WARNING: Do NOT use TaiChi any way!!!!!!

Search This thread
By:
Advanced…
mlgmxyysd

mlgmxyysd

Recognized Developer
Jul 22, 2017
334
452
Henan,China
www.neko.ink
Google Glass
OnePlus One
WARNING:

If you want to use Xposed Framework in Android Pie, Q or higher version.

Do NOT use TaiChi anyway.

TaiChi (aka EXposed) is developed by a Chinese commercial software company, closed-source, networked and with code obfuscation.

And the terms of use are repeatedly emphasized(Translated from Chinese, excerpt):

3.1 The official shall not be liable for any of the following circumstances, and the TaiChi developer shall not be liable for damages:

3.2 Presence in the service may cause loss of data, information disclosure, data modification, etc.(Note: The above refers to any condition, even if you do not install or activate any Xposed module may occur), due to personal reasons or the use of third-party Xposed modules, lost data, information disclosure, data modification, capital loss, etc.

5. Disclaimer.

You acknowledge and agree that TaiChi Developer shall not be liable for any damages that may result from any of the following circumstances, including but not limited to property, income, data and other losses or other intangible births.

5.6 Presence in the service may cause loss of data, information disclosure, data modification, etc.(Note: The above refers to any condition, even if you do not install or activate any Xposed module may occur), due to personal reasons or the use of third-party Xposed modules, lost data, information disclosure, data modification, capital loss, etc.(Note: This paragraph repeatedly emphasizes)
Click to expand...
Click to collapse

And if you want to use it, you must unconditionally agree to the above terms.

Although there is no technical research at the moment that shows that it has done bad things, but who knows?

It may still lead to security issues, even your money.

And you NEVER know what it does behind the scenes unless it's an open-source software.

According to the official group administrator of Taichi, people don't need any privacy in the era of big data.

I'm very disappointed with this attitude.

It's like A's safety box was damaged, B and C and D stole something, and then E also stole something, and said to A: anyway, your things have been stolen, I can steal a little more.

Similarly, the above A can be regarded as users, B and C and D can be seen as software that has divulged some of your stuff before. E is TaiChi.

Finally, please keep in mind that you should NEVER use a closed-source software framework try to modify your system, for security.
 
  • Like
Reactions: huskydg, Eng.Raman, denzi01b and 19 others
weishu

weishu

Senior Member
Mar 8, 2018
52
569
Beijing
github.com
Although there is no technical research at the moment that shows that it has done bad things, but who knows?
Click to expand...
Click to collapse

You looks like a thief, although i have no evidence, but who knows?
You looks like a rapist, although i have no evidence, but who knows?
You are ..., although i have no evidence, but who knows?

As for open-source:
Here is my github profile: https://github.com/tiann

I do a lot for open-source community, but i don't think everything should be open-sourced. This is my respond for Why taichi is closed-source: https://github.com/taichi-framework/TaiChi/issues/998#issuecomment-544934678

If you are a FOSS fans, I fully understand and support you. But i should sadly tell you that taichi may not be suitable for you :(

As for the terms of Taichi:

Taichi·Ying needs to uninstall the original app first, this of cause may lead to loss of data; The Fabric may collect your anonymous information and upload the crash informations; TaiChi·Yang need to unlock the bootloader, it may damage your device, this may happen rarely, but i cannot neglect it. All of these are normal terms, You just accuse of me by imagination?
 
