Do text apps capture keywords within a user's personal texts? - Xposed General

What extent, if any, do mobile phone text apps capture the keywords of its user's texts to send to ad networks in order to monetize it's apps?
I was reading the source code of the MOPUB ad network, and the source code stated:
"You can pass keywords from your app to MoPub as a comma-separated list in the ad view. They should be in the format of key value pairs (e.g. m_age:24). You can use any characters except for "&" and "=".
MPAdView *adView
= [[MPAdView alloc] initWithAdUnitId"AD_UNIT_ID" size:MOPUB_BANNER_SIZE];
adView.delegate = self;
adView.keywords = @"m_age:24,m_gender:m,m_marital:single";
[adView loadAd];
https://github.com/mopub/mopub-ios-sdk/wiki/Data-Passing"
So now I'm confused. We all know there are tons of text apps on apple/android, free and paid. I need to learn how these apps are able to make money for their company by reading the user's texts. My interest is the following:
1) Do apps read their user's texts to obtain data to send to MOPUB?
It appears from the code above that it is saying that when the text app users are texting their friends that words in the text that match the MOPUB's list of keywords is intercepted in real time, recorded, ie your age/gender, and then those keywords are sent to MOPUB to send advertising back to match those keywords. Am I reading the source code correctly? Is this happening on all text apps with the MOPUB source code?
2) Has anyone run any tests to capture this activity in real time so I can see how it is done.? I would appreciate any info on any work in this area.
Thanks,
media678

1) Extremely unlikely. It's far too complicated to interpret the context of a word like "24" or "male" or "single" on the fly on-device. Is that text referring to the sender, to their romantic expectations, to their current partner, or to their brother they're trying to get a date for? Or even to parts of a shopping list? Language is very complex, and an app that attempted to include that functionality, even poorly, would have 100x as much code trying to interpret keywords than they would have for the initial purpose of the app itself. It would use so much processing power that the app would run terribly and everyone would soon abandon that app. It's absolutely not economical.
It could possibly be done by sending a copy of every text to the developers server and doing the work there, but the cost of that kind of equipment would far exceed the revenue from showing the ads in the app. And after all the NSA media scandal, what company would be dumb enough to secretly intercept and store private texts? Sooner or later someone would notice, and the company would be in unbelievable legal trouble. It's not nearly worth the risk.
It's much more likely that the app generates basic keyword data with much simpler methods (such as asking you directly) or has a fixed list of generic keywords that's selected during development that they use to request ads. You're not reading the source code correctly. The ad service allows developers to request targeted ads via any method they choose, and does not imply that those methods must, or even can, include any hidden, on the fly, language-based data-gathering system.
There are probably no companies out there that are making any profit (or accomplishing anything else) by secretly reading users' texts.
2) Based on the above answer, there's nothing to capture. Google and Apple and Microsoft certainly do something similar with web usage, but they approach it very cautiously, protect it very carefully (even from themselves, in some senses), and guard the methods jealously. No one who can do it successfully is going to tell you how they do it.
If you really must know, you'll have to learn to decompile and reverse-engineer software, which is a slow and frustrating process and approaches illegal activity. You'll have to dig deeply into dozens or hundreds of text apps. And there's probably nothing there for you to find in the first place.
3) This doesn't have anything to do with Xposed Framework, and doesn't belong in this forum.
Also, your intentions appear to be either paranoid or invasive, and you seem to have some kind of obsession with the phrase "real time". You might want to take a step back and analyze your mindset here.

Text app capturing keywords dynamically
Sorry if I posted in the wrong location, I'm new here. I thought I was making a new thread in a general area.
As for a reply, its not an issue if it can be done, it's an issue how to do it properly. Integrate the MoPub SDK into your app.
Passing Keywords
Keywords allow you to target certain ad requests with user data. This feature is often used to differentiate a specific user demographic or users on different app versions.
You can pass keywords from your app to MoPub as a comma-separated list in the ad view. They should be in the format of key value pairs (e.g. m_age:24). You can use any characters except for “&” and “=”. Spaces are allowed, and special characters are discouraged.
MPAdView *adView
= [[MPAdView alloc] initWithAdUnitId"AD_UNIT_ID" size:MOPUB_BANNER_SIZE];
adView.delegate = self;
adView.keywords = @"m_age:24,m_gender:m,m_marital:single";
[adView loadAd];
MoPub recommends that the publishers use the standard keywords listed below for passing gender and age data. Applying this standard for passing first party data will result in targeted ads from the MoPub Marketplace and certain ad networks. Publishers who pass age and gender to Marketplace see an average lift of 20% in eCPMs.
For gender you would pass:
Example: m_gender:m for male or m_gender:f for female
For age you would pass:
Example: m_age:25
Using the same key value pairs, target campaigns using the keyword targeting function in the “Advanced Targeting” dropdown when managing campaigns on the MoPub Dashboard.
To target multiple keywords, use AND. If you want to use the OR clause, separate the keywords by a new line. To explicitly not target a property, put a “-” in front of the keyword.
Example: m_gender:m AND m_age:25
Example: m_gender:m
m_age:25
Negative Targeting: -m_age:25
To target a set of values for one keyword you need to explicitly pass each value with the keyword individually.
Example: fruit:apple AND fruit:banana AND fruitrange.
NOTE: This will only match line items which are targeting all three values (apple, banana, orange).
To negatively target a set of values for one keyword you’ll need to use the AND clause. For example to exclude a line item from being served when the ad requests contains the keyword fruit with the values set to apple, bananas, or oranges you would use the below express:
-fruit:apple AND -fruit:banana AND -fruitranges
Note: For native ads, you can pass in keywords using the MPNativeAdRequestTargeting class. See the Native Ads Integration guide.
PS: An app using software to capture real-time streaming wire data is a common reference, dynamic capture better?

