I hope this makes it easier to do TLS sniffing and security research on Android apps. A lot of developers seem to rely on no one simply looking at how much information is exposed in the APIs apps use. Currently because it's much more difficult to sniff Android apps, a lot of privacy/security issues are not raised.
Linux
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
Can't it be reverse engineered? It's java bytecode.
It's difficult
As long as it's installed on a device you control it's pretty easy to sniff TLS traffic from an Android application, even if they're pinning certs. I do this all the time for work. Frida makes it extremely easy, even giving you the ability to edit boringssl if something important is happening in native code. I've had to do this a couple times.
If you don't have root you'll have to recompile the application though which could matter if you need the signature to not change, but that isn't a common requirement.
It'd be nice to have a better way to test though; I've wanted to check out Waydroid. Some coworkers just use an emulator which works great if it doesn't need specific hardware.
I can feel it in the air. This is going to take off just like how wine and proton took off. We are going to go through another "Linux gaming" rush all over again and this shit is going to be fun. Let's go!!!
Wine was first released in 1993. I hope our children are there to see the take off.
Didn't it take off in the late 90's within Linux communities?
So I'd give this a few years, then.
in the late ’90s*
I don't think you should compare the two progresses. Technology is much better now. So, things will definitely move much faster than they did back in the 90s.
There is slightly more openness to androids layers than the win32 layers as well.
I still remember symlinking to binaries in my windows system folder back in the late 90s to be able to run office 95 under Linux. (The MSFT system files permitted some things to work properly that just didn't with the wine provided libraries back then)
I definitely hope so, so far it's looking promising!
So the native gnu userspace will become the third most used desktop linux runtime :P
Should have been called AITL (AITL Is a Translation Layer)
ATL can be “ATL is a Translation Layer”
AITLNGNU AITL is a translation layer and not GNU that is not Unix
Fascinating stuff. I'm glad we're entering this new era of Linux application compatibility! And all through the honorable work of developers who are doing stuff just for the fun of it.
This Android Translation Layer looks amazing for Linux phones. Waydroid is already pretty awesome, but it's just running full fat Android on top of your Linux system and has all the limitations that brings (poor to no notification integration with the host system, poor integration of filesystem, extra resource usage for all of the Android services, issues with power management and suspend, inability to change resolution on the fly, poor integration with host onscreen keyboard, etc). I've used Waydroid on postmarketOS and it's nice to be able to have Android apps available, but it almost feels like still carrying around a second phone, just that second phone is virtual. Something like ATL sounds like it properly integrates Android apps into the host OS. I need to give this a try soon.
Would anyone post a quick guide on how to run WhatsApp l using atl?
There is some documentation on https://gitlab.com/android_translation_layer/android_translation_layer/-/blob/master/README.md and I am rather sure it's the right project, but some sort of installer would be nice. I think installing all those dependencies by hand is not a good solution in the long run. Wasn't there supposed to be a flatpack container to be downloaded somewhere?
I think installing all those dependencies by hand is not a good solution in the long run.
Well, no. "In the long run" this gets packaged by distributions so you don't have to compile anything. Right now it's available for Alpine Linux and there is an AUR package for Arch.
Wasn’t there supposed to be a flatpack container to be downloaded somewhere?
There is a Flatpak (no c in that name!) base app available, and Newpipe has been packaged with that as a Flatpak, see https://flathub.org/apps/net.newpipe.NewPipe Ideally we get more stuff packaged up once more works but I don't think it's feasible to repackage everything out there so for a lot of applications you'll just have to have a locally installed ATL outside of Flatpak.
Very cool. I'll stick with a WhatsApp Matrix bridge so I don't have to install a Meta app, though.
You still have to install WhatsApp though, since it requires activity on your account (on the app) every 14 days.
Yea, get around that with sand boxing, but will probably switch to the android API layer now that it works with WhatsApp
Wao, I was not aware of that new enshitification clause. I've been off of anything related to Meta for over 8 years. The more I hear about what these ech giants keep pushing, the happier I am that I got out so long ago
It's been like this for many years, possibly since Facebook (as it was called back then) bought it.
slidge-whatsapp gateway for XMPP
Nice!
Do I need to run my own instance for this, or is it possible to do this without control over my instance?
I think you need to run the service yourself
Looks fantastic but how much are apps sandboxed? I don't want WhatsApp to see all my files for example.
I'm curious, doesn't WhatsApp require a phone number to be attached to an account? As in, I thought activating it doesn't work on devices without a SIM card?
I haven't used it in a while, but I think it just sends you an SMS with a code that you can enter manually, so yeah it works on devices without a SIM
Exactly. I created my whatsapp account in waydroid like this.
...but it can't run both in your phone and in your computer, right? For that you need the desktop app (which is Windows only) or the web app, which linux apps encapsulate right?
You don't need to install it on your phone, though.
I've never tried having the app on multiple devices - I specifically didn't want it on my phone - but it's worth a try. I use whatsapp web in firefox, and only start waydroid when I need to log in again. The third party linux apps just load whatsapp web in electron or something.
You're right, you can't run the Android (or iOS app) twice. If you want a second device running WhatsApp you'll need the web app.
and i cant even get Whatsapp to run because my phones bootloader is unlocked... life is unfair
Interesting, I could sandbox each app in a debian vm and remote control it from my phone with sunshine. Good luck trying to steal my personnal data devs
Interesting! The UI looks like it uses GTK for drawing widgets?
It does!
next we need microsoft store apps to run on Linux ig?
Edit: because some apps completely block wine or is distributed only from the Microsoft store
The people from Heroic are already working on this.
The talk gives a brief overview on what they've been working on like UWP/WinRT in Wine, Comet for GOG multiplayer features and more. But Lidwin also does a quick little sneak peek intro on a new project called Maxima Launcher, an open source replacement for EA Desktop / Origin that will eventually get Heroic integration too.