On Fri, Dec 1, 2017, at 04:38, Hans-Christoph Steiner wrote: > Oy, Google, what are you doing? It seems that their lesson from > XCodeGhost is to use that technique to insert their own code, hidden > from view. > > Yay for reproducible builds!
These files are not added to the APK, nor are they referenced from the APK anywhere that I can find. I'm assuming that they're doing some fancy stuff to add them to the running process. The code in the perfa.jar appears to be derived from: https://github.com/JetBrains/adt-tools-base/tree/master/profiler/supportlib/src/main/java/com/android/tools/profiler/support but that is two years old and is missing stuff that I see in the decompiled JAR. I filed an issue to try to get them to offer an option to disable this functionality: https://issuetracker.google.com/issues/70019396 -- Mark Murphy (a Commons Guy) https://commonsware.com | https://github.com/commonsguy https://commonsware.com/blog | https://twitter.com/commonsguy _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: guardian-dev-unsubscr...@lists.mayfirst.org
