Logiles show "Create Call Injection App" and "Injection Manager"

[stingraykilla]

So perhaps you think I'm paranoid, but I don't remember seeing log messages when I first installed the app such as

ClassNotFoundException: Didn't find class "com.SecUpwN.AIMSICD.R" on path: DexPathList[[zip file "/data/app/com.SecUpwN.AIMSICD-1/base.apk"],nativeLibraryDirectories=[/vendor/lib64, /system/lib64]]

Then

Perform Create Call Injection Manager

Or, see these logfiles.

So unless there is code written that would call for all of this additional code to be injected code when the class is not found or the stack fails. I believe I have a reason to be concerned. Also note, that many times (I have screenshots to prove) when I try to screenshot a yellow alarm, I receive an error message which states, "you are unable to capture a screenshot now dye to security privileges." This has happened well over 20 times and 3 diffent phones so unlikely its hardware related. Please see more extensive log outputs below. Also, not this is the log output after the app crashes, arousing my suspicions...

I have captured a this full logcat.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[SecUpwN]

Good evening @stingraykilla, I have edited your filed Issue here. In the future, please make sure to give a short and descriptive title to your Issues. More importantly, please use our new Issue Template.

Having a quick look at the logfiles you posted makes me wonder if Injection Manager is simply the captured loading of the Dependency Injection that we use, see build.gradle#L81-L84.

@He3556 and @larsgrefer, would you please assist analyzing these logfiles if he experienced a threat?

[larsgrefer]

The stacktrace about the missing R-class is produced by our dependency injection.
It's only logged for debugging reasons and can be ignored.

The log messages from InjectionManager do not belong to our dependency injection.

[SecUpwN]

The log messages from InjectionManager do not belong to our dependency injection.

Thanks for analyzing, @larsgrefer. So would you say @stingraykilla is being attacked?

[stingraykilla]

Thank You @ Security:PWNED. I will use the issues template in the future.
Any word back from @larsgrefer? Coincidentally, since this issue has been
logged and tracked, I have not had the problem of being notified (Yellow)
when an IMSI Catcher is being used. Furthermore, no "InjectionManager" in
my logs. How likely is it that it was a attack? What steps could I take to
begin investigating? Also, if it wasn't an attack, what is and could
injection manager be used for? What possible purpose could it serve?
A little context, I installed your App and it began to notify me that IMSI
Catchers are being used all throughout Silicon Valley and even perhaps
disturbingly public institutions such as, City Hall, Social Services, SJSU,
Public High Schools & last week at the Democratic National Convention. As
you may know a warrant is now needed in California to use these devices.
First, no Law Enforcement was present when your App detected an IMSI
Catcher. Second, I find it too coincidental, that nearly everyday, for the
past 30 days, your IMSI catcher detects "stingray " and when I notify the
press, SJ City Councilmembers, and the SJ Independent Police Auditor, I
begin to experience the issues which caused me to open the ticket, and in
question "InjectionManager" Without sounding ridiculous, I'm suspicious of
Stingray being abused in Silicon Valley, and these "abusers" attempting to
cover it up with tools such as "InjectionManager.". Far fetched, I know,
but we are living in a time where we need an app to detect "Stingray." Your
help, and any information would be incredibly helpful.

Thank You,

Victor Lecha III, ASW
NASW South Bay Social Justice Chairman
408.771.2040

[stingraykilla]

Hello any updates on Injection Manager & possibility of an attack? Thank you

[stingraykilla]

Also, a new recent error has sprouted please the log below.
E/GED (21318): Failed to get GED Log Buf, err(0)
E/AndroidRuntime(21318): FATAL EXCEPTION: main
E/AndroidRuntime(21318): Process: com.SecUpwN.AIMSICD, PID: 21318
E/AndroidRuntime(21318): java.lang.NullPointerException: Attempt to invoke virtual method 'android.view.View android.view.View.findViewById(int)' on a null object reference
E/AndroidRuntime(21318): at com.SecUpwN.AIMSICD.fragments.DeviceFragment.updateUI(DeviceFragment.java:124)
E/AndroidRuntime(21318): at com.SecUpwN.AIMSICD.fragments.DeviceFragment.access$200(DeviceFragment.java:33)
E/AndroidRuntime(21318): at com.SecUpwN.AIMSICD.fragments.DeviceFragment$1.onServiceConnected(DeviceFragment.java:90)
E/AndroidRuntime(21318): at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1247)
E/AndroidRuntime(21318): at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1264
W/InputEventReceiver(24010): Attempted to finish an input event but the input event receiver has already been disposed.

