if you use your own personal WiFi.
I would say this is fairly minor considering a stable, functional Android is more important than spending quite some time patching this. After all, I doubt many of us use public WiFi?

The GB repo is already up to 2.3.4. The article is pretty vague, just says that the fix is already in that version.
So if that's the case, the next GB release will already have it.

affects
also, good thing i dont use wifi!

The "fix" for Calendar and Contacts sync is in GB 2.3.4. The fix mainly consists of changing each app to use https instead of plain http to connect to their servers. But the google authentication API is probably used by a lot of other apps (e.g. Facebook, etc.) and each one of them would need to be upgraded accordingly.
Pretty sloppy stuff on Google's part; this authentication mechanism they used is ridiculously insecure. Why they didn't at least tie it to the phone serial number/MEID/whatever is incomprehensible. A 2 week authentication token that can be used by *any* device anywhere? Idiotic.
If you've got a good VPN going you should be safe. Too bad that running extra security layers like that also slows down throughput and increases battery drain...

Or you could avoid public WiFi altogether
Almost everyone with an Android device has a data plan/included data now.

When I'm traveling internationally I use public wifi because it's usually free, while data roaming is usually insanely expensive (like $15.00/MB...).

Guess you won't be using anymore public WiFi until you have it fixed, eh?
Curious to know if FRX07 will have this patch. Hopefully

ryannathans said:
Guess you won't be using anymore public WiFi until you have it fixed, eh?
Curious to know is FRX07 will have this patch. Hopefully
Click to expand...
Click to collapse
If Google isn't patching this in Froyo (I saw no note of that in the article) I'm not sure why you would expect that...

Dunno, I guess those who want to use public wifi will have to use Gingerbread. Thought I read something somewhere that Froyo carriers will be patching it, perhaps not.

FYI, Google has fixed it server-side for Calendar and Contacts.
http://www.engadget.com/2011/05/18/google-confirms-android-security-issue-server-side-fix-rolling/
You can avoid this just by not syncing images, which it is not fixing yet in either 2.3.4 or server-side.

heartbleed bug

xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.

dstarfire said:
xda-developers.com is listed as one of the sites affected by the heartbleed bug, but testing tool now shows no vulnerability. A quick search shows no
Why aren't you bragging about patching this bug and how awesome you are at protecting our data?
At the very least, a notice about what's being done to protect xda and how it affects users would be much appreciated.
Click to expand...
Click to collapse
I'm curious what site it was listed on?
Just for anyone who is interested...
As soon as the severity of the flaw was clear, we began updating our machines. Some services use pre-built packages and others use custom-compiled software (using the flawed openssl version). We updated all of our services within 30 minutes or so.
The forum.xda-developers.com hostname uses a 3rd party service who was still vulnerable to heartbeat after we patched our internal services. We opened a ticket with them - I'm sure by that point they were aware of the issue and a fix was already in the works. About an hour after that they had patched their services.
This is definitely one of the worst security flaws in the history of the internet - you pretty much have to assume that any communications thought protected by https have been compromised unless there were other protections in addition to SSL.

https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap

Isriam said:
https://github.com/musalbas/heartbleed-masstest/blob/master/top1000.txt
please patch asap
Click to expand...
Click to collapse
That list is old... see my statement above.

thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.

Isriam said:
thats fine, but just so you know that link is posted on front page msn.com under heartbleed headlines.
Click to expand...
Click to collapse
Sure, but not too much I can do about old information.

The link loriam posted is the one I found xda mentioned on. However, before I posted, I also checked a live testing website that showed xda as safe.
If anybody is interested, the url for that site is filippo.io/Heartbleed/

Unless there is updated information that I was unable to see, your SSL certificate is showing as being from 7 months ago. Shouldn't it be updated since that was part of the information that was vulnerable to Heartbleed?

Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.

wto605 said:
Are there any plans to replace and revoke the SSL certificates that were on the vulnerable servers? Since there are no logs it is impossible to know if anyone was able to obtain the private key for these certificates, and until revoked xda remains vulnerable to stealth MITM attacks.
Click to expand...
Click to collapse
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."

bitpushr said:
New certs are in process... the CA's are a bit backlogged.
We are vulnerable to stealth MITM attacks only if someone has recorder/intercepted our traffic, and also if someone was able to decode our private key. Of which both are unlikely (but possible). So while we do work to replace our certs, the priority is "hey, we are doing this" and not "hey, let's shut down our ssl services."
Click to expand...
Click to collapse
I totally agree (and believe me I'm hating this crap as much as I'm sure you guys are)... I just wanted to make sure it was in progress as I'm waiting to change my password until then.

Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.

Some progress in updating androids vulnerable openssl 1.0.1e ? Heartbleed is disabled (for me) but somehow i imagine unwanted changes like from apps etc
Sent from my GT-I9505 using xda app-developers app

GrammarNazi said:
Well, I'm glad that you guys are taking the necessary steps to keep your and your users information safe. I feel bad for whoever would try and hack XDA-Developers, because they would probably receive a huge backlash.
Probably bad enough to melt their computer.
Sent from my dictionary.
Click to expand...
Click to collapse
We would blow up all mobiles they own. Mwahahahah!
Sent from my HTC Explorer A310e using XDA Premium 4 mobile app

Our new SSL certificates are in place.

Glad to hear were safe. Maybe XDA should force all users to change their passwords?? In the security world it's just better off and safer to assume everything was compromised.
Sent from my Galaxy S4 using Tapatalk

bitpushr said:
Our new SSL certificates are in place.
Click to expand...
Click to collapse
Hi bitpushr,
How to use the secured connection when logging in and/or changing password in this forum? I haven't noticed any ssl connection when logging in and/or changing password from the control panel.

Online test for Heartbleed
There are sites that will test for it.

Medical app not compatible - is it potentially achievable for me to get it to work?

Hi,
I use continuous glucose monitoring to monitor my blood sugar, as I am a type 1 diabetic. The CGM I use uses Bluetooth to sync with an app (Medtronic's Guardian Connect app) and gives blood sugar data, safety alerts etc., but this app is only compatible with selected Android phones, which doesn't include any Oneplus phones. I really like the Oneplus 7t so I would rather not sell it if possible, so I was thinking of trying to make it compatible with the Oneplus and removing the phone model block. This has been done before with a different medical manufacturer's CGM app ( https://forum.xda-developers.com/oneplus-7t/help/medical-app-compatibility-t4015519 ), so I think it should be possible. Given my lack of programming ability, I was wondering if there are resources anywhere that might help with learning how to do this? Obviously they're not going to tell me "This is how you make this specific app work", but I'm just hoping to find some general resources on this type of coding. I have searched around with no success as I am not sure where to look. I gather it would take more than simply changing the buildprop file to trick the app into thinking it's a compatible phone.
Thanks.

Would help to know the app and what issues you're having. Is it not showing up in the play store? Does it give an error?

ziddey said:
Would help to know the app and what issues you're having. Is it not showing up in the play store? Does it give an error?
Click to expand...
Click to collapse
Sorry, not sure how I managed to omit all those details. The app is Guardian Connect (https://play.google.com/store/apps/details?id=com.medtronic.diabetes.guardianconnect&hl=en). I am able to download it, but when I open it it says "incompatible with your device", as it's only officially compatible with a limited subsection of Android phones (https://guardianconnect.medtronic-diabetes-mena.com/en_gb/app-compatibility). However, the Dexcom app that I linked in the first post also has limited compatibility, yet people have managed to get it to work with other android phones, so I'm cautiously optimistic that it will be possible for me to do the same.
I can't link URLs properly yet as I'm a new user, so I had to add those spaces in the links.
{Mod edit: Links inserted}

Riveon said:
Sorry, not sure how I managed to omit all those details. The app is Guardian Connect (https://play.google.com/store/apps/details?id=com.medtronic.diabetes.guardianconnect&hl=en). I am able to download it, but when I open it it says "incompatible with your device", as it's only officially compatible with a limited subsection of Android phones (https://guardianconnect.medtronic-diabetes-mena.com/en_gb/app-compatibility). However, the Dexcom app that I linked in the first post also has limited compatibility, yet people have managed to get it to work with other android phones, so I'm cautiously optimistic that it will be possible for me to do the same.
I can't link URLs properly yet as I'm a new user, so I had to add those spaces in the links.
{Mod edit: Links inserted}
Click to expand...
Click to collapse
Hello. Just wanted to inform you that I inserted the working links on your behalf (at least I assumed so).
I hope you'll find a solution for the issue soon.

