Investigating a proprietary Android 2FA system

This article concerns an Android app used as part of a proprietary two-factor authentication (2FA) system. Investigation of the app and 2FA protocol reveals some interesting design decisions.

Overview

The 2FA system is similar to well-known offerings such as Duo Security and Okta Verify.… »

Investigating a historical Android anti-root protection system

This article concerns a specialised Android app used as part of a proprietary authentication protocol, developed in the late 2010s. Given the intended use case, the app features a number of aggressive security measures – the app uses FLAG_SECURE and does not run when developer… »

Spoofing Android device model via Smali patching

I recently came up against an Android application which gates certain functionality behind detecting a ‘compatible’ Android device – which mine was not. My usual approach, on a rooted device, would be to use XPrivacyLua to spoof the device information returned to the application, but… »

Customising OsmAnd voice navigation to remove route numbers

OsmAnd is an open-source offline map and navigation app for Android, based on OpenStreetMap data.

In my experience, OsmAnd's voice navigation is the most polished of all open-source Android navigation apps. However, it has a frustrating habit of always announcing street names in conjunction with… »

Guide: Magisk root and (Ed)Xposed using official releases on the Xiaomi Mi A2 (Android 9.0)

This is a guide on rooting the Xiaomi Mi A2 using Magisk and installing Xposed via EdXposed for Android Pie 9.0, using the official releases.

Unlocking the bootloader

Firstly we need to unlock the bootloader to allow us to flash new images. Go to Settings… »