Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.

**About Us**

We **Red Planet Computers** has started development in Laundry Management System in 2017. We have 7+ years experience in development, customization and implementation Web, Mobile application Services.

*   Well and Experienced Staff.
*   User Friendly Services
*   24x7 remote support servies

Our team have hands-on experience in all aspects of IT planning, deployment, operational management and maintenance support. Our design consultants design solutions that fit best within your environment and help achieve your laundry business goals – working with you as trusted advisors to help determine the best solution for your laundry business.

See More

**Development Skills**

**Laundry Management System Developed in following skills**

Our professional and experience developers team are used skill to the top most computer launguages and framworks for ui design, developement, making user friendly and secure laundry application for small business.

Boostrap & CSS _Website and Admin UI Design_

Javascript & Ajax _Website Development_

PHP Codeigniter & Mysqli _Website and Admin Panel_

Flutter, Swift and Kotlin _Android, iOS Mobile App_

**Screenshots**

Here some application UI screens to help you how its look and work LMS Application

*   Admin
*   Website
*   Mobile

**Pricing**

**RPL Standard Package  
(Point Of Sale\*)****INR 25K USD $349/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS Screen Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI
*   One Year Free Service & Updates.

Buy Now

**RPL Professional Package  
(E-Commerce\*)****INR 45K USD $599/- for lifetime**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS+E-Comm Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)
*   One Year Free Service & Updates.

Buy Now

**RPL Development Package  
(Customization\*\*)****Extra 50% POS+50% (OR) E-Commerce+50%**

*   **Full 100% Source Code  
    Free Source Code for testing Click Here**
*   **License - Lifetime (25 Years)**
*   **Payment - One Time Payment** \[No need Renew/Payment every year\]
*   **Install - Unlimited Devices**
*   Bootstrap Admin Panel
*   Multi-Store Management
*   Multi-user Management
*   POS/E-Commerce Management
*   Multi-Launguage Management
*   Barcode Tag Management
*   POS/Laser Printer Management
*   Discount/Taxes Management
*   World Currency Management
*   Wallet/Credit Management
*   Laundry Packages Management
*   SMS, Email Management
*   Profit/Loss Reports
*   Daily/Monthly Reports
*   Mobile(Android, iOS) App
*   Customer / Driver App
*   Customer Front-End Website
*   Payment Gateway
*   Customized UI (Mobile, Website)         \[ as per your requirements\*\* \]
*   One Year Free Service & Updates.

Buy Now

\* Terms and Conditions apply (see FAQ section )  
\*\* Cost may vary depends on the customization

**Frequently Asked Questions**

Here are some of the most Frequently Asked Questions for Laundry Management Systems.

*   Can we get all liceses for lifetime ?
    
    Ans : Yes, if you purchase application with full source code then it's one-time payment and you will get multiple digital license \[lifetime\]. The amount is non-refundable , Once if you have got full source code then you will not getting return amount for any circumstances.
    
*   After purchase full source code can we sell this software ?
    
    Ans : Yes, after purchase application with full source code then you can use or sell anywhere with remove red planet computers company logo and name.
    
*   Can you will provide full source code ?
    
    Ans : Yes, you should have to pay 100% amount, if you want application with full source code. We will send full source code (zip or download link ) within half hours after successfully payment done. We will not provide any kind of equipment. Only RPL Business Package we will not provide source files.
    
*   What is **RPL Development / Customization Package** ?
    
    Ans : If you want manipulation or any changes in application through our professional developer team then you will have to pay selected (standard or professional) package amount plus extra 50% amount for manipulation charges. **Firstly, you have to pay 70% amount of total amount** and remaining 30% amount to pay after project completed, but note that in this period you will not getting full source code, you will getting our web hosting softwares link for testing, after completed project and 100% payment done then we will upload full source code in your website/web hosting server or send full source code link).  
    \- As per your requirement, project will be completed within 20-25 days or earlier.  
    \- Bulk SMS, Payment Gateway, Apple App Store, Google Map API & Play Store Console charges you will have to pay, if you are require.
    
*   Service and Support ?
    
    Ans : We will provide a FREE technical support upto one year after purchase LMS Application. We will answer your question regarding website management, technical details or anything about operating your own website; we can provide this through remotly in 24x7 Hours.
    

