-
8 votes
-
Censored contagion - How information on the coronavirus is managed on Chinese social media
9 votes -
Peter Hammill - Hemlock (1988)
3 votes -
Upgrading a classic: A first look at the technology of Final Fantasy 7 Remake
4 votes -
Moviefone, worth 1% of its former value, is being run by one employee after parent company’s bankruptcy
6 votes -
Curse of the Dead Gods | Early Access launch trailer
4 votes -
Winston Peters invokes Christchurch massacre as NZ's deportations row with Australia escalates
5 votes -
Vatican opens archives of World War II-era Pope Pius XII
6 votes -
Hidden third party telemetry found in Nokia 6.2, 7.2 smartphones
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it...
Update 12/03/2020: this is not a telemetry, but a kill switch from Colombian carrier - confirmed by HMD. Kill switch will be removed from most devices soon. I updated an article and posted it here.
Original article below:
I have recently purchased Nokia 6.2 and wanted to check if it sends any data somewhere, considering what happened with previous models
First, I noticed approx. daily connection to
dapi.hmdglobal.net
This is a Google Cloud that could belong to a company behind Nokia - HMD Global.
But the Privacy policy in my phone only speaks of "activation" process, not of daily diagnostics data.
So I used developer tools to remove the following packages (warning: this may break your device, I am not responsible for any consequences)com.hmdglobal.enterprise.api com.qualcomm.qti.qms.service.telemetry com.qualcomm.qti.qmmi com.qualcomm.qti.qdma
Before removing them, I used APK Extractor to save APK files just in case it breaks my phone and I may be able to attempt reinstall. This part comes into play later.
The first was my blind guess about what exactly connects todapi.hmdglobal.net
The next 3 I found mentioned in various forums for other devices as "safe to remove", however, I have not seen any telemetry sent to Qualcomm or anywhere else, except what I mention next.After removing these packages, I noticed that there are some remaining unknown connections my device attempts several times per day.
They are all done in same order, one right after the other:www.pppefa.com www.ppmxfa.com www.forcis.claro.com.co
After some investigation, I found that the first two domains point to some Microsoft Cloud servers rented in US.
The last one most probably belongs to Colombian telecom company, and this is where it becomes interesting.
After many hours of fruitless removing of different apps in my attempt so stop it, I suddenly remembered something.
When I used APK Extractor previously, there was an empty first line with some generic icon where an app icon should have been.
I went there again and indeed, this is a hidden system app, that you can not see in the list of all apps in Settings, normally. But it turns out, you can see it in Data usage (after it successfully sends some data using your mobile connection).
The name of the app is deliberately left empty to hide it, but if you click it in Data usage, you can see that this app isco.sitic.pp
, which can receive SMS, can make calls, and has access to internet.
As with all Android apps, you can reverse read the name to guess what it is.
Turns out, http://sitic.com.co is a Colombian company, who "are leaders in innovation and create mobile and WEB applications for new products and services." (credit goes to Google Translate)screenshot of the app with permissions
In other words, this app is a 3rd party telemetry, hidden from user, not mentioned in the Privacy policy, that has access to SMS.
This looks very bad and I really hope this is a malware injected by factory and not something knowingly distributed by Nokia, HMD Global, the EU company.After removing the
co.sitic.pp
app, requests to Microsoft Cloud and Columbia stopped.
I was later pointed to a German forum, where (I believe) it was first found in a Nokia 7.2 device.
So, we have it confirmed in 2 devices in 2 different countries.On German forum they contacted Nokia (I assume support) but got tired exchanging emails for weeks without any result.
On 02/03/2020 I have requested an official reply from Nokia and HMD Global via press.services@nokia.com and press@hmdglobal.com and waiting for reply.
Since I am not a journalist, I may never get one.TLDR: 3rd party telemetry is found in Nokia 6.2 and 7.2 devices, is hidden from user, has access to SMS, and sends data to Microsoft Cloud in US and a server in Columbia.
It is probably supplied by SITIC S.A.S., a Colombian company, and looks more like a malware than a telemetry.28 votes -
Fortnightly Programming Q&A Thread
General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads. Don't forget to format your code using the triple...
General Programming Q&A thread! Ask any questions about programming, answer the questions of other users, or post suggestions for future threads.
Don't forget to format your code using the triple backticks or tildes:
Here is my schema: ```sql CREATE TABLE article_to_warehouse ( article_id INTEGER , warehouse_id INTEGER ) ; ``` How do I add a `UNIQUE` constraint?