[SecUpwN]

@stingraykilla, again, we currently lack developers. Not just a little bit, but hardcore. Even though we've got a huge fanbase, we're like only 4 people working on this. So either you can help us findding a few more devs and people willing to have a look at your logfile, or you just have to patient. Personally, I cannot tell if you've run into an attack since our project is still in bleeding ALPHA state. Sorry about this.

[stingraykilla]

If you're willing to present to SJ City Council, and explain how your app
works, the reason for its creation, its purpose, and its immediate need
considering the real threat of Stingray I could likely get you the funding
you would need. In other words, explain what is on your Wiki, add my data,
and you, and your team, would likely have more than enough funding to hire
developers, equipment, rent a office and begin a QA team ;-)
Remember, San Jose, is the proclaimed "Capital of Silicon Valley" if
Council can see how real, and grave this threat is, then they would likely
release a Notice of Funds Available to fund such a project. Remember in
CA, as of 1/1/16, it is against the Law to use Stingray without a warrant,
and due to your wonderful app, I now have, literally hundreds of
screenshots showing its use without a warrant. I'm also reaching out to
Pwnie. It is likely that Council would like a combination of hardware &
software solutions. The NASW, my organization, is in full support of your
project, and in its expansion it to protect our 1st & 4th Amendment rights
and adhere to the California Digital Privacy Enforcement Act. I look
forward to further correspondence.

Regards,

Victor Lecha III, ASW
NASW South Bay Social Justice Chairman
South Bay Tenants Union
1-408.771.2040

[SecUpwN]

If you're willing to present to SJ City Council, and explain how your app works, the reason for its creation, its purpose, and its immediate need considering the real threat of Stingray I could likely get you the funding you would need. In other words, explain what is on your Wiki, add my data, and you, and your team, would likely have more than enough funding to hire developers, equipment, rent a office and begin a QA team ;-)

Wonderful proposal, thank you @stingraykilla! Here's the catch: Since we're privacy enthusiasts and activists with different jobs from around the world, we won't be able to travel to your place. But how about you proposing our app to the people who make the funding decisions? We accept all funds via Bountysource. The funds can be submitted to specific Issues to motivate developers working on them. Trust me, it would be truly wonderful if we'd finally get some real funding to make a difference in development. But as long as your Council has not sent a single dime, I don't think they even will.

Remember, San Jose, is the proclaimed "Capital of Silicon Valley" if Council can see how real, and grave this threat is, then they would likely release a Notice of Funds Available to fund such a project.

Why can't your Council just search for attacks of StingRay / IMSI-Catcher and silent SMS online?

Remember in CA, as of 1/1/16, it is against the Law to use Stingray without a warrant, and due to your wonderful app, I now have, literally hundreds of screenshots showing its use without a warrant.

You did not get the most important point: Even though those surveillance devices are "against the law without a warrant", governments and intelligence agencies are using it whenever they want to since they leave no traces at all. And regarding your screenshot collection, they're likely all flase alarms:

I'm also reaching out to Pwnie.

What do you mean exactly?

It is likely that Council would like a combination of hardware & software solutions.

Why should they? What is that Councils main interest? I don't get it. Don't they have secured phones?

The NASW, my organization, is in full support of your project, and in its expansion it to protect our 1st & 4th Amendment rights and adhere to the California Digital Privacy Enforcement Act. I look forward to further correspondence.

Unfortunately, we've heard that too many times from unbelievably many people who then left us alone. Please show us your support through added pull requests and donations to show you mean it. Thanks!

[stingraykilla]

Friends please see my responses:
"We are privacy enthusiasts and activists from around the world, we will not be able to travel to your place"
Understood. Could we setup a video conference call then?

"Why can't your Council just search online?"

Well lol I suppose they could. but they would not have the foggiest idea what they are reading. Furthermore, they are Legislators, they legislate and bring in experts to advise them before passing such legislation. I have attempted to inform them of the dangers of this device, only to receive blank stares. Therefore, experts in this subject would open their minds to the dangers of this device.