**Free Trail Full Version**

Not required fill any personal information or credit card details just click on button and login it

Username : admin  
Password : 1234  
\[ Admin Login Details \]

  
Best view in Desktop or Laptop

Mobile : 8767228990  
Password : 1983  
\[ Demo User Login Details \]

  
Best view in Desktop or Laptop

User Mobile : 8767228990  
Driver Mobile : 1234567890  
\[ Demo User / Driver Login Details \]

   
iOS app install : Download and Extract zip in Mac-OS then drag-drop .app file on Xcode 10+ simulator or connected iphone {iOS v10.0+}.

**Contact**

You can call to us 24x7 regarding Laundry Management System enquiry or solutions

**Location:**

B-02, Sai Sanklap Complex, Survey No. 145/0,  
Usarli Khurd, Panvel, Mumbai, India 410206

**Call:**

Mobile : +91 87672 28990.  
Whatsapp : +91 87672 28990.  
Skype : rpcits2013 / +918767228990.

CVE-2022-28452: Better solutions for Small Laundry and Dry Cleaning Business

Plus: Microsoft patched some 100 flaws, while Oracle issued more than 500 security fixes.

To find the update, you’ll need to check your device settings. Devices that have received the Android April update so far include Google’s Pixel devices and some third-party Android phones, including the Samsung Galaxy A32 5G, A51, A52 5G, A53 5G, A71, S10 series, S20 series, Note20 series, Z Flip 5G, Z Flip3, Z Fold, Z Fold2, and the Z Fold3, as well as the OnePlus 9 and OnePlus 9 Pro.

Google Chrome Emergency Updates

As the world’s biggest browser with over 3 billion users, it’s no surprise attackers are targeting Google Chrome. Browser-based attacks are particularly worrying because they can potentially be chained together with other vulnerabilities and used to take over your device.

It has been a particularly busy month for the team behind Google’s Chrome browser, which has seen several security updates within weeks of each other. The latest, pushed out in mid-April, fixes two issues including a high-severity zero-day vulnerability, CVE-2022-1364, which is already being used by attackers.

The technical details aren’t currently available, but the timing of the fix—just a day after it was reported—indicates it’s pretty serious. If you use Chrome, your browser should now be on version 100.0.4896.127 to include the fix. You’ll need to restart Chrome after the update has installed to ensure it activates.

The Chrome issue also impacts other Chromium-based browsers, including Brave, Microsoft Edge, Opera, and Vivaldi, so if you use one of those, make sure you apply the patch.

But that’s not all. On April 27, Google announced another Chrome update, fixing 30 security vulnerabilities. None of these have been exploited yet, the company says, but seven are rated as being a high risk. The update takes the browser to version 101.0.4951.41.

Oracle’s April 2022 Critical Patch Update

In mid-April, Oracle released its quarterly Critical Patch Update, including a whopping 520 security fixes. Some of the issues fixed in the update are serious—300 of them can be exploited remotely without authentication, and 75 security issues are rated as critical severity. Some of the Oracle patches address CVE-2022-22965, aka Spring4Shell, a remote code execution (RCE) flaw in the spring framework.

Microsoft’s Busy April Patch Tuesday

Microsoft had a major Patch Tuesday in April, issuing fixes for over 100 vulnerabilities, including 10 critical RCE flaws. One of the most important, CVE-2022-24521, is already being exploited by attackers, according to the company.

Reported by the NSA and researchers at CrowdStrike, the issue in the Windows Common Log File system driver doesn’t require human interaction to be exploited and can be used to obtain administrative privileges on a logged-in system. Other notable fixes include CVE-2022-26904—a publicly known issue—and CVE-2022-26815, a severe DNS Server flaw.

Mozilla Thunderbird 91.8.0 Fix

On April 5, Mozilla released a patch to fix security issues in its Thunderbird email client as well as its Firefox browser. The details are scant, but Thunderbird 91.8 fixes four vulnerabilities rated as having a high impact, some of which could be exploited to run arbitrary code.

Firefox ESR 91.8 and Firefox 99 also fix multiple security issues.

WordPress Plugin Elementor Version 3.6.3 

The Elementor website builder plug-in for WordPress has received a big security fix in April for a critical-rated vulnerability that could allow attackers to perform remote code execution and effectively take over a website.

Found by researchers at Plugin Vulnerabilities, the flaw was introduced in the plug-in in version 3.6.0, released on March 22. “We would recommend not using this plugin until it has had a thorough security review and all issues are addressed,” the researchers said.