6 votes -
The growth of command line options, 1979 - present
8 votes -
Alphabet launches Tidal, a moonshot to save the world's oceans
15 votes -
Photographer Maria Lax comes from a northern Finnish town where UFO sightings were common – so she set about looking for answers
5 votes -
This marsupial, the swamp wallaby, is the only animal that's always pregnant
10 votes -
Choppy waters of Brexit threaten Danish fishing – after Brexit the UK is taking control of its exclusive economic zone, stretching up to 200 nautical miles offshore
7 votes -
Russia, Turkey may have carried out war crimes in Syria, UN says
7 votes -
Have I Been Pwned is no longer being sold, and Troy Hunt will continue running it independently
29 votes -
What is Finland's Phenomenon-based Learning (PhenoBL) approach? This approach breaks down subject-based compartmentalisation of knowledge
7 votes -
Tild~ers who live in authoritarian regimes (China, Russia, Saudi Arabia, etc.), what differences and misconceptions would you like to clear up?
I'll start with @TheFanficGuy's reply to a comment of mine where he said you can bring down an authoritarian regime without a coup'd etat/successful civil war, although I admittedly can't really...
I'll start with @TheFanficGuy's reply to a comment of mine where he said you can bring down an authoritarian regime without a coup'd etat/successful civil war, although I admittedly can't really imagine any dictator just giving up power like that unless it hurts their economic allies. (And the Arab spring shows this above all else.)
I also wouldn't be surprised if many of these regimes only make a minimal amount of effort to keep their population shut.
21 votes -
The awakening of Norman Rockwell
7 votes -
What have you been listening to this week?
What have you been listening to this week? You don't need to do a 6000 word review if you don't want to, but please write something! If you've just picked up some music, please update on that as...
What have you been listening to this week? You don't need to do a 6000 word review if you don't want to, but please write something! If you've just picked up some music, please update on that as well, we'd love to see your hauls :)
Feel free to give recs or discuss anything about each others' listening habits.
You can make a chart if you use last.fm:
http://www.tapmusic.net/lastfm/
Remember that linking directly to your image will update with your future listening, make sure to reupload to somewhere like imgur if you'd like it to remain what you have at the time of posting.
10 votes -
Why you’re doing audio levels wrong, and why it really does matter
10 votes -
What is/was your favorite console, and why?
This is not meant to be a "which is best"-style console war question but instead one of personal affinity: which console, if any, do/did you love the most, and why? Whether you're a diehard...
This is not meant to be a "which is best"-style console war question but instead one of personal affinity: which console, if any, do/did you love the most, and why? Whether you're a diehard Dreamcast fan Hello friend!, you have fond memories of your first Gameboy, or you think the PS4 is the best piece of technology of all time, tell me your story and why it means so much to you.
Also, I know we have a lot of primarily/strictly PC gamers here, so if you're wanting to view that as a console, feel free -- whether that's looking at the platform as a whole, an individual piece of hardware (e.g. my laptop from college), a specific time period (e.g. the early 2000s), or some other division. The question is about attachment to a device with a lifecycle and identity, which computers undoubtedly have too, just in different ways from consoles.
19 votes -
Norway adopts initiative for sustainable mining – TSM requires mining companies to annually assess their facilities' in areas including energy use and greenhouse gas emissions
3 votes -
The twenty-year argument between Joe Biden and Elizabeth Warren over bankruptcy, explained
10 votes -
The enduring, understated brilliance of ‘Better Call Saul’
10 votes -
National news agency, Australian Associated Press, will be shut down at the end of June after its owners decided it was no longer sustainable
12 votes -
If you were to run for president in your country, what would your platform be?
I'm Brazilian, and personally (in the most radical, electability-indifferent and honestly meme-y campaign) would go for Bernie with the campaign finance and tax reform but with a platform for...
I'm Brazilian, and personally (in the most radical, electability-indifferent and honestly meme-y campaign) would go for Bernie with the campaign finance and tax reform but with a platform for civical reform like putting STV as the nomination method for our chamber of deputies and supporting automating or funding new technologies to replace menial labor, like funding lab grown meat to replace all farming companies and labor now or robotics to automate large parts of the industrial and service sectors and use that money saved from not paying wages to people doing bad jobs to fund free universities and better schools/wages/welfare/infrastructure to the people once doing that work, along with adding civics and economics as subjects in school and always including notes as to where do you use the content you're learning, along with requiring subsidiaries to go independent or drop their branding. Clearly this isn't very realistic so feel free to expouse absurd policy.
14 votes -
Suggest me an anime - just finished Dr. Stone
I just finished the first and (for now) only season of Dr. Stone. I loved it. It's definitely a shounen, but interesting characters and the whole science plot makes it a good watch for adults. I...
I just finished the first and (for now) only season of Dr. Stone. I loved it. It's definitely a shounen, but interesting characters and the whole science plot makes it a good watch for adults.
I like the idea of learning interesting stuff through anime.
I like shounen with a twist — the typical juvenile stuff usually bores me to no end (the last one I gave up was My Hero Academia). And seinen is usually too serious and dry for my taste. I guess I'm hard to please!
