Marketplace
I just wanted to see if this was affecting the potentially large user base on ozbargain since they are having their anniversary now and seem to be giving out lots of free money (with what appears to be strings attached it seems - wink wink). Is there a coincidence to the timing of this "feature" in the new app?
So I had a client who came in suspecting malware on his phone as it was automatically enabling auto sync even though he kept turning it off. My client explained that he does not normally see gmail notifications on his screen and this caught his attention. At first I thought he had installed a malware ridden version of gmail, so I disabled it via adb, but the behavior regarding sync persisted. I narrowed it down to the aliexpress app and I note that the latest version has introduced a permission to change the sync settings notably through the use of android.permission.WRITE_SYNC_SETTINGS.
The aliexpress app also appears to continually try to run itself even after it is force closed which is concerning, which has got me scratching my head for hours because this particular phone has the ability to disable the app from turning on at startup, but it nevertheless found a way to open itself in the background after reboot. I am still analyzing the latest aliexpress apk and consulting with peers to determine the nature of the threat.
Now turning on sync is not by itself anything to be worried about, but I suspect there is something more to this because from the past I know there is the potential that there might be some code to read notifications from other apps as was revealed previously in analysis of Pinduoduo's app. I won't go into too many details, but you can search for the news articles about it. Normally having sync turned on is not a problem and most people would be oblivious to the changed app behavior, but I have suspicions that hint that this might be part of a larger package of malicious code. Sync is important because it constantly refreshes the inbox and therefore increases the chances of the contents appearing in the notification tab where upon it can be extracted.
I have not had time to determine whether this behavior from the app widespread or if it only targeting certain individuals? This is something I have not quite grasped yet and a lot people on ozbargain probably have this app installed, so I guess this is a good place to ask and see what others are experiencing. Do not go randomly installing the app since it has not been given a clean bill of health, but if you already have it installed and want to see if I am just writing drivel, go ahead and see what happens when you turn off auto-sync. Alternatively install it on an old phone, use dummy credentials, play around with it. I do not have the time for this, plus it does not turn the sync on immediately after you switch it off, it can take up to an hour before it flicks back on. This is why I do not have that much time to play around with it. This is the behavior I am seeing though.
If you are the type of person to go "oh shit and panic", just uninstall the app until my colleagues and other security researchers have more time to determine whether this is really a threat. Personally I do not know why the app needs that permission and the only reason I can think of controlling it would be malicious, that's just my 2 cents. Does the app need to sync anything? No, definitely not.
Let's just say my client is somewhat politically sensitive and complained to me about his displeasure that the AFP was recently working with the Hong Kong police. That is something the Australian Government needs to explain to the public before it decides to pursue Tiktok. To me personally, I had no confidence in the government anyway and everything that has happened in my life has pretty much shown me that no government cannot be trusted.
On a side note:
For gods sakes, if Tiktok was an issue, why haven't we got someone inside ASIO working at showing us how that app is doing something illegal because "apparently" they are targeting Australians and by proxy it would not be a stretch to say the MPs themselves would be part of that net. Is there anything there? No government organization has shown me anything malicious about Tiktok, but then you look at the private sector and private individuals, even those in the private sector can show something like aliexpress seems to have something odd behavior that could be potentially malicious. Come on, man. I am serious, what is wrong with our country, I grew up here and it is falling apart. This is actually a problem, this has consequences because we all get distracted and then we ignore what the real threats are.
I know Tiktok got some bad press lately, but even that app does not exhibit this behavior. I am not trying to defend that app, but if you understand how neural networks function, if you suddenly scroll through some content and it randomly throws your child a perverted video and your child keeps their eyes transfixed on it, then it is going to keep recommending it because that is just the math doing its job. If you child likes looking at people doing silly stunts then it will keep recommending it. Ask yourself why your child needs to look at that content, maybe because life is pretty dry? Child can be substituted for adult too, but most complaints about Tiktok are framed from the perspective of a child.
Douyin, the chinese version, also has perverted content on it if you search for that content and in fact you can see many youtube compilations of very unsavory content. It is not just educational content on the chinese version of tiktok which is the spiel often spouted by conservative media outlets with an agenda. If you are seeking out that unsavory content then the algorithm will give it you, so I doubt removing the app from chinese control will do anything, but that is a side issue.
Tru dat