Although the attacker must be authenticated to exploit the issue, it’s still pretty serious because anyone logged into an affected website can exploit it. The update for Elementor’s 5 million users, version 3.6.3, should be applied as soon as possible.

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   This startup wants to watch your brain
*   The artful, subdued translations of modern pop
*   Netflix doesn't need a password-sharing crackdown
*   How to revamp your workflow with block scheduling
*   The end of astronauts—and the rise of robots
*   👁️ Explore AI like never before with our new database
*   ✨ Optimize your home life with our Gear team’s best picks, from robot vacuums to affordable mattresses to smart speakers

You Need to Update iOS, Android, and Chrome Right Now

Google has been busy. After introducing badges for browser apps, it's also launched its "nutrition labels" for apps.
The post Google Play’s Data safety section empowers Android users to make informed app choices appeared first on Malwarebytes Labs.

Google has launched its new “nutrition labels” for apps, a feature it promised in the spring of 2021. This release came days after the Chrome team released badges for the Chrome Web Store for browser extensions.

The company said in a blog post that it’s rolling out the labels—which it calls the Google Play Data safety section—gradually to users.

The labels are released weeks ahead of the July 20 deadline, the date when developers are required to adequately disclose what their apps do. This includes what data they collect, how it is shared with third parties (if ever), and how they secure user data. “We heard from users and app developers that displaying the data an app collects, without additional context, is not enough,” Google said.

Indeed, the search giant followed Apple’s lead when it introduced app privacy labels in its App Store in December 2020.

The Data safety section’s design relied heavily on feedback from Android users, who also want to know for what purpose their data is collected and whether app developers are sharing it. Google added information on whether an app needs data to function or if data collection is optional. Below is a list of other information that developers can show in the Data safety section of their apps:

> – Whether a qualifying app has committed to following Google Play’s Families Policy to better protect children in the Play store.  
> – Whether the developer has validated their security practices against a global security standard (more specifically, the MASVS).

While this new feature is in place so Android users can make informed choices when it comes to trusting an app with their data, it’s still up to developers to disclose what their apps are capable of. Google said that if it finds a developer misstating their app’s features, the company will ask them to fix it instead of removing the app straight away. Action is only taken if the app remains uncompliant.

We will see if Google does a better job implementing its labels than Apple. If you recall, many labels in the App Store were found to be unreliable as they provided false information.

Here is the Google Play Help page for the Data safety section if you want to read more.

Google Play’s Data safety section empowers Android users to make informed app choices

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.

Press Releases | 24 March 2022

**HTML Injection vulnerability found in Turtl Notes, disclosed by Cyber Citadel researchers, could affect iOS and Android users**.

Cyber Citadel’s Lead Security Researcher Rafay Baloch and Security Researcher Muhammad Samak disclosed an HTML Injection vulnerability found in the Turtl Notes application, which could lead to a potential RCE and NTLMv2 hash disclosure via abusing the arbitrary URI schemes.

Turtl Notes user interface

**Turtl Notes**

Turtl Notes is a cross-platform application that focuses on note-taking collaboration. The online service provides users with a notebook sharing platform that allows notes to be organised easily, synchronised across devices, shared with other Turtl users and shared via email. The application has been downloaded 10,000+ times on Google Play and an unknown number of times from the Turtl’s website for Windows, OSX, Linux, Android and iOS.

While Turtl encrypts user data, with an impressive 2,048-bit key encryption system, and boasts the implementation of high-grade firewalls, that protect from DDoS attacks, the HTML Injection vulnerability, found by Rafay Baloch and Muhammad Samak, has exposed a critical flaw in Turtl’s software.

Turtl remote code execution POC

Evidence of Turtle RCE vulnerability

Evidence of Turtle RCE vulnerability

**Response from Vendors**

Vendor

Service

Version

Platform

Reported Date

Fixed

CVE

Turtl

Turtl Notes

0.7.2.6

Windows, Mac, Linux, Android

11/12/2021

N/A

Processing

CVE-2022-28101: HTML Injection Leading to RCE in Turtl - Cyber Citadel

Zepp version 6.1.4-play suffers from a user account enumeration flaw in the password reset function.

