
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
android dev the simple way. take a set of html files, and turn them into an apk with one command. Proof of Concept.
dabbling occasionally in android dev... is a massive pain in the butt! why can't it just be easy? why do I have to install massive SDKs and all that crap? Since I only want to build my app with web tech, why isn't it as easy as creating a web site?
write some HTML and javascript, then hit deploy?
Then I had an idea: instead of recompiling the stupid java app from scratch every time (and requiring the enormous android sdk) just use a prebuilt apk, replace the text files, repack and resign.
Turns out, this was surprisingly easy.
npm install androidify -g
Almost, you'll also need to have java, to get the jarsigner
command, and adb
command to deploy your app.
sudo apt-get install default-jre android-tools-adb
sudo pacman -S jre8-openjdk-headless android-tools
brew cask install java android-platform-tools
and put your phone into developer mode (depends on your phone)
mkdir hello
echo '<h1> HELLO </h1>' > index.html
androidify #will output app.apk
adb install app.apk # will send it to your device.
A new app called "Hello World" will appear.
I havn't figured out how to change the name yet. So, it's called "Hello World" no matter what.
The apps are selfsigned, which is basically meaningless, so I just checked the key it in. My phone doesn't complain about this, maybe because it's in developer mode?
This is made an old hello world.apk
i found at
simplificator/phonegap-helloworld
MIT
FAQs
convert html/javascript files into an android app
The npm package androidify receives a total of 0 weekly downloads. As such, androidify popularity was classified as not popular.
We found that androidify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.