this post was submitted on 29 Oct 2024
557 points (99.3% liked)

Linux

48287 readers
651 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

Since https://www.reddit.com/r/linux/comments/1gdhy7u/experimental_flathub_release_of_newpipe_on_linux/ got a bit of traction yesterday, this is WhatsApp straight from Meta running on Linux desktop using android-translation-layer.

android-translation-layer (ATL) is a Wine-like approach to run Android applications on Linux. Rather than running an Android container like for example Waydroid does this instead implements the Android API. Note that right now it's very much work in progress and almost no app will work yet, but the fact that they have apps like Newpipe and WhatsApp running already is very promising!

Join the Matrix chat at #android-translation-layer:matrix.org and follow along!

you are viewing a single comment's thread
view the rest of the comments
[–] ouch@lemmy.world 93 points 3 weeks ago (3 children)

I hope this makes it easier to do TLS sniffing and security research on Android apps. A lot of developers seem to rely on no one simply looking at how much information is exposed in the APIs apps use. Currently because it's much more difficult to sniff Android apps, a lot of privacy/security issues are not raised.

[–] f2sfljLhdtTZ@lemmy.world 20 points 3 weeks ago (1 children)

Can't it be reverse engineered? It's java bytecode.

[–] MonkderVierte@lemmy.ml 11 points 3 weeks ago* (last edited 3 weeks ago)
[–] qqq@lemmy.world 11 points 3 weeks ago* (last edited 3 weeks ago)

As long as it's installed on a device you control it's pretty easy to sniff TLS traffic from an Android application, even if they're pinning certs. I do this all the time for work. Frida makes it extremely easy, even giving you the ability to edit boringssl if something important is happening in native code. I've had to do this a couple times.

If you don't have root you'll have to recompile the application though which could matter if you need the signature to not change, but that isn't a common requirement.

It'd be nice to have a better way to test though; I've wanted to check out Waydroid. Some coworkers just use an emulator which works great if it doesn't need specific hardware.