Feedback

[SloppyPuppy]

Samsung Galaxy A41/DS - Android 10

Love the concept, however I do have a couple of issues:

• The ring option only rings the ringtone it doesnt trigger phone vibrations like a regular phone call.
• The response messages doesn't appear to send, I assume its a dual sim issue. The original response text message says is sent by sim 1 which indeed works, but the sending is unsucessful which only happens with sim 2(no credit), clicking resend auto resends from sim 2 where it fails again.
• Clicking stop on the ringing prompt only minimizes the app instead of closing it, the behaviour I expected is to only remain open in the background.

Thank you for the hard work, cool app.

[xfarrow]

Hi, thank you for your interest!
Let me address this issue:

• For points 1 and 3 yes, you are absolutely right, it should work this way. I will add this functionality in the next update
• For point 2, I will try to get a dual-sim smartphone to perform some tests on it as soon as possible

Have a nice day!

[SloppyPuppy]

Epic, props to you, really good idea for an app, also to note, I think password should be visible inside the app, because it would be unsecure to use a password somebody uses usually in an sms (poor to no encryption), and besides if you are able to reconfigure the app you already are able to control the device.

[xfarrow]

Hi @SloppyPuppy, thank you for your yet another feedback!
Yes, I should write in the readme that it's suggested to change password each time you use it 'cause SMSs do not provide any encryption, hence, a simple MiM after the SMS is sent would allow an attacker to take control of the device and/or get sensitive data such as location.

I am afraid I did not well understand what you mean by showing the password inside the app: when actually writing it or showing it all the time?
If you mean the latter, I don't think it's possible: the password gets stored as an hash. This has been done to protect users who have the so-called root so even if other apps have the possibility to access locatemydevice's private files, they won't be able to obtain the password.
If you mean the former, I will take this suggestion in consideration!
Thank you 💯

[SloppyPuppy]

Oh, I didn't read through that part, but I guessed it was stored as a hash, but it might be useful to just store it as cleartext in the app, but I am not quite sure.

Thank you for such hard work and being such a responsive dev, well I honestly am not sure what the optimal solution would be.

A password sent through sms is unsecure, an OTP is too complicated, and could possibly stop working if the phone date/time were to change. Very interesting project nonetheless, I downloaded studio, and although I have basically no android studio experience and very little knowledge in java ima think through some features and maybe implement something over the weekend.

Still juggling ideas in my head while writing, again a bit of a complicated one but using a keypair to encrypt messages to the phone might be an idea, but would have to carefully choose the cipher.
ex. (activation command header) (cipher text that contains auth info + command)
so the workflow would be listen for text messages with the given str(activation command) , then decrypt the following block using the private key from the generated keypair.

Also to note, very interestingly, alot of github projects have now been coming up in my google news feed, included but not limited to: this, PS5 arbitrary code exploit, the M1 silicon hardware vuln, and other fun hacky tools/projects.

And once again, thanks for contributing to foss.

[xfarrow]

Thank you for your valuable ideas! I will think about how to create an even more secure password exchange.

The best part of writing FOSS is the community sharing ideas and/or creating own forks, thank you!