Maintenance includes: 1. Bug fixes for quality issues. 2. Bug fixes for security issues. 3. Keeping the platform up-to-date, e.g. So your app isn't running on Java 5. 4. Appcompat so it will run on modern Operating Systems.

I'm not pushing it any further, but if I came across another appcompat issue, I'd happily investigate

Can I ask what got you into appcompat? I honestly thought I was the only person still doing it after Chris Jackson moved on.

Oh come the hell on, we've seen plenty of actual issues that get dismissed as "not a security boundary" or "Wont Fix" (because of AppCompat reasons). Dismissing researchers as simply demanding bounties for no work is disingenuous Hell even some things that should have been fixed weren't because they just didn't feel like it.

Android / Kotlin Android SDK, AndroidX, Jetpack Compose, AppCompat, Material Components, Lifecycle, ViewModel, LiveData, Room, WorkManager, Navigation, Paging, DataStore, Hilt, Dagger, Koin, Retrofit, OkHttp, Moshi, Gson, Coil, Glide, Picasso, ExoPlayer / Media3, CameraX, ML Kit, Firebase Android SDK, Google Play Services, Coroutines, Flow, Ktor, kotlinx.serialization, Arrow, MockK, Espresso, Robolectric, JUnit, Truth, LeakCanary, Timber. Databases / Storage / Search SQLite, PostgreSQL client libraries, MySQL client libraries, MariaDB connectors, Oracle drivers, SQL Server drivers, ODBC, JDBC, MongoDB drivers, Cassandra drivers, Redis clients, Memcached clients, Elasticsearch clients, OpenSearch clients, SolrJ, Lucene, RocksDB, LevelDB, LMDB, FoundationDB bindings, Couchbase SDKs, Neo4j drivers, ArangoDB clients, DynamoDB SDKs, Firestore SDKs, Bigtable SDKs, ClickHouse clients, Snowflake connectors, DuckDB, H2, HSQLDB, Derby, Realm, WatermelonDB, IndexedDB wrappers, Dexie, LokiJS. Web / CSS / UI React, Vue, Angular, Svelte, Solid, Qwik, Lit, Astro, HTMX, Alpine.js, Stimulus, Ember, Backbone, Knockout, jQuery, Bootstrap, Tailwind, Bulma, Foundation, Semantic UI, Material UI, Chakra, Ant Design, Element Plus, Vuetify, Quasar, PrimeNG, PrimeReact, Mantine, Carbon Design System, Fluent UI, Shoelace, Radix, Headless UI, DaisyUI, styled-components, Emotion, Stitches, Sass, Less, Stylus, PostCSS, CSS Modules, UnoCSS.

お守りタイマー型アプリ「Amulet Timer（二元用）」 ２時間半程度。 エネルギーはレイキ系 これは、作業前・外出前・気持ちを切り替えたい時に使う、自己バフ用の小型タイマー。 Focus → 集中状態へ切り替える Guard → 境界を作る Calm → 落ち着いた状態へ戻す 各モードを選んでStartすると、3分間のリングアニメーションが動く。 完走すると「BUFF APPLIED」と表示され、BUFF LOGに履歴が残る。 実装は、HTML単体アプリをAndroid WebViewで包んだ完全ローカル構成。 ・通信なし ・APIなし ・local.properties不要 ・localStorageで履歴保存 ・Android実機で動作確認済み ・ランチャーアイコンも反映済み 途中では、assets配置、Manifestとlayoutの貼り先、Kotlin plugin二重適用、AppCompat依存、Material3テーマ、values-night、mipmap優先アイコンなどを修正。 見た目は小さいが、用途は明確。 「お守りを持つ」感覚を、スマホ上の3分タイマーと自己バフUIに落とした。

🧠 𝗪𝗜𝗡𝗗𝗢𝗪𝗦 𝗗𝗜𝗥𝗘𝗖𝗧𝗢𝗥𝗜𝗘𝗦 𝗬𝗢𝗨 𝗠𝗨𝗦𝗧 𝗞𝗡𝗢𝗪 (𝗙𝗢𝗥 𝗦𝗘𝗖𝗨𝗥𝗜𝗧𝗬) ━━━━━━━━━━━━━━━━━━ 📡 𝗡𝗘𝗧𝗪𝗢𝗥𝗞 & 𝗗𝗡𝗦 • C:\Windows\System32\drivers\etc\hosts → Check for malicious redirects • C:\Windows\System32\drivers\etc\networks → Network baseline reference ━━━━━━━━━━━━━━━━━━ 🔐 𝗖𝗥𝗘𝗗𝗘𝗡𝗧𝗜𝗔𝗟𝗦 & 𝗥𝗘𝗚𝗜𝗦𝗧𝗥𝗬 • C:\Windows\System32\config\SAM → 🔴 Password hashes (high-value target) • C:\Windows\System32\config\SECURITY → Security policy data • C:\Windows\System32\config\SOFTWARE → Installed software persistence clues • C:\Windows\System32\config\SYSTEM → System config boot-level changes ━━━━━━━━━━━━━━━━━━ 📊 𝗟𝗢𝗚𝗦 & 𝗘𝗩𝗜𝗗𝗘𝗡𝗖𝗘 • C:\Windows\System32\winevt\ → 🔴 Event logs (log tampering detection) • C:\Windows\Prefetch → Program execution history • C:\Windows\AppCompat\Programs\Amcache.hve → Application execution artifacts • C:\Users*\NTUSER.dat → User activity persistence ━━━━━━━━━━━━━━━━━━ 🦠 𝗣𝗘𝗥𝗦𝗜𝗦𝗧𝗘𝗡𝗖𝗘 (𝗠𝗔𝗟𝗪𝗔𝗥𝗘 𝗛𝗢𝗧𝗦𝗣𝗢𝗧𝗦) • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup • C:\Users*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup → 🔴 Common malware auto-start locations ━━━━━━━━━━━━━━━━━━ 💣 𝗕𝗔𝗖𝗞𝗨𝗣 & 𝗔𝗧𝗧𝗔𝗖𝗞 𝗩𝗘𝗖𝗧𝗢𝗥𝗦 • C:\Windows\repair\SAM → Backup of credentials (often overlooked) ━━━━━━━━━━━━━━━━━━ ⚠️ 𝗥𝗘𝗔𝗟𝗜𝗧𝗬 Attackers don’t need fancy tools. They abuse what already exists. ━━━━━━━━━━━━━━━━━━ 🎯 𝗨𝗦𝗘 𝗧𝗛𝗜𝗦 • SOC → log analysis • DFIR → evidence collection • Blue Team → persistence detection ━━━━━━━━━━━━━━━━━━ #Windows #DFIR #BlueTeam #SOC #CyberSecurity #Forensics