  • Like
Reactions: Stonkers, Momin8454, david_lev and 21 others
mlgmxyysd

mlgmxyysd

Recognized Developer
Jul 22, 2017
334
452
Henan,China
www.neko.ink
Google Glass
OnePlus One
weishu said:
As for the terms of Taichi:

Taichi·Ying needs to uninstall the original app first, this of cause may lead to loss of data; The Fabric may collect your anonymous information and upload the crash informations; TaiChi·Yang need to unlock the bootloader, it may damage your device, this may happen rarely, but i cannot neglect it. All of these are normal terms, You just accuse of me by imagination?
Click to expand...
Click to collapse

What you said belongs to the user's own operation, not the service in the software you provide
 
Last edited:
  • Like
Reactions: holofractal, msafhang, wannaskoo and 1 other person
S

spamtrash

Senior Member
Nov 9, 2008
1,056
251
Krasnoyarsk
Basically the very good warning/justification is in the second post of the original TaiChi thread by @M66B.

together with the post 45, it can be assumed:
it is a system level application
it does have closed, obfuscated code
it did not passed any external audit*
it does contain some controversial sentences in T&Cs

* - perhaps as the result of being written by a single person (in theory - we cannot know if there is someone behind)

Now it is each user individual choice: use it or not. If you do trust the developer, "do not have anything to hide" - feel free to use it.

Personally, if I'd be interested then yes: I would use it. After setting it up on a dummy old phone for a month and checking traffic very carefully. single encrypted packet would eliminate it from use.

But again, it is a personal choice of each individual user to give access to all and any private information stored and obtained by the phone (voice, video recording capabilities are obvious) to the developer who does not trust the users enough to deobfuscate/open the code.

It is just a mutual trust: you trust them as much as they trust you, isn't it?
 
Last edited by a moderator:
  • Like
Reactions: joluke
Senliast

Senliast

Senior Member
Dec 31, 2014
145
51
Yeah, Xposed is close-source, and where is it now? Google wrote a permanent detection system for that, SafetyNet, and you cannot install Xposed and pass SafetyNet, half of apps will not work, except EdXposed, it could pass SafetyNet, but even that got recently detected by Google and now you must do various tricks / hacks with black list to pass SN with it. May be, TaiChi is close-source because the developer of it wants to protect that against Google?

P.S. About this spying / tracking / data stealing - some parts of Android are also close-source, and are maintained by Google. Actually, 60% of whole software is close-source. On your PC, the whole software is close-source. Windows is close source. So, you trust your data to such companies like Google, M$, but to a no-name guy that writes mods for Android - no? I just don't get your opinion ?
 
  • Like
Reactions: SnuggP, chocolote4444, Luthor Lynch and 9 others
mlgmxyysd

mlgmxyysd

Recognized Developer
Jul 22, 2017
334
452
Henan,China
www.neko.ink
Google Glass
OnePlus One
spamtrash said:
Basically the very good warning/justification is in the second post of the original TaiChi thread by @M66B.

together with the post 45, it can be assumed:
it is a system level application
it does have closed, obfuscated code
it did not passed any external audit*
it does contain some controversial sentences in T&Cs

* - perhaps as the result of being written by a single person (in theory - we cannot know if there is someone behind)

Now it is each user individual choice: use it or not. If you do trust the developer, "do not have anything to hide" - feel free to use it.

Personally, if I'd be interested then yes: I would use it. After setting it up on a dummy old phone for a month and checking traffic very carefully. single encrypted packet would eliminate it from use.

But again, it is a personal choice of each individual user to give access to all and any private information stored and obtained by the phone (voice, video recording capabilities are obvious) to the developer who does not trust the users enough to deobfuscate/open the code.

It is just a mutual trust: you trust them as much as they trust you, isn't it?
Click to expand...
Click to collapse

Yes, you are right.

Using these Xposed framework is the choice of users.

Just to remind, there are many similar virtual Xposed.

I personally prefer and recommend using open-source or unrestricted Xposed frameworks.
 
Last edited by a moderator:
  • Like
Reactions: blackhawk_LA
mlgmxyysd

mlgmxyysd

Recognized Developer
Jul 22, 2017
334
452
Henan,China
www.neko.ink
Google Glass
OnePlus One
Senliast said:
May be, TaiChi is close-source because the developer of it wants to protect that against Google?
Click to expand...
Click to collapse

To be sure, no.

