Home » , » [HACK] Allo for Android bypass authentication and have a look around the app (arm64)

[HACK] Allo for Android bypass authentication and have a look around the app (arm64)

Posted by Droid Firmware Flash on Wednesday, May 25, 2016

THIS DOES NOT ALLOW YOU TO USE ALLO AS A SERVICE! IT USES DUMMY MESSAGES SO YOU CAN SEE WHAT THE APP IS LIKE!
USE THIS AT YOUR OWN RISK, GOOGLE MAY NOT LIKE IT

Allo for Android was leaked yesterday in APK form, as an internal early build release. When you launched the app on a compatible device, it shows a screen to authenticate via text, but the servers aren't actually sending out verification codes so you end up stuck in a loop.

I decompiled the app, and removed the method where the "Welcome" activity is launched, allowing the app to at least show the conversation screen, using Xposed. This could probably be achieved using Smali edits, but I haven't tried that.

I then tried to get the app to actually allow me to add users, but of course, as it was trying to connect via an account that was not authorised, that wouldn't work. So I took a different approach, and edited the database used by the app using Root Explorer + SQLite Editor to add dummy users, conversations and messages that way. I'll go into what I've worked out about the database in a later post, so you can trick your friends or something.

After that, I had pretty much full access to the offline features of the app (ie. those that didn't need a constant connection, messages still would not send), and could look around the app and its UI:
- Normal (1 to 1) conversations with other users
- Group conversations
- Incognito conversations

Stickers were working earlier on, but have since stopped loading. I can say however, that the default, included, stickers were not the only stickers available, as you could download two more packs. That was working around midday BST today but has since stopped, so either Google has blocked me or capped it entirely. 

Anyway, below is some videos of the aforementioned features, as well as a couple of others. 





There's some things I didn't mention:
Want to try this yourself?
You'll need Xposed and Titanium Backup (free is fine) to do this:
  1. Download the Xposed Module and Titanium Backup file from GitHub here
  2. Install the Xposed module, activate it and reboot
  3. Open the TiBkp file using Titanium Backup, and restore app and data
  4. Run Allo (it's been renamed from Messaging to Allo now)
  5. Look around, but remember nothing actually works

Next job is to see if I can get onto Duo in the same way, although that will allow even less than Allo.

Labels: ,

0 comments:

Post a Comment

Popular Posts

Blog Archive

.comment-content a {display: none;}