Related

[Q] Hidden APIs to access public folders

Hi,
Write file access on Windows Phone 8 is very restricted. In fact 3rd party apps can only write pictures to the public picture folders. Other types, such as music, documents, or video folders cannot be accessed.
Are there hidden API calls available for accessing these folders (I am aware that applications using these APIs will probably fail Marketplace submission)?
Greetings,
Yes, there are but you need special permission from MS to use them.
Do you have more details about these API calls?
No...not really. I know there are APIs for everything we can't do as ordinary devs, but MS only releases these to certain groups (typically recognized development studios).
These include:
Native compiled APIs, to use with C++/C#
Appointment API (other than live calendar)
Bluetooth APIs
and some others.
thanks, this really explain a LOT of things.
Do you have an idea how to get access to these APIs? I already tried it with the MS developer support but they say that they don't know
I don't know exactly. But you can't get them through the usual ways. Maybe if you send them a physical letter asking xD?
There are native APIs accessible to regular users. You can read all Calendars since WP7.5 and starting with WP8 you at least can create a new Appointment in a Calendar but only through a Task so the user has the ability to edit it and he must confirm it. Bluetooth-APIs are also open in WP8 although not everything can be done through them.
There might be additional APIs you can gain access too if you work with Microsoft directly. I would suggest you contact one of the Microsoft Dev Champs near you (there is a "Find my Champ" App in the Marketplace) and get into contact with him.
But unless your App gains special permissions through Microsoft even though you might know about those APIs your App would not be able to use them.
And then they cry that Google won't give them the API for a youtube app....the irony
The problem with YouTube is more that there are APIs but that YouTubes Terms of Service prohibit using those APIs for competitors in the search engine space. So Microsoft is specifically prohibited because they own Bing. I hope you can understand the difference but I have a feeling you won't.
Thanks for all your comments. Please don't abuse this thread with company bashing because the situation is often more difficult than it seems. Thanks :good:.
I think wp8.5 may see some more APIs open up. Wp8 is rushed and many existing APIs on win8 simply does not exist on wp8.
Ms is taking a more cautionary approach for APIs as they don't want junior devs mess up the phones user experience like they did with Android.
Sent from my RM-820_nam_canada_246 using Board Express

App Distribution (CodeBurst MoneyTrak)

Hi,
The application "CodeBurst MoneyTrak Free" is a FREE application for managing your incomes and expenses, and it has the following features:
Feel free to use it and comment on this thread as to what changes you might expect. It is on the Play Store by this name.
This application keeps track of your incomes and expenditures leading you to a path of financial stability. Prominent features:
•You can have multiple independent accounts, either for different family members using the application, or different for official and personal purposes.
•You can SMS the person who owes you money with a simple click with a predefined message which can be edited
•Keep track of your expenses as well as income
•Add different categories of income sources as well as expenditure sources.
•Total balance can be viewed by date, month, yearly basis in the form of a summary
•Search tab for User, Category search
•Multiple currency display
•While searching or adding transactions, minimize work by directly selecting contacts form contacts list without typing

