change apk verion code (work in progress)

disclaimer: this is neither a supported guide nor allowed, i’m not suitable for any loss

issue

we want to republish the old app with a new version, e.g. an app got accidentally updated from playstore and isn’t working anymore – this was raised in a business case since google’s auto block update feature failed – more or less a challange to find a way to get it back working, let’s begin

the app

coose your desired app, in this example Avaya Workplace app available from Google PlayStore in version: 3.14.0.53.FA-RELEASE54-BUILD.19

we need to get the apk file of that app, extract/download with one of the service below

OnDevice Apk Extractor

Online apkpure

decompile

use apktool to reverse engineer the apk, extract and decode the resources to nearly original format, download required jre for java here

change verison

to change the version of the app, edit the apktool.yml in the extracted path, raise the “versionCode” as well the “versionName” above the last/current release

build

after the change we need to rebuild the decompiled and edited apk

apktool build $OUTPUT_FOLDER

sign and align

there is a tool Uber Apk Signer that helps signing, zip aligning and verifying Android application packages (APKs), you need a keystore generated with Android Studio or keytool

java -jar c:\temp\uber-apk-signer.jar -a "C:\temp\avaya.3.14_neu.apk" --ks /path/release.jks --ksAlias my_alias

test

install successfully, the newly installed version is above the original 3.14.x, deploy the app to the required devices, either manually, via EMM system or solutions like Samsung KNOX Configure

update is not possible, wenn try to install the app over an existing one – it fails – since the signature differs from orginal signed app to resigned version

reference “with a changed signature they will have to uninstall the current app before they can install the same app with the new signature”

Summary: Always use the same signature!

Check: http://developer.android.com/tools/publishing/app-signing.html

summary

… so walked amost the entire way, but got stuck at a crutial point, so either

• got assistance to get the signature working
• the signing process is as secure as google promise

state of cybersecurity in 2021

covid-19 changed the world, risks evaluated diffently, top trio of most critical scenarios for companies are business interruption for sure pandemic outbreak (again or further) and gain a top concern are cyber incidents

source: https://www.agcs.allianz.com/news-and-insights/reports/allianz-risk-barometer.html

every 39 seconds happens a cyber attack, on average, 2,244 times a day – your should be aware of and please don’t use common useraccounts and passwords

source: https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds

protact private devices, utalize BYOD and enable your workforce, take care with data loss prevention against insider as well as external attacker

source: https://pages.bitglass.com/cd-fy20q3-bringyourowndevice_lp.html?_ga=2.235220038.618124391.1595289181-1524125646.1582567517?&utm_source=blog&hsCtaTracking=cd233e49-f2ba-4af6-82ba-924b704c2fe9%7C4f956294-2451-4a11-bee2-609ab19d370c

NCSC warns for VPN vulnerabilities, get up-to-date and prepare for future demands, 60% of companys will eleminate VPN in favour of cloud until 2023

source: https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities

source: https://www.gartner.com/teamsiteanalytics/serveP DF?g=/imagesrv/media-products/pdf/Qi-An-Xin/Qi-An-Xin-1-1OKONUN2.pdf

cloud first, when your users aren’t inside your perimater, why should the data, prepare to migrate as 80% other will shut down datacenter until 2025

source: https://blogs.gartner.com/david_cappuccio/2018/07/26/the-data-center-is-dead

new changes, news technologies – support your workforce and prevent credential related attacks with passwordless technologies #ZeroSignOn

source: https://enterprise.verizon.com/resources/reports/2020-data-breach-inves tigations-report.pdf

as well, all facts are shown in video below (german)

Boximize – easy create/update database, forms and notes

… right from your mobile device for private productivity and currently 4free

What are the top features?

