• limerod@reddthat.comM
    link
    fedilink
    English
    arrow-up
    4
    ·
    14 days ago

    Initial Response from the Company After informing the company of the vulnerability affecting File Manager: File Explorer (used by over 10M+ users), the company responded that it does not consider the issue a problem and has not taken steps to resolve it

    Considering the miniscule number of people who would even attempt this. They do not bother which is good. Not worth the time to waste on this.

  • Moonrise2473@feddit.it
    link
    fedilink
    English
    arrow-up
    4
    ·
    14 days ago

    Tagged as a bug bounty?

    The guy wanted a bug bounty on something like this?

    Like if he discovered now that software can be cracked??

    Of course they weren’t interested, all the software is crackable. Even if the dev wasted one week of dev time to implement server side validation, then the for the cracker doesn’t change anything, they patch the server check to reverse the logic. Ok it’s a bit harder but if it’s worth, determined crackers will take the challenge.

    Look at denuvo and the thousands of online checks, all defeated eventually.

  • sbv@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    1
    ·
    14 days ago

    The app now needs to validate the response from the back end. If the attacker can bypass the purchase check, what prevents the attacker from bypassing the response from the back end?

    • Ace! _SL/S@ani.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      14 days ago

      Mostly nothing, but it’s enough to stop fully automated patching/modding the Playstore like Lucky Patcher does