Sadly, it goes well beyond BIDV and Agribank as well. There is a lot of similar hacky fingerprinting done by all the Vietnamese banking apps.<p>My understanding is it's because there was some regulatory change in the last 1-2 years requiring identity fingerprinting using banking apps, and partially related with the new biometrics rollout [0]<p>[0] - <a href="https://xaydungchinhsach.chinhphu.vn/huong-dan-cai-dat-sinh-trac-hoc-tren-ung-dung-ngan-hang-119240630230745915.htm" rel="nofollow">https://xaydungchinhsach.chinhphu.vn/huong-dan-cai-dat-sinh-...</a>
I'm curious about this. I'm familiar with reversing http api calls using a mitm proxy. But this ain't that.<p>Are they able to load a .so/dylib file during runtime and just call a method on it as long as they know the name of the method? How does iOS even allow that? How does an iOS even get to load those files? Seems like that would be locked down.
Original hightlight from @opa334, developer of TrollStore [0]. There are also some sharing about that on his page like sandbox escape published by @wh1te4ever [1]<p>0: <a href="https://infosec.exchange/@opa334/114224756352953362" rel="nofollow">https://infosec.exchange/@opa334/114224756352953362</a><p>1: <a href="https://gist.github.com/wh1te4ever/c7909dcb5b66c13a217b49ea3e320caf" rel="nofollow">https://gist.github.com/wh1te4ever/c7909dcb5b66c13a217b49ea3...</a>
Showing a 5000$ bounty example of "enumerating all apps" sounds a bit disingenuous when this is more of a "check if this exact app by bundle name was installed not through store.<p>I also don't think that this deserves to be called anything as scary as an "zero day exploit", "sandbox escape".
So, the post author makes software for checking if bad apps are running on the phone, and is complaining that the banks are using their own home-grown system that they say violates Apple’s rules for checking for malicious apps, rather than doing is safely like the software the author sells does.