• 27 ready to use collections (see below for complete list)
• Customize collections by adding/removing fields or build your own from scratch
• Enter 20 different types of information (Text, Number, Picture, GPS location, see below for complete list)
• Password protect your data with a pin code
• Lightning fast searching and sorting
• Different themes to choose from
• Organize photo and video collections
• Record voice notes
• Take handwritten notes or sketch drawings
• Track locations on the map
• Keep track of timings using a built-in stopwatch

---

top rated and currently for free (10,99€), download here

Beyond eastereggs, things you probably don’t know

… IT is everywhere, some interesting facts you probably don’t know or haven’t heard even while using IT/it for years, some kind of eastereggs as greatings from the creators behind

1337 – leetspeak for the digital natives

---

IPoAC

IP over Avian Carriers (IPoAC) is a proposal to carry Internet traffic via birds, an RFC 1149 at Internet Engineering Task Force (IETF) from 01.04.1990

ping

the payload of an ICMP/ping request contains “abcdefghijklmnopqrstuvwabcdefghi”

cmd

install telnet-client as windows feature, open cmd and enter: telnet towel.blinkenlights.nl

wifi

set password to 2444666668888888, when someone ask’s for your password, tell him/her 12345678, but why? … it is calulated via 1*2,3*4,5*6,7*8

word

enter on a word file =rand(5,5) to generate random text

chrome

you know chrome’s offline easteregg and how to play online

you notice it when sites doesn’t load or videos can’t played… not at Firefox or IE google added in 2014 a little endless runner to chrome browser, the developer wrote about the idea – when your trying to load something and the connection suddenly stops – simply tab the screen or hit the spacebar -…

by matthias mader 21. March 202021. March 2020

“J”

on mobile you’ll receive emails containig an “J”, this is because outlook convert smilies in wingdings font, wich mobile display as a single letter J, K und L, instead of :), 😐 and 😦

firefox

enter “about:robots” in addres bar

google search

enter “(sqrt(cos(x))cos(400x)+sqrt(abs(x))-0.4)(4-xx)^0.1″ in google search

facebook

the IPv6 address auf facebook is “2a03:2880:f003:c07:face:b00c::2″

bluetooth

the name is a homage to Harald Blauzahn, the logo is a monogram of his wiking runes

apple

If you record yourself saying "Apple", the waveform is the Voice Memos icon. pic.twitter.com/oSvzE9UA1H

— Mike Rundle (@flyosity) April 23, 2015

amazon

there are lot clever 404 sites out there, but amazon’s favor the love of it’s employee’s dogs

• 

• 

• 

---

there a lot more easter eggs everywhere! read all 101 best Easter eggs in tech history @stuff.tv

the first website ever … and their furture

Tim Berners-Lee, a British scientist, invented the World Wide Web (WWW) while working at CERN (in 1989)

the current principales like “Respect and protect people’s privacy and personal data to build online trust” are listed at contractfortheweb.org

try out the first website at CERN – and in the entire world – was dedicated to the World Wide Web was hosted on it’s NeXT computer – using line mode browser simulator

The web was always meant to be a platform for creativity, collaboration, and free invention – but that’s not what we are seeing today

Berners-Lee

He and John Bruce founded back in 2018 a privacy focused company, the main idea is that user can control their data in online storage entities called Personal Online Data Stores (Pods) – the Enterprise Solid Server was launched to provide that service to customers

“Internet, a new human right” on one hand the EU discuss at a round table with Berners-Lee about the principles of internet @EU-Press – on the other hand initate a law about the “challenges” and “balance” about encryption (similar to the five eyes)

PDF Document

The progression of the Web sofar from a network of information (Web 1.0) to a network of people (Web 2.0/Social Media) followed by a network of things (Web 3.0/IoT)

The Best Is Yet To Come

Frank Sinatra

the state of cyber security in 2020

let’s get an overview about actual threads in 2020 – especially regarding spaming, phishing, whaling, vishing, etc.

