> The smoking gun is a pattern match performed on any URL string that begins with the word 'telegram.' In the most recent version of the app, these strings are classified as a "bad host," so that no hyperlink is generated and it becomes impossible to copy or forward any message with that URL. No other strings trigger the match, so this block is purposefully targeted at Telegram.
Maybe times have changed and these things are now included in the dex file, but that doesn't seem to be a verbatim decompiler output to me.
Local variable names aren't normally stored in an APK, they're just refereed to by register numbers. For instance, I wouldn't expect to see "for(Pattern badHost : BAD_HOSTS)" (specifically the badHost) - last time I checked, this information would be lost during compilation.
I'm not suggesting that the code is falsified - the person that decompiled it probably just guessed at some variable names and re-factored to make it more readable. It just stood out to me, so I thought it was worth mentioning.
That's only true if you choose to obfuscate your code on android. I recently decompiled an apk and all variables/function names were perfectly readable
Even variable names? I know that class/method/field names are visible, but I didn't think that local variable names were. I can't see a reason for them to be, aside from debugging... and presumably they're not shipping a debug build.
It used to be incredibly common for production APKs to contain Java debug info (line numbers and variable names). IIRC, Android Studio now sets up the Release builds to strip this out and do basic ProGuard optimizations, but if WhatsApp was migrated from an old build system or something, it could easily be missing this step.
I was under the impression that it's now no longer possible to upload an APK that has been built in Debug Mode to Google Play. I don't know if other app stores (i.e. Amazon App store) are enforcing this.
I don't work with Android, but java code is usually visible after decompilation. Unless there is specific obfuscation tech being used, you should assume all your java code can be seen by others.
Proguard is set up to obfuscate by default on release builds with the default build script, but many devs often turn it off or use a different build system without it as a build step. You often need to add exceptions for 3rd party libs that rely on class names or variable names not changing for whatever reason (usually reflection).
Local variables no, but a method name like isBadHost, and the field BAD_HOSTS, would be preserved in the absence of an obfuscator (and then, its job would not be trivial as isBadHost is scoped public).
Thanks, that looks like really solid evidence for intentionally blocking them. I see no way to explain this than anything but an attempt to block their competitor.
I still think this will result in more publicity for Telegram than all the messages that are blocked.
This has been going on for a week or more and has gained a decent amount of publicity. Given that telegram is a legitimate service, and they haven't reversed it yet, seems to indicate that this is a direct attack.
In addition, if you are familiar with how whatsapp works, stopping any spam would be much more effective by targeting the phone numbers sending spam, not to mention the difficulty of spamming telephone numbers.. not impossible, but difficult.. which is why whatsapp spam so far has been non-existent AFAIK.
http://www.androidpolice.com/2015/12/01/whatsapp-is-blocking...
> The smoking gun is a pattern match performed on any URL string that begins with the word 'telegram.' In the most recent version of the app, these strings are classified as a "bad host," so that no hyperlink is generated and it becomes impossible to copy or forward any message with that URL. No other strings trigger the match, so this block is purposefully targeted at Telegram.