-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Usage of multiple accounts #17
Comments
i believe so. but you can use work profile to have 2 grindr accounts simultaneously. (see "shelter" app and others.) |
grindr probably uses a bunch of 3rd party libraries to detect a lot of stuff they are not even aware of during account creation to curtail bots. all types of scans and infos could be used, android ID being an obvious one. account creation is really the critical step. they might or might not use simpler methods during regular use... to which end i don't know. plus even if someone did know the answer to your unanswerable question, it could change any second with an update, defeating the purpose of your question. this question is the classic badly formulated software question. state what your real ultimate goal is -not some intermediate step-, then state what you tried and how it failed, and then you might get useful answers. never ask about a certain solution you imagine for your problem because it typically isn't, and other people are left with having to guess what your real problem is. if your real motivation is using 2 accounts on 1 device at the same time, the easiest route is using https://f-droid.org/en/packages/net.typeblog.shelter/ |
@ProfessionalMD5 If you are attempting to use the same account on 2 different devices, they will not fully work at the same time. If you are actively using the app on one device and the load it on another, the first will stop functioning, however the chat portion which is XMPP will still function, but you will only see one side of the chat messages, those that your profiles receives. The full chat will not sync to multiple devices. XMPP is designed to be able to have chat apps logged in, in multiple places at the same time, but the grid and blocks, favorites, etc would stop working on the first devices when launched on the 2nd. That has to do with sessions. @Lanchon along with a GCM token, typically email and password, which they don't verify etc etc They are not attempting to curtail "bots" at all, they generate many many many fake profiles on their servers, ever since they were owned by the Chinese (Kunlun tech in 2018) they have been using something such as fakerjs to create random profiles then they tell people they want their phone number to verify they're not a bot. They create the problem themselves, then they create in illusion of a "solution" so they can collect massive amounts of data. They log all kinds of activity of the users, which should be a bit more of a concern than verifying someone is not a "bot". They post logs to Anyways I've ran on long enough here, I hope you all are doing good!! |
|
Yeah, you can use a pentesting tool to see what methods are called in other to get IDs and all that stuff. It could be interesting to block all those privacy leaks within the app through the hook. This is something that if someone is willing to dedicate their time -without any commitment- it would be highly appreciated. In addition, if calls to libraries that collect data that violate privacy could be radically cut, it would also save on performance in the application. You just have to see the incredible amount of data that is constantly in traffic through an application like Frida or Charles; with the calls to methods and functions that each of these interactions with the network will imply. |
your accusation regarding them creating fake profiles etc has to be backed by evidence for me to believe it. grindr 1 and 2 (not chinese) had loads of bots, but now i dont see any. theyve worked to eliminate them. even if the were botting themselves, they have a strong incentive to block bots of others, and they are doing that. i know they use captcha, but they are doing much more. my guess is they use 3rd party products for anti botting and blocking devices (if they do that). try creating an account with a clean lineageos install on a new phone number: i never could, and tried many times. on a stock phone, no problem. seems they are using something like safetynet or a similar product. |
@ElJaviLuki most apps are like that. they accrue lots of 3rd party services: profiling, crash reporting, etc. and each service wants to siphon out as much data as they can. most big apps have these services by the dozen. and of course that they dont care about your privacy, so they have no issue with this model. |
OH myyyyyyyyy I love how on app charges in now without having the seperate PC. I didn't know about Frida. Guess I'm going on an adventure tomorrow! 😈🍆 |
https://nextdns.io/ you can use private dns and the android system seems to behave for you and lets you block without using on device apps like adaway. Cuz let's face it we're all rooted here to use this app, so we probably all have adaway. However I've noticed the blocking doesn't work well on regular DNS or even adaway. It seems to ignore you. unless you have a private DNS setup added into the connection field on networking. Then the system almost wants that more |
@Lanchon I'm not here to convince you of anything, and whether you believe it or not, does not change the fact that it is happening. I have the old fuckr program, and have modified to look up profiles by Id. I can keep track of them as they get created. I can tell you that Grindr uses epoch time and all the profile when first made, typically have an age now and blank profile and also say "Active 19256 days ago" where as they use to fill out the entire profile a couple years ago. Also, when they recently moved filters/features back to a server side check, I knew because extra features stopped working in fuckr such as filters and fuckr was mapping 600 profiles at a time before the change vs 100 normally shown on Google Maps. Also you may have noticed that grindr has removed the NewWarnings on profiles (the badge) as I feel they are trying to hide that. They wanted to do an IPO for stocks and I get the impression they are trying to artificially inflate the "value" which was done by Kunlun tech before they were forced to sell Grindr due to CFIUS violations. So if you wish to not believe me that's great but like I said, it doesn't change things regarding it happening even if you don't believe it. @Zarkoob does that do a good job of blocking the ads, without a active? And thanks for sharing that! Edit: here is a link to a screenshot |
Curious to know whether you only experimented with rooted Frida so far, or Frida gadget as well? |
Rooted but now trying the other |
Gadget does not yet work for me. I got FCM working but not login. Feel free to drop me an email if you are interested and want to compare setup / what is working or not. |
Hello,
Does Grindr have a HWID system in place?
As far as I know, usage of multiple accounts and/or sharing accounts is prohibited and can lead to permanent deactivation of all accounts, and I assume they use IDs from your Android device to assure you are respecting their accounts policy.
With that being said, I would like to know if you have information on which identifiers are used, and if it'd be possible to create a hook to disable these verifications or to spoof them.
I'd love to help creating a hook for it, but for that I would need some info on where to get information from the Grindr .apk, as I don't know much about Xposed hacking, etc.
A Discord server would be fantastic for discussing such things!
The text was updated successfully, but these errors were encountered: