November 27 th, 2020: Barcode Scanner v1.67, publisher LAVABIRD LTD.Here is a breakdown of all the known infected versions of Barcode Scanner with the corresponding upload date on the Google Play store and the corresponding publisher: It is instead an account under the name "The space team." Nevertheless, there is evidence that updates of Barcode Scanner by either publisher results in a malware infection of Android/. Opensource? - The Enterprise plan Some parts of their service is open source, others are not.It has come to our attention that there is another bad actor in this story.Īpparently, the original publisher, LAVABIRD LTD, is not the bad actor. Their Enterprise plan however is fully TLS encrypted in all communications to and from Pushy, including your servers to theirs However Malwarebytes could even host their own Pushy service which may be more feasible for cost and security stand point.Įncryption - Pushy Pro plan uses plaintext MQTT to deliver notifications downstream to devices. This one change would also be innocuous to those with Google services installed while giving "unGoogled" phones the ability to receive push notifications.Įven selling this app (downloadable from Malwarebytes) would be reasonable to help fund or pay for pushy fees of $.005 per device per month (unlimited puush notifications). I think there is a growing market for people and companies who do not want to use Google services at all. Malwarebytes app development should support devices without GMS, you can embed the Pushy SDK in your app and it will work on these devices, instead of using GCM. Pushy cannot itself be flashed onto a non-GMS phone to replace GCM. It is a replacement for GCM but each app developer must manually embed Pushy in their apps. Use Pushy instead of GCM (for one example).
Is the only reliance Malwarebytes has with Google the Google Cloud Messaging (GCM) for push notifications? (Aside from hosting the Malwarebytes app on Google Play).
0 kommentar(er)