The author's reason is (Translated from Chinese):

Do you really think open source is a good thing? For individuals, open source may mean security, but many families have been destroyed by others doing all kinds of things (Translate notes: Pornography, gambling, drugs are mentioned in the context) with your open source code. You just need to say, I open source, it's none of my business.
Click to expand...
Click to collapse

But this is a totally wrong theory.

No, just a little bit. He's right. "I open source, It's none of my business."

It's true that open source software is easy to be used by bad people.

But what should be punished is only those who use it to do bad things, right?

For example, I sold you a knife. The name of the knife is open source software. Should I be punished if you kill people with this knife?

If, according to him, the one who finds that IOS system can't fix bugs (checkm8) and makes open-source jailbreak software should be jailed
According to him, anyone who discovers a CVE vulnerability and makes an open source POC should be jailed.
According to him, anyone who ... and makes an open source software should be jailed.

You may ask, why?

Answer: your open-sources software may be used by bad people, causing many families to be destroyed.:(

Senliast said:
P.S. About this spying / tracking / data stealing - some parts of Android are also close-source, and are maintained by Google. Actually, 60% of whole software is close-source. On your PC, the whole software is close-source. Windows is close source. So, you trust your data to such companies like Google, M$, but to a no-name guy that writes mods for Android - no? I just don't get your opinion
Click to expand...
Click to collapse

It's about software framework, not software or module or system.:)
 
Last edited:
  • Like
Reactions: blackhawk_LA and wannaskoo
mlgmxyysd

mlgmxyysd

Recognized Developer
Jul 22, 2017
334
452
Henan,China
www.neko.ink
Google Glass
OnePlus One
  • Like
Reactions: iron1050, holofractal, Yata87 and 2 others
D

d3vyarth

Senior Member
Jul 10, 2014
367
70
So what's the conclusion? Is someone going to do intensive research on the behavior of this framework and hunt for exploitation of vulnerabilities?
 
nri_tech1183

nri_tech1183

Senior Member
Jan 4, 2015
509
46
What guarantee you give for edxposed as well? It isnt officially from xposed team right?
And edxposed already posing issues with Safetynet and Taichi works simply great.


And as far as data leaks etc, once you step into the world of android you are already in the risk zone. By this time all your data is already sold across the globe. Its too late to bother now. So just be at peace.
 
You must log in or register to reply here.

Similar threads

rovo89
  • Locked
Xposed - Legacy thread. Don't panic, Xposed is still here.
Replies
12K
Views
8M
rovo89
rovo89
rovo89
  • Locked
  • Sticky
[OFFICIAL] Xposed for Lollipop/Marshmallow/Nougat/Oreo [v90-beta3, 2018/01/29]
Replies
49
Views
8M
rovo89
rovo89
rovo89
[DISCUSSION] Xposed for Lollipop
Replies
13K
Views
4M
lenoid
lenoid
romracer
[UNOFFICIAL] Systemless Xposed for Android 5.1/6.0 - v86.1 / 20160928 / SDK22/SDK23
Replies
7K
Views
3M
D
Deleted member 11604687
wanam
  • Locked
[UNOFFICIAL][5.1/6][v87.1][28 Nov]Xposed for Samsung Lollipop/Marshmallow
Replies
6K
Views
2M
wanam
wanam

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 24
    weishu
    weishu
    Although there is no technical research at the moment that shows that it has done bad things, but who knows?
    Click to expand...
    Click to collapse

    You looks like a thief, although i have no evidence, but who knows?
    You looks like a rapist, although i have no evidence, but who knows?
    You are ..., although i have no evidence, but who knows?