Oswald Boelcke said:
Hello. Just wanted to inform you that I inserted the working links on your behalf (at least I assumed so).
I hope you'll find a solution for the issue soon.
Click to expand...
Click to collapse
Thanks for that

I have diabetes and want to use this app for checking my blood glucose level continiously on my oneplus 8pro phone but the app says its not compatible with the device. I don't know how to solve this problem.
Is there anybody who can help us with this?

Have you you guys tried to email the developer of the app to fix this?

I have diabetes and want to use this app for checking my blood glucose level continiously on my oneplus 8pro phone but the app says its not compatible with the device. I don't know how to solve this problem.
Is there anybody who can help us with this?

v.konvict said:
Have you you guys tried to email the developer of the app to fix this?
Click to expand...
Click to collapse
Yep, they weren't helpful at all though, unfortunately - they just gave a generic "keep an eye on the compatible device list" response. In the end I gave up and sold a Oneplus and got a Samsung.

Hi!
I just had contact with medtronic Belgium and they said; the more people call us the more 'problem cases' go to the IT'ers in America. So they mean how faster the problem will be solved so just give them a call
Greetings

https://m.apkpure.com/guardian-connect-us/com.medtronic.diabetes.guardianconnect.us/download?from=details
Needs stock, unrooted, bootloader locked, oos10

How can we fake the phone ID for an app?

HueyT said:
https://m.apkpure.com/guardian-connect-us/com.medtronic.diabetes.guardianconnect.us/download?from=details
Needs stock, unrooted, bootloader locked, oos10
Click to expand...
Click to collapse
Can this unlocking of phone be done for two other apps from Medtronic as listed below please?
CareLink™ Connect - Apps on Google Play
Diabetes data sharing
play.google.com
MiniMed™ Mobile - Apps on Google Play
Insulin pump display
play.google.com
Same error message as original post...
I am using an Asus ROG 5s Pro
Thanks in advance to anyone who can help

Can't use unlocked bootloader or rooted phones for medical apps as less secure

volkslove said:
Can this unlocking of phone be done for two other apps from Medtronic as listed below please?
CareLink™ Connect - Apps on Google Play
Diabetes data sharing
play.google.com
MiniMed™ Mobile - Apps on Google Play
Insulin pump display
play.google.com
Same error message as original post...
I am using an Asus ROG 5s Pro
Thanks in advance to anyone who can help
Click to expand...
Click to collapse
https://apkpure.com/developer/Medtronic%2C%20Inc.
Here is the list of all Medtronic's apps. Download the APK, then select the file from your Downloads folder in the Files app.
You may be prompted about the app being from an unknown source or risk to your device. Ignore the warning, tap OK, yes, or allow if prompted.
Hope this helps and as the post above already said I would consider calling Medtronic customer service and asking them to make the app available to all phones.

KemikalElite said:
https://apkpure.com/developer/Medtronic%2C%20Inc.
Here is the list of all Medtronic's apps. Download the APK, then select the file from your Downloads folder in the Files app.
You may be prompted about the app being from an unknown source or risk to your device. Ignore the warning, tap OK, yes, or allow if prompted.
Hope this helps and as the post above already said I would consider calling Medtronic customer service and asking them to make the app available to all phones.
Click to expand...
Click to collapse
Was actually hoping for a work around to use on phones that are not on the compatible list, i.e. for the app to not check for phone compatibility before starting.