# Trovent Security Advisory 2108-02 #  
#####################################

User account enumeration in password reset function  
###################################################

Overview  
########

Advisory ID: TRSA-2108-02  
Advisory version: 1.0  
Advisory status: Public  
Advisory URL: https://trovent.io/security-advisory-2108-02  
Affected product: Zepp Android mobile application (com.huami.watch.hmwatchmanager)  
Tested versions: Zepp 6.1.4-play  
Vendor: Huami Inc., https://www.zepp.com  
Credits: Trovent Security GmbH, Karima Hebbal

Detailed description  
####################

Zepp is a mobile application to collect health information from Zepp or Amazfit  
devices.  
Trovent Security GmbH discovered a user account enumeration vulnerability in  
the password reset function of the Zepp mobile application.  
This vulnerability allows to check if a user with a specific email address is  
registered or not.

Severity: Medium  
CVSS Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)  
CWE ID: CWE-204  
CVE ID: N/A

Proof of concept  
################

Sample HTTP request sent with a registered email address:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DELETE /registrations/ptesttest33%40gmail.com/password?region=us-west-2&marketing=AmazFit HTTP/2  
Host: api-user.huami.com  
App_name: com.huami.midong  
Accept-Language: en-US  
X-Request-Id: a8a25f6c-e392-4013-b39d-d8b68db532a0  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; ONEPLUS A6003 Build/QKQ1.190716.003)  
Accept-Encoding: gzip, deflate  
Content-Length: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The server response to a valid email address:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HTTP/2 202 Accepted  
Date: Mon, 30 Aug 2021 12:38:52 GMT  
Content-Type: application/json  
Content-Length: 39  
Vary: Origin  
Vary: Access-Control-Request-Method  
Vary: Access-Control-Request-Headers

"HuaMi Oauth / User Registration 2.0.2"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sample HTTP request sent with a non-registered email address:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DELETE /registrations/false%40gmail.com/password?region=us-west-2&marketing=AmazFit HTTP/2  
Host: api-user.huami.com  
App_name: com.huami.midong  
Accept-Language: en-US  
X-Request-Id: a8a25f6c-e392-4013-b39d-d8b68db532a0  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Dalvik/2.1.0 (Linux; U; Android 10; ONEPLUS A6003 Build/QKQ1.190716.003)  
Accept-Encoding: gzip, deflate  
Content-Length: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The server response to an invalid email address:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

HTTP/2 404 Not Found  
Date: Mon, 30 Aug 2021 12:40:08 GMT  
Content-Type: application/json  
Content-Length: 39  
Vary: Origin  
Vary: Access-Control-Request-Method  
Vary: Access-Control-Request-Headers

"HuaMi Oauth / User Registration 2.0.2"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution / Workaround  
#####################

Ensure the application returns a consistent message for both existent and  
non-existent accounts during the password reset process.

History  
#######

2021-08-30: Vulnerability found & advisory created  
2021-09-24: Vendor contacted  
2021-10-25: Vendor contacted again  
2021-11-18: Vendor contacted again  
2022-04-27: No reaction from vendor, advisory published

Zepp 6.1.4-play User Account Enumeration

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.

**Have a question about this project?** Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Pick a username

Email Address

Password

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-24886: Make PendingIntents immutable by AlvaroBrey · Pull Request #9726 · nextcloud/android

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.

CVE-2022-24885: Improve PIN lockout handling by tobiasKaminsky · Pull Request #9816 · nextcloud/android

A new report suggests that a small but vibrant group of smartphones hackers may be challenging the world's most digitally restrictive regime.

For most of the world, the common practice of "rooting" or "jailbreaking" a phone allows the device's owner to install apps and software tweaks that break the restrictions of Apple’s or Google's operating systems. For a growing number of North Koreans, on the other hand, the same form of hacking allows them to break out of a far more expansive system of control—one that seeks to extend to every aspect of their lives and minds.

On Wednesday, the North Korea-focused human rights organization Lumen and Martyn Williams, a researcher at the Stimson Center think tank's North Korea–focused 38 North project, together released a report on the state of smartphones and telecommunications in the Democratic People's Republic of Korea, a country that restricts its citizens' access to information and the internet more tightly than any other in the world. The report details how millions of government-approved, Android-based smartphones now permeate North Korean society, though with digital restrictions that prevent their users from downloading any app or even any file not officially sanctioned by the state. But within that regime of digital repression, the report also offers a glimpse of an unlikely new group: North Korean jailbreakers capable of hacking those smartphones to secretly regain control of them and unlock a world of forbidden foreign content.

"There has been a sort of constant battle between the North Korean government and its citizens over use of technology: Each time a new technology has been introduced, people have usually found a way to use it for some illicit purpose. But that hasn't really been done through this kind of hacking—until now," says Williams. "In terms of the future of free information in North Korea, it shows that people are still willing to try to break the government's controls."