apple さんはなんで、ライブラリ内ではなくOSの中にこういうロジックをいれるんだろう android はずいぶん前にこのまずさに気づいてAppCompat というライブラリに切り出して、なるべくライブラリのバージョン上げるだけでバグも直るみたいな管理ができるようにしたというのに

yes, the details fades for me too. And the moment appcompat loads hell breaks loose.

Heavily doubt it's going to happen. Modern MS is much more lenient with AppCompat blocking.

Some progress with trying to detect DLL side loading & search order hijacking. I have a few more things to implement in this POC, then I need to abstract and refine the code. System wide on my normal host (not a bare bones VM) the only place this triggered was from an acutal DLL Search Order Hijacking scenario with a 'malicious' Wyrm loader. A bigger dataset is required of course to be actually confident in this small section I have built out, I still have more to do. I did an audable 'yikes' when I saw how many `if let Some() { }` I had nested.. I can fit my whole hand on my monitor in that gap 😄 I am aware that is horrible code, but this is a POC I will refine. Then to start tuning to remove false positives in the logic. I'm trying to pin down the "if it looks like sideloading, and smells like sideloading, there's a solid chance it is sideloading", but of course, DLL proxying / shims / appcompat account for a decent amount. But a signed binary, with a signed DLL load on PATH (particually a ms DLL), loading an unsigned middle DLL? That is more suspicious than not.. maybe.. test, test test! Currently this is looking for PATH hijacks, next up will be straight up imports of DLLs not on PATH. I'm also considering some mark of the web indicators for the risk score in this, but I am not sure on how reliable that is in the real world given these attacks in the first stage will almost certainly come from the web / email. Plus MOTW wouldn't have been an issue for the notepad incident I don't think.

After yesterday's interesting cyebr attack in terms of the delivery and execution of a very popular initial execution vector (DLL sideloading) - it has sparked a possible idea for scanning and/or detection (which could be noisy). I'm experimenting with something I will open source soon under an MIT License if this is half decent without a lot of false positive noise. I've got a few different strategies to try accumulate a score. I'll release soon and ask for community feedback & testing. Maybe it won't be useful, maybe it will. That is the fun of research :'). It has interestingly shown some early results for an old Wyrm implant I have on disk as the first results which used DLL Search Order Hijacking which is a good signal. The largest noise signal seems to be shim / appcompat type stuff but I can tune that in the tool. Maybe what I am testing isn't a new technique, tbh I don't know, but I had this idea last night and I'll run with it and hope I can make some positive impact ❤️💕

Yeah I really feel like Chen and the rest of his team don't get enough credit for the appcompat work they did back in the day. (esp with Pinball, which is one that Plummer claims he did.)

✍️ Today I started redesigning a legacy UI… Switched AppCompat ➜ MaterialComponents Got confused 🤔 • Why are Tab icons/text black? • Why isn’t Material outline working? Lesson learned: Material uses color roles, not legacy colors 🎨 #AndroidDev #MaterialComponents #Theme

Renaming a file is not OPSEC. Windows keeps a permanent diary called Amcache. It doesn't just trust the filename you typed. It extracts metadata from the binary's Version Resource (VS_VERSIONINFO). Rename payload.exe to homework.pdf.exe if you want. If the developer didn't strip the metadata, Windows logs the Original Filename anyway. But it gets worse. Amcache is the ultimate backup: Ghost Execution: You deleted the file? We still have the SHA1 Hash. We know exactly what malware ran even if the disk is clean. Anti-Forensics Trap: Cleared your Prefetch? Almost nobody wipes the Amcache hive. An empty Prefetch full Amcache = Proof of Intent. The Time Machine: It logs the exact second of First Execution and the Compile Date. Location: C:\Windows\AppCompat\Programs\Amcache.hve You changed the name. Windows kept the identity. 💀

I'm sorry, did you think you actually stopped Microsoft from spying on you by disabling all of those things? What about this... "dictionary" and it's other friends in the same folder? C:\Windows\appcompat\pca\PcaAppLaunchDic.txt

It's possible he worked with Chen since Chen did run that team, but his "I ported that" is a bit suspect since most of the AppCompat work was done as a group.

I learn something new every time you share your perspective! 1. Faster build times 2. Modern native components (Expo UI is good, but why is RN core still using appcompat) 3. No C 4. 100 more docs around new arch and Fabric components 5. Nav animations for Android

アプリのコードが古くて非推奨が出まくってたのでAppCompatに変えたら一見動くんだけどタップするとエラーで落ちるなど。ここのところずーーーーーーっっとそれで悩んでたんだけど、Theme.NoTitleBarをTheme.AppCompat.Lightに変えないとリソースIDが違ってエラーになるという。わかるか！そんなもん！