I also like:
- Death Note (pretty smart with a great premise)
- Overlord (now I know VR fantasy is a whole sub-genre, but at the time it was new and awesome for me)
- Code Geass (a tad too political for my taste, but a great main character)
- Fullmetal Alchemist (the first one)
- Mob Psycho 100 - one of my recent favorites
- One Punch Man
- Netflix's Castlevania (not actually anime but whatever — great anime-like cartoon)
I dislike:
- Fillers and useless scenes (like on Attack on Titan)
- Pure Drama / Pure Romance
6 votes -
Are there any fans of the SCP Foundation wiki on Tildes?
I really want to talk about the SCP Foundation with other people, so let's get a thread going! For those of you who don't know, The SCP Foundation is an online creative writing project where...
I really want to talk about the SCP Foundation with other people, so let's get a thread going!
For those of you who don't know, The SCP Foundation is an online creative writing project where people write fake files and stories about The Foundation, a secret organization committed to containing various anomalous creatures. It's a really cool website, one that I recommend to anyone who likes thrillers, horror, sci-fi, or are just looking for something interesting.
Be warned though, there are over 4,000 entries on the wiki (they just had a 5,000th entry writing contest), so if you are feeling overwhelmed by the number of articles, feel free to start out with SCP-2030, one of my personal favorites. And if you're someone who prefers audiobooks to regular reading, a YouTuber going by the name Brendaniel has a great video narrating SCP-2030.
29 votes -
Sophos has received an offer to be acquired for $3.9 billion by private-equity firm Thoma Bravo
8 votes -
The tragic story behind The Eye of Argon, the worst fantasy book ever written
7 votes -
Death Stranding for PC will release on Steam and the Epic Games store on June 2, 2020
10 votes -
U2F help proposal
So, I cannot really financially contribute, but I'm a backend developer and I'd like to be able to authenticate using U2F 2FA. I'd like to know if you would be open to let me try to make a patch...
So, I cannot really financially contribute, but I'm a backend developer and I'd like to be able to authenticate using U2F 2FA.
I'd like to know if you would be open to let me try to make a patch that would add this feature to 2FA mechanisms.
12 votes -
Designing the enemy AI of The Division 2
6 votes -
Deployed a complete rework of the permissions system - please let me know if you notice anything strange
I just deployed a major update to the site's permissions system, which involved rewriting a lot of the related code. This is pretty much all internal details, and there should be no noticeable...
I just deployed a major update to the site's permissions system, which involved rewriting a lot of the related code. This is pretty much all internal details, and there should be no noticeable changes, but it's definitely possible that I missed something. So if you notice anything unusual that seems like it might be permissions-related (such as a button missing or a functionality not working), please let me know.
None of it's really being used yet, but the rewritten system allows for multiple new capabilities that we'll need as the site grows, like granting permissions to users only inside specific groups (instead of site-wide) and denying permissions in specific groups (like "able to tag topics in all groups except ~music").
On that note, most permissions are still granted manually, and I haven't given them to many people lately. If you're interested in helping with some of the site's organizational work and think you have a good understanding of how things are currently organized, please send me a message and ask, and I can give you some permissions to help out.
These are the permissions that are currently available (and there are at least a few users that have access to each of these):
- Changing tags on topics
- Moving topics to different groups
- Editing the titles of topics
- Editing the links of link topics
- Editing wiki pages (or creating new ones)
Thanks!
And as usual, I've topped everyone back up to 10 invites, accessible on the invite page.
39 votes -
Tech was supposed to improve caucuses. Instead, it may have doomed them
14 votes -
Waymo has raised $2.25 billion from external investors
6 votes -
Highlights from the This is Gender photography competition
8 votes -
The inertia of bad ideas
10 votes -
In search of the full stack testing team: What makes the best QA teams so good
4 votes -
Fuser - A music-mixing game from Harmonix, coming to PC and consoles in fall 2020
7 votes -
Lau Noah - La Belleza (Apartment Sessions) (2020)
4 votes -
What games have you been playing, and what's your opinion on them?
What have you been playing lately? Discussion about video games and board games are both welcome. Please don't just make a list of titles, give some thoughts about the game(s) as well.
18 votes -
Rimworld's first DLC content has been released - Royalty
15 votes -
Why the world needs CSS developers
6 votes -
“Be yourself” is terrible advice
14 votes -
Origin and evolution of playing card designs
6 votes -
Putin introduces constitutional amendments banning same-sex marriage and mentioning God
18 votes -
What are some bugs/glitches/exploits that have actually made games better?
Usually bugs, glitches, and exploits degrade the experience of a game, but occasionally they can actually work to a game's benefit. In some cases, they can become significant enough to become part...
Usually bugs, glitches, and exploits degrade the experience of a game, but occasionally they can actually work to a game's benefit. In some cases, they can become significant enough to become part of a game's identity. In others, they make a broken game worth playing in the first place. Even without such legendary status, a given wrinkle in a game might simply make it more enjoyable or entertaining, or perhaps open up unexpected modes or paths of play.
What are some examples of these, and how did they improve their associated games?
29 votes