Accessing features in Windows phone 8(.1) development

When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
proch said:
When developing an application for desktop windows, there's always a way to access functionality - sometimes through back doors like the registry, etc... I'm developing an application for Windows Phone 8.1, but there are certain pieces of functionality that aren't exposed in the PRT APIset that is available to me. For example, we want to ensure that the user has password protection on the lock screen when using the application. There doesn't seem to be any associated APIs to readily use. So my question is, are there back door ways to do such things? How? Is there a way to access ALL system settings - like a registry or something of the like?
Click to expand...
Click to collapse
Another question would be - if something like intune can enforce lock screen password policies, shouldn't I be able to do it the same way that intune does it? If so, how? If not - why not?
It's not possible to check if user enabled lock screen password or not as far as I know
but if you want to made your app secure (because it may include important data)
you can create a password for your own application !
I did it in a little notepad app my password page allow user to set a password with all English and Persian Characters , numbers and special Chars like [email protected]#$ and etc.
Sent from my RM-994_eu_poland_1183 using Tapatalk
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
GoodDayToDie said:
It's pretty easy to check, using the registry, but at least in 8.0 that's not allowed at all for store apps (your app would get rejected). I don't know if the rules changed for 8.1. There are ways to sneak past the store checks, but they could pull your app from the store if they ever found out. I know of at least three ways to access the registry APIs (4 in WP8.1) and two of them are pretty hard to detect unless somebody checks for them specifically... but they're the kind of technique that malware uses, so such checks may be in place.
I don't know what InTune is doing, specifically - I'd need to pull the app apart to see - but there are special application capabilities (not normally available to third-party developers) that can query and even set policies. Apps without those capabilities will get Access Denied if they try to use the same methods though, and normally you can't add those capabilities to your app.
Click to expand...
Click to collapse
Thanks for this great and detailed information. See, that's exactly what I'd do if I were developing a desktop app - since i know that intune does it, I'd figure out how intune does it and voila. I'm finally getting over the idea that the same methodologies apply to windows phone development.
For my own educational purposes (since I want to understand this platform better), I would really like to know specifically how you go about accessing the registry APIs (for example). If there's any way for you to describe any number of these methods, I'd greatly appreciate it. Thanks again!
My NativeAccess libraries (check my signature, or search on the forum or on Codeplex) contain an example of one way to access the registry. The code is open-source; you may use the libraries as-is (don't expect to get them into the store, though I won't stop you from trying), use the source code as a reference, or modify/build them yourself; the license is very liberal (MS Permissive). The functions I use are generally documented on MSDN, in the desktop APIs section; the phone has the same functions, although the DLL names are changed and the header files hide them.

Angry Rant: Google's Search Algorithm Seems to Be Getting Worse Every Day

I remember a time when searching on Google was completely intuitive: It returned results that contained what I queried, and as long as I was somewhat competent in recognizing the subtle differences between certain word choices, those results were reasonable irrespective of whether I found what I had searched for. Lately Google seems to have set out on the goal of trying to programatically understand language. I completely hate the idea of a search engine trying to decide when the user would like to have words included in the search that weren't explicitly specified. For example: While using the word "love" in any query where the query as a whole is a commonly familiar set of words, such as "I Love Lucy", typically doesn't return any completely irrelevant results as long as you're not as deep into the search results as something like page 607, searching for something like "i love abcdefghijklmnopqrstuvwxyz" returns a barrage of links with bolded terms such as "Featured Story: Who the hell cares about abcdefghijklmnopqrstuvwxyz? I Know I Don't: A blogger's obsession with numbers.. [blah blah]... Top Stories... See More Like This...". I'm sure most of us know that that "like" is a synonym for "love", but I'm also sure most of us are aware that this is only true in certain contexts.
As another example, I remember querying "sed octal permissions pattern matching" and getting tons of results that seemed to suggest I was interested in results pertaining to "grep" and "awk" as well. The whole reason I had been searching for sed is that I was looking to create a script to be run on my router, which did not have the perl regular expressions feature compiled into grep, and awk was completely non-existent. I admit that including results for awk and grep could have been useful to people who weren't aware that they exist, but still, I don't believe pointing out software that provides similar functionality to that of one specified in a search query should be in within the scope of what a search engine tries to provide. Let people search for something like "sed similar functionality" or "alternatives to sed" and learn that, providing they use a decent search engine which doesn't prematurely assume things, there are other ways to go about their problem.
it
Recently, I entered the query "painless knee swelling damage", hoping to gain some insight as a frequent runner into whether or not swelling of the knee is likely to indicate that any significant injury is occurring when there is an absence of any pain. It returned results with things like "painful" bolded as a keyword. Here is a screenshot: WHY? I can't think of any signs more blatantly indicative of something being wrong with the algorithm of a search engine than when it returns the EXACT opposite of what the user has specified in their query. I realize these results don't seem to be the first that it gives, and I could see how it might be understandable for someone to think -- that after all instances of pages which are consistent with the query have been exhausted -- they should begin including things like often-associated words, closely spelled words, and synonyms, but only at the very end of all the legitimately relevant results. As you can see in the screenshot, the bastardizations of the user's query are not exclusive to the last listed suggestions; they're just seemingly tossed in along with the sensible results. It blows my mind that a company as large as Google can't seem to have someone review the validity of the so-often absurd suggestions generated by the search engine, or even better, adopt (or rather, revert to) algorithms that don't assume its users are so incompetent at expressing what it is they're looking for.
If a company were to exist who owned rights to the use of quotation marks, and made money each time someone typed them into a search engine, I'd truly believe that Google is acting in collusion with such a company because I literally have to put (even single) words in quotes, sometimes proceeded by a minus-sign just to avoid Google's outlandish interpretations of what seems like just about anything I search for these days.
Thank's got I am not the only one who thinks like you. For example, I just did a search with the following query: how to search in cpanel if grep is not available. And do you know what? The first results was: How to use Grep | Liquid Web Knowledge Base .... Uhmm... ok Google.
That's because Google is very commercial when it comes to search results these days. It's all geared towards advertising revenue. Results are tailored to your location, cookies, history, content of your Google account and your Google+ account. It also returns sponsored results first, but they're not listed as such anymore. And a lot of sites are being filtered out as well.
Whenusing Incognito mode you'll often get very different results.
I searched for 'g900f brick after factory reset XDA' yesterday. The first XDA result? third from the bottom.. The first page was almost entirely random, not even Android Central. I even got results for the financial times and Reddit. But not related Reddit pages, nope.
And if you search for certain things, they manipulate your search. For the fun of it, try finding a torrent. Google automatically alters the results to the paid sites. And ironically they don't consider location in that. I searched for a book yesterday, redirected me to over 300 ebook webshops exclusively for USA and Canada. That's 4000 miles from here. Useful Google. -.-
I've resorted to using Bing for some things..