Learning anything about the details of subversive activity in North Korea—digital or otherwise—is notoriously difficult, given the Hermit Kingdom's nearly airtight information controls. Lumen's findings on North Korean jailbreaking are based on interviews with just two defectors from the country. But Williams says the two escapees both independently described hacking their phones and those of other North Koreans, roughly corroborating each others' telling. Other North Korea–focused researchers who have interviewed defectors say they've heard similar stories.

Both jailbreakers interviewed by Lumen and Williams said they hacked their phones—government-approved, Chinese-made, midrange Android phones known as the Pyongyang 2423 and 2413—primarily so that they could use the devices to watch foreign media and install apps that weren't approved by the government. Their hacking was designed to circumvent a government-created version of Android on those phones, which has for years included a certificate system that requires any file downloaded to the device to be "signed" with a cryptographic signature from government authorities, or else it's immediately and automatically deleted. Both jailbreakers say they were able to remove that certificate authentication scheme from phones, allowing them to install forbidden apps, such as games, as well as foreign media like South Korean films, TV shows, and ebooks that North Koreans have sought to access for decades despite draconian government bans.

In another Orwellian measure, Pyongyang phones' government-created operating system takes screenshots of the device at random intervals, the two defectors say—a surveillance feature designed to instill a sense that the user is always being monitored. The images from those screenshots are then kept in an inaccessible portion of the phone's storage, where they can't be viewed or deleted. Jailbreaking the phones also allowed the two defectors to access and wipe those surveillance screenshots, they say.

The two hackers told Lumen they used their jailbreaking skills to remove restrictions from friends' phones, as well. They said they also knew of people who would jailbreak phones as a commercial service, though often for purposes that had less to do with information freedom than more mundane motives. Some users wanted to install a certain screensaver on their phone, for instance, or wipe the phone's surveillance screenshots merely to free up storage before selling the phone secondhand.

One of the two jailbreakers, by contrast, said he was motivated in part by the same kind of mentality that drives some hackers in the West, according to Sokeel Park, the country director for Liberty in North Korea, who also spoke with the same defector who was interviewed by Lumen. "There isn't necessarily a super rational reason for this kind of hacking," says Park. "It's just like, doing stuff because you _can_, playing this cat-and-mouse game to test your own abilities."

Exactly what technical methods the two hackers used to defy their devices' restrictions is far from clear, given their limited, secondhand accounts. But both described attaching phones to a Windows PC via a USB cable to install a jailbreaking tool. One mentioned that the Pyongyang 2423’s software included a vulnerability that allowed programs to be installed in a hidden directory. The hacker says they exploited that quirk to install a jailbreaking program they'd downloaded while working abroad in China and then smuggled back into North Korea. The other hacker didn't make clear the source of his jailbreaking tool, but said he had been a student in a computer science group at Pyongyang's elite Kim Il Sung University.

The hackers Lumen describes are broadly representative of the two emerging classes of people jailbreaking phones in North Korea, says Nat Kretchun, the vice president for programs at the Open Technology Fund and a longtime researcher of North Korean media and technology. "There are the folks who come out of Kim Il Sung University or Kim Chaek University or part of the North Korean state who are essentially building these tools and doing kind of cheeky things on the side to allow themselves a little bit of room to undo the things that they implemented themselves," says Kretchun, who has independently interviewed several North Korean jailbreakers. "Then there's this other class of folks who have some amount of computer science literacy and are spending so much time with the phones that they're basically mapping out exactly how the thing works in practice and finding pretty clever work-arounds."

Kretchun and other researchers say that the number of jailbreakers remains fairly small, given the rarity of computer literacy in the country and the difficulty of sharing the tools. Changes to North Korean phones to disable their USB connections may have made jailbreaking even more of a challenge, says 38 North's Williams. But he points to a new law implemented in late 2020 that forbids "illegally installing a phone manipulation program" and includes a fine for possessing a smartphone without safeguards designed to block "impure publications," as the law puts it.

"While it is difficult to estimate the number of North Koreans modifying their phones, and interviewees did not seem to think the practice was widespread," reads Lumen's report, "the existence of this specific wording would imply it is happening at a scale where authorities are aware and potentially concerned."

