Jeroen Beckers

Full stack trace: ```Read access is allowed from event dispatch thread or inside read-action only (see com.intellij.openapi.application.Application.runReadAction()) Details: Current thread: Thread[ApplicationImpl pooled thread 17,4,Idea Thread Group] 802196536 ; dispatch thread:...

This is a bug in apktool, not patch-apk: https://github.com/iBotPeaches/Apktool/issues/2756 So you'll have to wait for the next version of aptool to come out (2.6.2 according to milestones)

Does it make sense to suggest the "unknown sources check" in the MSTG without support from MASVS? I also don't immediately see where it would fit in the MASVS. I...

I'm probably missing something, but how exactly can you test this as a developer? I can only end up at DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY, but that only tells you if the global policy...

Then I think that's a check that would belong in the app hardening section, since the thing you're detecting is a (potentially) fake copy being installed from a non-trusted source.

> | **8.3** | MSTG‑RESILIENCE‑3 | The app detects, and responds to, tampering with its original executable files (e.g. being repackaged), runtime modifications of critical data within its own sandbox...

Since this is part of the cat & mouse game, shouldn't we simply list a few, and point the user to further resources?

I have this error on the Telegram apk with md5 0c50f15ec0ef1a4419236867c9b21ef4 . A quick google will give the apk. A very similar error can be introduced on latest Quark (v21.10.2):...

Extended for Linux, windows will probably be a bit more work.

If it asks for Key0x835 just press enter and wait. If everything else is correct, it will eventually spit out the decrypted keychain.