Looking for help in application development

Hi all, I'm interested in FOSS-related stuff and I believe this to be the proper forum (Stackexchange is a bit of a headache to use). I was looking for making an impenetrable network modeled after Tor that uses bogon addresses for websites instead of .onion or .i2p, and it also encrypts all your traffic over a cryptographic hash. I intend it to be for iOS as a developer IPA. You might have to back-up and store your key on a SD card and the only way you can unencrypt it is to have access to that SD. And it also spoofs your IP so ISPs cannot see your traffic. It works similar to a DDOS in that it uses BGP and martian addresses. Once downloaded via Torrent, you will be taken to a Firefox page of an adminlogin.php page, where you enter your credentials into. I'll call this an "open circuit". After you have set your username and password, you will be taken to a "closed circuit" which is basically what I'll call "Ghost Web". I'm assuming your traffic would be kinda slow, but as for how much, I have no clue. Does anybody have knowledge in this realm? And even if I got a few things wrong, anything close enough that'll make my custom idea for a perfect network work? I know Media Land LLC hosts these websites. Although I heard they're illegal. Is that true, because I don't have too much knowledge in the terms of IPs and all that ish.
Reason I ask is because nowadays privacy and free speech is getting destroyed by Big Tech monopolies. There are social media applications out there, some of which I might add are rather decent, like Rocket.Chat, Viber and Threema, but Tor and other forms of network technology always fall victim to the same problems they tried to address, and in many cases got abandoned (like CJDNS). Lokinet uses the Oxen blockchain, which, while it does make Sybil MITM attacks more expensive, however not impossible. I want censorship and privacy to be inevitable 100% with this app.
Spetsnazzzz said:
Hi all, I'm interested in FOSS-related stuff and I believe this to be the proper forum (Stackexchange is a bit of a headache to use). I was looking for making an impenetrable network modeled after Tor that uses bogon addresses for websites instead of .onion or .i2p, and it also encrypts all your traffic over a cryptographic hash. I intend it to be for iOS as a developer IPA. You might have to back-up and store your key on a SD card and the only way you can unencrypt it is to have access to that SD. And it also spoofs your IP so ISPs cannot see your traffic. It works similar to a DDOS in that it uses BGP and martian addresses. Once downloaded via Torrent, you will be taken to a Firefox page of an adminlogin.php page, where you enter your credentials into. I'll call this an "open circuit". After you have set your username and password, you will be taken to a "closed circuit" which is basically what I'll call "Ghost Web". I'm assuming your traffic would be kinda slow, but as for how much, I have no clue. Does anybody have knowledge in this realm? And even if I got a few things wrong, anything close enough that'll make my custom idea for a perfect network work? I know Media Land LLC hosts these websites. Although I heard they're illegal. Is that true, because I don't have too much knowledge in the terms of IPs and all that ish.
Reason I ask is because nowadays privacy and free speech is getting destroyed by Big Tech monopolies. There are social media applications out there, some of which I might add are rather decent, like Rocket.Chat, Viber and Threema, but Tor and other forms of network technology always fall victim to the same problems they tried to address, and in many cases got abandoned (like CJDNS). Lokinet uses the Oxen blockchain, which, while it does make Sybil MITM attacks more expensive, however not impossible. I want censorship and privacy to be inevitable 100% with this app.
Click to expand...
Click to collapse
Welcome to XDA,
Privacy is a big topic, sure you will find your way in this forums loaded with knowledge.

Categories

Resources