volkslove said:
Can this unlocking of phone be done for two other apps from Medtronic as listed below please?
CareLink™ Connect - Apps on Google Play
Diabetes data sharing
play.google.com
MiniMed™ Mobile - Apps on Google Play
Insulin pump display
play.google.com
Same error message as original post...
I am using an Asus ROG 5s Pro
Thanks in advance to anyone who can help
Click to expand...
Click to collapse
I second this; rooted OnePlus 8 Pro running an A12 custom ROM
Personally I've actually come pretty close and was able to hide both Root and Developer Options from being detected using XPrivacyLua, but was unable to get MagiskProps working properly to get around the final "Your Phone is Incompatible" by spoofing as a Google Pixel (one of the primary "approved" devices) message, even after trying multiple older APKs combined with clearing data/cache

Zilch163 said:
I second this; rooted OnePlus 8 Pro running an A12 custom ROM
Personally I've actually come pretty close and was able to hide both Root and Developer Options from being detected using XPrivacyLua, but was unable to get MagiskProps working properly to get around the final "Your Phone is Incompatible" by spoofing as a Google Pixel (one of the primary "approved" devices) message, even after trying multiple older APKs combined with clearing data/cache
Click to expand...
Click to collapse
Thanks.
Actually the logic behind limiting the compatible devices boggles my mind because, other than replicating the screen of the insulin pump and sending data downloaded from the pump to health care providers, the app does not allow pump to accept commands from external devices. So I do not see what the concern is with allowing more devices to use the app...

volkslove said:
Thanks.
Actually the logic behind limiting the compatible devices boggles my mind because, other than replicating the screen of the insulin pump and sending data downloaded from the pump to health care providers, the app does not allow pump to accept commands from external devices. So I do not see what the concern is with allowing more devices to use the app...
Click to expand...
Click to collapse
There is no logic, just retarded medical industry bureaucracy BS.
I've contacted customer support multiple times and asked them the same question, only to get the same useless response of pretending to "pass on my feedback".
It's actually one of the reasons I wanna find out how to work around the problem even more; like who needs them to take proper control of a medical device that I own.
Would also be amazing to get a Wear OS app that displays the same or similar information to the app, but I don't see that being made by Medtronic for at least a decade.

Zilch163 said:
I second this; rooted OnePlus 8 Pro running an A12 custom ROM
Personally I've actually come pretty close and was able to hide both Root and Developer Options from being detected using XPrivacyLua, but was unable to get MagiskProps working properly to get around the final "Your Phone is Incompatible" by spoofing as a Google Pixel (one of the primary "approved" devices) message, even after trying multiple older APKs combined with clearing data/cache
Click to expand...
Click to collapse
Hi! Im struggling with getting this app working on my rooted xiaomi. Do you remember how exactly did you bypass those checks with xprivacylua?

Can I use banking apps on LineageOS with Magisk?

Hi. Apologies for the noob question. Is it possible to get banking apps, PayPal etc to work on lineage ? I've installed magisk but don't know how to configure it, even if it will do what I need. Is there a guide somewhere? Thanks.

aneng64 said:
Hi. Apologies for the noob question. Is it possible to get banking apps, PayPal etc to work on lineage ? I've installed magisk but don't know how to configure it, even if it will do what I need. Is there a guide somewhere? Thanks.
Click to expand...
Click to collapse
First of all, you will harm the security of your transactions if you wanted to use banking apps on a rooted phone.
Secondly, if such a banking app will work on a phone with root hidden by magisk, I would advise you to give up such an app or bank for the reason I mentioned in the first sentence.

ze7zez said:
First of all, you will harm the security of your transactions if you wanted to use banking apps on a rooted phone.
Secondly, if such a banking app will work on a phone with root hidden by magisk, I would advise you to give up such an app or bank for the reason I mentioned in the first sentence.
Click to expand...
Click to collapse
Why.... precisely? Beyond the generic rubber-stamp warning that rooted/custom ROM devices lack the security of stock builds, what data do you have that proves that running banking apps on phones with root/custom ROMs is likely to result in theft of my money?

aneng64 said:
Why.... precisely? Beyond the generic rubber-stamp warning that rooted/custom ROM devices lack the security of stock builds, what data do you have that proves that running banking apps on phones with root/custom ROMs is likely to result in theft of my money?
Click to expand...
Click to collapse
Generally speaking, this is how money can be stolen at the very least, but also more, since identity verification can also be done with bank accounts.
Do not combine "rooted" with "custom", as there is no close relationship.