    As for open-source:
    Here is my github profile: https://github.com/tiann

    I do a lot for open-source community, but i don't think everything should be open-sourced. This is my respond for Why taichi is closed-source: https://github.com/taichi-framework/TaiChi/issues/998#issuecomment-544934678

    If you are a FOSS fans, I fully understand and support you. But i should sadly tell you that taichi may not be suitable for you :(

    As for the terms of Taichi:

    Taichi·Ying needs to uninstall the original app first, this of cause may lead to loss of data; The Fabric may collect your anonymous information and upload the crash informations; TaiChi·Yang need to unlock the bootloader, it may damage your device, this may happen rarely, but i cannot neglect it. All of these are normal terms, You just accuse of me by imagination?
    View
    22
    mlgmxyysd
    mlgmxyysd
    WARNING:

    If you want to use Xposed Framework in Android Pie, Q or higher version.

    Do NOT use TaiChi anyway.

    TaiChi (aka EXposed) is developed by a Chinese commercial software company, closed-source, networked and with code obfuscation.

    And the terms of use are repeatedly emphasized(Translated from Chinese, excerpt):

    3.1 The official shall not be liable for any of the following circumstances, and the TaiChi developer shall not be liable for damages:

    3.2 Presence in the service may cause loss of data, information disclosure, data modification, etc.(Note: The above refers to any condition, even if you do not install or activate any Xposed module may occur), due to personal reasons or the use of third-party Xposed modules, lost data, information disclosure, data modification, capital loss, etc.

    5. Disclaimer.

    You acknowledge and agree that TaiChi Developer shall not be liable for any damages that may result from any of the following circumstances, including but not limited to property, income, data and other losses or other intangible births.

    5.6 Presence in the service may cause loss of data, information disclosure, data modification, etc.(Note: The above refers to any condition, even if you do not install or activate any Xposed module may occur), due to personal reasons or the use of third-party Xposed modules, lost data, information disclosure, data modification, capital loss, etc.(Note: This paragraph repeatedly emphasizes)
    Click to expand...
    Click to collapse

    And if you want to use it, you must unconditionally agree to the above terms.

    Although there is no technical research at the moment that shows that it has done bad things, but who knows?

    It may still lead to security issues, even your money.

    And you NEVER know what it does behind the scenes unless it's an open-source software.

    According to the official group administrator of Taichi, people don't need any privacy in the era of big data.

    I'm very disappointed with this attitude.

    It's like A's safety box was damaged, B and C and D stole something, and then E also stole something, and said to A: anyway, your things have been stolen, I can steal a little more.

    Similarly, the above A can be regarded as users, B and C and D can be seen as software that has divulged some of your stuff before. E is TaiChi.

    Finally, please keep in mind that you should NEVER use a closed-source software framework try to modify your system, for security.
    View
    12
    Senliast
    Senliast
    Yeah, Xposed is close-source, and where is it now? Google wrote a permanent detection system for that, SafetyNet, and you cannot install Xposed and pass SafetyNet, half of apps will not work, except EdXposed, it could pass SafetyNet, but even that got recently detected by Google and now you must do various tricks / hacks with black list to pass SN with it. May be, TaiChi is close-source because the developer of it wants to protect that against Google?

    P.S. About this spying / tracking / data stealing - some parts of Android are also close-source, and are maintained by Google. Actually, 60% of whole software is close-source. On your PC, the whole software is close-source. Windows is close source. So, you trust your data to such companies like Google, M$, but to a no-name guy that writes mods for Android - no? I just don't get your opinion ?
    View
    10
    mlgmxyysd
    mlgmxyysd
    ldeveraux said:
    Are the apps you install from the Play Store open source?
    Click to expand...
    Click to collapse

    Go back and see what we're talking about
    Application framework and modify your system, not application in Play Store
    View
    5
    mlgmxyysd
    mlgmxyysd
    Senliast said:
    Yeah, Xposed is close-source
    Click to expand...
    Click to collapse

    Note that Xposed is not commercial production.

    But TaiChi is.

    Shenzhen Dimen Space Network Technology Co., Ltd
    http://taichi.dimenspace.com/
    Website record(in China) No.44030502003828
    Click to expand...
    Click to collapse

    Commercialization means that the main purpose is to make money, so it will bring more risks.
    View

New posts