Despite the relatively small scale of jailbreaking in the DPRK, Liberty in North Korea’s Sokeel Park argues that even a small community of phone hackers represents a sign that North Koreans have the will to fight against government controls. He adds that jailbreakers elsewhere in the world should perhaps focus their efforts on building and distributing hacking tools designed to help them.

"I think it's a very obvious call to action for the international community of technologists," Park says. "There is a dynamism there. This kind of hacking shows North Koreans are not passive subjects of oppression and surveillance and censorship. North Korean people are creating solutions and work-arounds so that they can learn things that the North Korean government doesn't want them to learn, sharing things the government considers subversive, and ultimately so they can create a challenge to the regime."

More Great WIRED Stories

*   📩 The latest on tech, science, and more: Get our newsletters!
*   Sober influencers and the end of alcohol
*   For mRNA, Covid vaccines are just the beginning
*   The future of the web is AI-generated marketing copy
*   Keep your home connected with the best wi-fi routers
*   How to limit who can contact you on Instagram
*   👁️ Explore AI like never before with our new database
*   🏃🏽‍♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones

North Koreans Are Jailbreaking Phones to Access Forbidden Media

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties.
"Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy,

![Google Data Safety Section](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEi2F9C5gniMT-BFN7m9x8JiJwgWNkPf9J83X5kT41PGwREHksHU5bU_ryi14UH5tKKiKfqdqq1iet-8XLwEueAKKwxB5D8sj4CVM8B1B_syNbjayqS0GmHm1RqST6WgRIMnI4xoZHfiZMX5w0teiEIzn23bzuMKPQv0eDLaws13BSZdJJigf5UNr2Bq/s728-e1000/google.jpg "Google Data Safety Section")

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties.

"Users want to know for what purpose their data is being collected and whether the developer is sharing user data with third parties," Suzanne Frey, Vice President of product for Android security and privacy, said. "In addition, users want to understand how app developers are securing user data after an app is downloaded."

The transparency measure, which is built along the lines of Apple's "Privacy Nutrition Labels," was first announced by Google nearly a year ago, in May 2021.

![CyberSecurity](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAD6AQMAAAAho+iwAAAAA1BMVEXm5+i1+56pAAAAH0lEQVQYGe3AAQ0AAADCIPuntscHAwAAAAAAAAAAIOQmFgAB/YLDRAAAAABJRU5ErkJggg==)

The Data safety section, which will show up against every app listing on the digital storefront, presents a unified view of what data is being collected, for what purpose it's being used, and how it's handled, while also highlighting what data is being shared with third-parties.

On top of that, the labels can also show an "app's security practices, like encryption of data in transit and whether users can ask for data to be deleted," Frey noted, in addition to validating those practices against security standards such as the Mobile Application Security Verification Standard (MASVS).

![Google Data Safety Section](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiRvHDw8jTMmTunTIpxcPFBIagkSrbhqCrUOXTxlzPVatdmxjosEieCIb7KrD5MzRdE2oVZMQQPDjwTiLOTGgYbkaHtczExi2WyBqofrNcbsFqno0q2ctajZ0e-AtxI-AummB976TOGVZwyV-_pj6dc7xjne1Zo9c0xN6VJMXmTLdVevefkywjq0S3I/s728-e1000/android-1.gif "Google Data Safety Section")

The feature is expected to be gradually made available to all users, while giving app developers a deadline of July 20, 2022 to complete the section and keep them updated should they change the apps' functionality or data handling methods.

That said, Data safety is expected to face similar concerns to that of Apple's in that the system is built entirely on an honor system, which requires app developers to be truthful and clear-cut about what they do with the data, and not list inaccurate labels.

Apple has since said that it would routinely audit labels for accuracy, thereby ensuring that the labels are reliable and don't give users a false sense of security about the data being collected and shared.

![CyberSecurity](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ/s1600/crowdsec-728.jpg)

Google, last year, had said that it intends to institute a mechanism in place that requires developers to furnish accurate information, and that it will mandate them to fix misrepresentations should it identify instances of policy violations.

While the search giant has explicitly stated that its app review process is not designed to certify the accuracy and completeness of the data safety declarations provided by third-party app developers, it's outlining strong measures to handle such transgressions.

The company is warning that it will be taking suitable enforcement measures when it identifies a deviation from the information provided in the section. Failing to ensure compliance can result in blocked updates or removal from Google Play.

"When Google becomes aware of a discrepancy between your app behavior and your declaration, we may take appropriate action, including enforcement action," the company said in an updated support article.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#android