Oh... I see. Thank you. I have no need for root to be honest. I just need to be running Lineage OS. Is that safe to use unrooted?

aneng64 said:
Oh... I see. Thank you. I have no need for root to be honest. I just need to be running Lineage OS. Is that safe to use unrooted?
Click to expand...
Click to collapse
Root does not increase the level of safety. It's good for you to use the original LineageOS, if it exists for your phone, and not use TWRP. It's likely that the bank's app won't object.

Just started to using LineageOS official last release from there website ((lineage-19.1-20230302-nightly-pioneer-signed)) . i have there mindtegapps for google integration. the problem is my carrier money transfer app crashs and doesn't starts. before i changed to LineageOS. this app was working on my phone original rom. is there any thing i can do to try to fix it? like crash logs or something i can try? i tried Google Carrier Services and Android System WebView. but nothing changed. it still crashs. is there away i can know which is the last supprted OS for that app? i mean they could just have not updated there app to newest google framework. idk for sure i am just guessing.
the app name " Orange Cash "

PC is rooted by default. People use banking sites and programs on PCs.
Phone will require same steps to prevent money steal.
Generally it is not the rooted phone by itself is source of trouble but user actions.
If user installs shady autocraticker from google play and give permissions to it thief would not need root to steal money.
To send a link by email or messanger and ask to enters credit card information thief does not need root permissions.
Criminals don't expect phone to be rooted. They pray on inattentive users.
It is often possible to have control of your own device with root and use banking.
Some banks allow to use browser instead of app.
Bank usually would call on the phone to accept login and transactions for additional security.
Decision depends on how much money user has on banking account, and how careful he is.

veseihaty said:
PC is rooted by default. (...)
Click to expand...
Click to collapse
That's why there are no PC banking applications/programs.
Using banking applications increases the security of transactions, which using only a web browser does not.
Thanks to apps, banks have the ability to continuously improve security on phones that have stopped getting security patches from the phone manufacturer. The use of push technology makes banking apps a cheap token.
The banks' action on this issue is beneficial to customers.

ze7zez said:
Generally speaking, this is how money can be stolen at the very least, but also more, since identity verification can also be done with bank accounts.
Do not combine "rooted" with "custom", as there is no close relationship.
Click to expand...
Click to collapse
What are you talking about? Rooting means *the user* has control over the device, vs the manufacturer. Not giving the user root privileges is all about the manufacturing retaining control over what you do with the device, and being able to push its bloatware on you, and nothing to do with security.
HOW exactly does giving the user root access damage security in any way?
I'm gonna go ahead and say that not only having root access does NOT threaten security, but the other way around, it improves it, as I can remove all the unsafe apps the manufacturer bundled with my phone.
You are wrong, you were asked to back up your claims, and you did not actually do so.

almafuerte said:
What are you talking about? Rooting means *the user* has control over the device, vs the manufacturer. Not giving the user root privileges is all about the manufacturing retaining control over what you do with the device, and being able to push its bloatware on you, and nothing to do with security.
HOW exactly does giving the user root access damage security in any way?
I'm gonna go ahead and say that not only having root access does NOT threaten security, but the other way around, it improves it, as I can remove all the unsafe apps the manufacturer bundled with my phone.
You are wrong, you were asked to back up your claims, and you did not actually do so.
Click to expand...
Click to collapse
Read the "Payment Services Directive 2", analyze, understand and acknowledge.
The XDA forum is for discussion, not for answering every question asked. That's what google is for, for example.

Yes, just use magisk delta.

ze7zez said:
Read the "Payment Services Directive 2", analyze, understand and acknowledge.
The XDA forum is for discussion, not for answering every question asked. That's what google is for, for example.
Click to expand...
Click to collapse
Why should I care about a European regulation, considering I'm not in Europe, and my bank is not European?
Regardless, said spec doesn't really give ANY justification either as to *why* a rooted phone would actually be unsafer in any way.
You didn't say "Because a stupid spec says so", you said "because of security concerns", of which there aren't any.