"Government intelligence agencies are using them whenever they want since they leave no trace at all"

And I suppose you didn't get my point lol. I have done a public record access request and there are only, "allegedly 2 stingrays" in San Jose, PD & Sheriff but yet thanks to your app there is no way 2 stingrays can cover that amount of territory. Furthermore, even if the FBI is patrolling the City, unlikely, they still are subject to the same Law I'm sure Legislators or Judges would like to know when they are being Stingrayed. My hypothesis is that, yes there has been a abuse of Law Enforcement Powers, but also this technology has fallen into the wrong hands and there for City Legislators have a duty to act.

"They are likely all false alarms"
I would not be so sure. I have screenshots not just of your app being lit yellow but an error message popping up saying "Cannot take screenshot due to security privileges on phone." Let me just say I have never received such an error message ever and the timing of it beyond coincidental. I have hundreds, literally hundreds, of examples. Finally, its fair to reason that not only every now and then there are false alarms, but also times when it doesn't detect.

Pwnie is a security company who has developed a hardware IMSI Catcher.

"Don't they have secure phones?" Lol! No not even close, and its not even so much about them, as their duty to act for its residents, if indeed stingray is being used rampantly in our city, which it is. Hence, where you come in.
Could we setup a video chat, where we could discuss how a presentation would occur f indeed you still would like to be involved as a potential vendor.
Finally, while I love the app, I'm curious as to why you didnt require ROOT privileges for its installation? Look forward to your reply.

Regards,

Victor Lecha III, MSW
NASW Social Justice Chairman South Bay Unit
Former CCNA & MCP

[SecUpwN]

Friends please see my responses

I hear and feel you, @stingraykilla. ;-)

Understood. Could we setup a video conference call then?

Nope, unfortunately not. Please send your questions via E-Mail, I would like to keep this Issue focused.

Well lol I suppose they could. but they would not have the foggiest idea what they are reading. Furthermore, they are Legislators, they legislate and bring in experts to advise them before passing such legislation. I have attempted to inform them of the dangers of this device, only to receive blank stares. Therefore, experts in this subject would open their minds to the dangers of this device.

If you receive blank stares even though you've pointed to our project and especially our WIKI with wonderful videos for lazy buttheads, don't expect intelligence. Politicians do not want you to wake up.

And I suppose you didn't get my point lol. I have done a public record access request and there are only, "allegedly 2 stingrays" in San Jose, PD & Sheriff but yet thanks to your app there is no way 2 stingrays can cover that amount of territory. Furthermore, even if the FBI is patrolling the City, unlikely, they still are subject to the same Law I'm sure Legislators or Judges would like to know when they are being Stingrayed.

Unlikely? It is common practice!

I have done a public record access request...

Oh, and you think they'll answer that truthfully? Nice thought. See how far the European Law Complaint has come and monitor that. And even if IMSI-Catchers and StingRay will finally be officially forbidden one day, don't you think law enforcement and intelligence agencies will use this invaluable tool to monitor riots and demonstrants? Think again and have a closer look at these papers to find out when IMSI-Catchers were invented and how long they've been used until they've officially been legalized.

Bottom line: It is not our task to "convince" people out there. We're happy if people wake up, see what is being played in politics and behind closed doors in their governments. But if they still continue to carry their phone to demonstrations and post selfies on WhatsApp and Facebook, it is beyond our scope to rescue those who're jumping off the cliff with a smile on their face. My last recommendation to you is to get in touch with the people you know and trust from your council and show them this video, then shortly introduce our project and kindly ask them to get in touch and send a few bucks so that we know they even exist. We are Legion. We do not forgive. We do not forget. We do not trust anyone. Expect us. 😄

[stingraykilla]

Understood. Thank you for waking me up. I will do the best I can. Without
going through their official procedures, a Request For Proposal, I'm not
sure how likely it is, they will donate, but I can guarantee substantial
media coverage, and hopefully donations spark from there. I'm indebted to
your app. It has created a buffer between myself and them, and although
they continue to harass me, when I take pictures of there license plates
they scurry like Mice.

[SecUpwN]

Thank you for waking me up. I will do the best I can.

That's wonderful to hear. Please have another look at #808 (comment). Regarding the log entry with InjectionManager I suspect that you have another app installed creating these log entries, it is not a valid indicator for being spied upon. Thefeore I am closing this Issue as solved for now, unless you have other more unique indicators to proove otherwise. Thanks for spreading the positive word about our app!

[TPS]

FWIW, #898 contains docs with some Stingray details.