30,000% increase in #COVID19 threats

The Evil Internet Minute 2020

as Jack Johnson already sang “Well I was sitting, waiting, pishing” … *just kidding*

phishing

is the primary way malicious actors trick people into downloading malware, which ultimately can allow attackers to access their organization’s network and steal sensitive corporate data

alongside with COVID19 phishing raised in importance and is further growing

since then google added proactive monitoring in place for COVID-19 related malware and phishing – 63% of the malicious docs blocked and block more than 100 million phishing emails per day with Machine Learning

Safari/iOS

it’s Safe Browsing feature also use Google, but be aware that “These safe browsing providers may also log your IP address”

Screenshot from Safari Setting at iOS

chrome

since a hyperlink doesn’t always target the name of the link, often pointing to another website URL

<a href='https://attack.com'>https://safe.com</a>

chrome is experimenting to easy spot spoof to determine the identity and authenticity of a site @blog

android

an example: an android app offers Coronavirus Safety Mask but delivers SMS trojan @zscaler

machine learning

“ML is rapidly becoming core to organizations’ value propositions (with a projected annual
growth rate of 39% for ML investments in 2020)” and it’s only natural that organizations
invest in protecting their crown jewels – Cyberattacks will further ultilize Artificial Intelligence (AI) @Microsoft Digital Defense Report

spear phishing vs. whaling

more tragetet with a reference to company, project or proposal – while whaling targets CEOs, CFOs, and other executives to gain access or steal bitcoin, with reported success rate up to 90% – even froms attackers that “not extremely technically advanced” @decrypt

new domains aren’t blocked and look as from corporate @zscaler

vishing

“criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information” targeting remote workers with social engineering and fake VPN page – the FBI warn in an Advisory

ransomware

it has been sneaking into our world at a remarkable rate, huge increase in the daily average of ransomware attacks, compared to the first half of the year – parallel is malware 39% down overall … “but trending upward”

Denial of Service

25% increase during the pandemic lockdown – unprecedented number of shorter, faster, more complex attacks – Hidden Impact: consume payed bandwidth & throughput

stay secure and healthy – both private and business

… use 2-Factor-Authentication

switch to modern authentication – sms as second factor is insecure

not only since twitter ceo jack dorsey was a victim with activated additional sms authentication for it’s account – now twitter disabled “temporarily” the ability to tweet via sms …that phone numbers and sms’s were not designed to be used as two-factor authentication systems, as they are insecure. Fabio Assolini, Senior Security Researcher at Kaspersky…

by matthias mader 9. September 2019

Hi, Speed – innovation kickback of actual keynote

…what apple annouced innovative right now

homepod mini

smaller and smarter as the big brother, automatically create a pair in the same room and placing an iPhone near give visual/audio/haptical effects with UltraWide Band Chip, later this year – communicate via Intercom with other device in my home or need apple devices *wow*

there are sonos and other smart speaker around but in my opinion aren’t that smart, preorder start november 6th, shipping begins november 16th for just $99

iPhone 12

all new design? looks like a “Back to the Future” iPhone5, but infact with quite competitive harware improvements: 5G speed, A14 Bionic, Ceramic Shield, Edge‑to‑edge OLED display, Night mode on every camera and finall LiDAR (Light Detection And Ranging) to measure object distance, from size mini to max

• iPhone 12 mini at $699
• iPhone 12 s at $799
• iPhone 12 Pro at $999
• Phone 12 Pro Max at $1,099

MagSafe

also there are still wireless charging options but not tuned, cutout for the clock in cases with magnetic clips and apple “enable an all new ecosystem” mean even more money

after the more or less disappointing keynote in september “Time Flies” with e.g. the iPadAir this was inspiring in terms of:

Stay hungry. Stay foolish.

Steve Jobs

android apps right on you windows desktop

Microsoft advance it’s Your Phone app, already possible to mirror your notification, photos and messages – for Samsung devices also possible with Link to Windows to mirror the entire screen, now able select with the latest Insider Preview Build 20185 to launch single apps

pin mobile apps to taskbar, Samsung Note20 will even allow running multiple apps, supported devices here

read about other options for non-Samsung devices

who is tracking you? visualize webtraffic behavior

google recently provided a chrome extention Ads Transparency Spotlight in an early version that visualize what cookies are used by whom

we’re providing this extension to help increase transparency in digital advertising. In the future, we also plan to add controls for users.

further interessting is the firefox plug Lightbeam that visualise the dependence of tracked cookies in the past

quite more interessting is to display what content is loaded from a reqested website, Requestmap visualise gathered data from visited sites and the third parties

scary hmpf … prevent of tracking with tracking free browser like Brave, Ghostery or DuckDuckGo

switching from honor/huawei to samsung … or the state of android usablitiy

in other words, switch from a non-google android to fully supported android, huawei is the parent company of honor, choose because it’s EMUI respectively MagicUI is quite close at iOS Usability, used a lot in the past years

• Honor 8 Pro
• Huawei Mate 10 pro
• Huawei P30 Pro
• Huawei Mate 20 Pro
• Honor P20 Pro

… but not it’s time to turn my back to Huawei/Honor, because:

• EMUI10 removed “Download” app
• Battery Optimisation is quite aggressive with required notifications
• tricky without google play services in the future
• integration into Windows 10 oder Android Enterprise, leaves space to improve

start the journey a new vendor – several years already owned a Samsung S6 edge (drowned without IP68 protection 😉 – finally choose Samsung S20

this is the second view of Samsungs Flagship smartphone, technical facts could be find else where, just want to focus on the handling

• download – huawei/honor removed it’s download app, also Samsung don’t offer per default a “download” app, but you could create several shortcuts in “My Files” App right to your homescreen *thumbsup*

• integration – Samsung expand strategic partnership with Microsoft, buildin “Link to Windows” it just connection to the Windows Your Phone App, available from PlayStore, Samsung Cloud is replaced with Microsoft OneDrive

• 5G – not required because on it’s way but yet not usable
• battery – with 4000 mAh, always running low in the early afternoon, “battery optimization” is more strict at Honor/Huawei, but seams to be more effective then generally reduce overall system performance at Samsung
• max power saving – in worst case there is an option to disable all smart features and leaves just a few app to enhance battery life for basic tasks, camera, telephone – at EMUI it was also possible to select from all installed apps, while Samsung offers just a predefined set (e.g. without brave browser, no telegram but whatsapp!?)

• 

• 

• multi screen – Samsung offers with it’s build in dex mode an easy way to enhange working from a mobile device attached to a large screen, Honor and Huawei as well, there also other options around

second screen – how to multi screen | updated

let’s check how to use display content at a second screen to raise productivity, there are several options to enlarge your screen, the power of your mobile device is most of the time enough to serve multi screen windows project, duplicate, extend are availabe options when hit windows key + p to open up charms bar…

by matthias mader 8. October 201927. January 2020

• dual sim – always use two SIM cards for different coutry’s, both offer the ability to configure settings per sim – at Honor it is easier to jump into SIM-settings with a homescreen shortcut, not possible at Samsung – here is it easier to switch between SIM services from notifiation panel, not possible at honor

• quick search – swipe down to open device wide search for app, contacts or internet content, Honor/Huawei open search and parallel opens keyboard to start typing – same behaviour at iOS devices, the keyboard automatically launch – your guessing it, i’m missing auto-launch of the keyboard at Samsung’s launcher

• 

  Honor

• 

  iPhone

• 

  Samsung

apple’s introduced app libary in iOS14 sort all apps, but search needs to be initiated via an additional click, at Samsung it require’s me to use fastfinder app or another launcher

• unlock – i tested all unlock options available at the market, the dedicated fingerprint is the most reliable and fast option in 2020, inscreen fingerprint quite slow, faceunlock is useless in while wearing a mask or during night in the dark
• android enterprise – i’m a fan of the profile separation, what a pity that google wasn’t able to provide the same usablity for all vendors – page vs. folder

• 

  Honor – separate page

• 

  Samsong – Work folder

• send attachments – like the buildin option to reduce file size when sending an attachement via mail at iOS or EMUI, missed at Samsung

• 

  iOS

• 

  EMUI

… there are some other pro/con on both sides, this is just a kind of best pratice summary sofar