[HACK] Allo for Android bypass authentication and have a look around the app (arm64)

Search This thread

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,441
7,696
23
Salford, Greater Manchester, UK
quinny898.co.uk
THIS DOES NOT ALLOW YOU TO USE ALLO AS A SERVICE! IT USES DUMMY MESSAGES SO YOU CAN SEE WHAT THE APP IS LIKE!
USE THIS AT YOUR OWN RISK, GOOGLE MAY NOT LIKE IT

Allo for Android was leaked yesterday in APK form, as an internal early build release. When you launched the app on a compatible device, it shows a screen to authenticate via text, but the servers aren't actually sending out verification codes so you end up stuck in a loop.

I decompiled the app, and removed the method where the "Welcome" activity is launched, allowing the app to at least show the conversation screen, using Xposed. This could probably be achieved using Smali edits, but I haven't tried that.

I then tried to get the app to actually allow me to add users, but of course, as it was trying to connect via an account that was not authorised, that wouldn't work. So I took a different approach, and edited the database used by the app using Root Explorer + SQLite Editor to add dummy users, conversations and messages that way. I'll go into what I've worked out about the database in a later post, so you can trick your friends or something.

After that, I had pretty much full access to the offline features of the app (ie. those that didn't need a constant connection, messages still would not send), and could look around the app and its UI:
- Normal (1 to 1) conversations with other users
- Group conversations
- Incognito conversations

Stickers were working earlier on, but have since stopped loading. I can say however, that the default, included, stickers were not the only stickers available, as you could download two more packs. That was working around midday BST today but has since stopped, so either Google has blocked me or capped it entirely.

Anyway, below is some videos of the aforementioned features, as well as a couple of others.

https://www.youtube.com/watch?v=aI-kXmzhLeo&feature=youtu.be
https://www.youtube.com/watch?v=Y4mUKRtr4kg

There's some things I didn't mention:

The app appears to link your number to your account, which may mean tablets work too as long as you have a phone

You can send voice messages (I didn't cover this in the video because I assumed it was a voice input rather than a voice message)

You can send videos

Tapping a 1 to 1 conversation's image on the list opens information about the user, allowing you to call and send a message

Sharing images from other apps works the same as other messaging clients



Want to try this yourself?
You'll need Xposed and Titanium Backup (free is fine) to do this:
  1. Download the Xposed Module and Titanium Backup file from GitHub here
  2. Install the Xposed module, activate it and reboot
  3. Open the TiBkp file using Titanium Backup, and restore app and data
  4. Run Allo (it's been renamed from Messaging to Allo now)
  5. Look around, but remember nothing actually works

Next job is to see if I can get onto Duo in the same way, although that will allow even less than Allo.
 
Last edited:

Quinny899

Recognized Developer / Recognized Contributor
Jan 26, 2011
8,441
7,696
23
Salford, Greater Manchester, UK
quinny898.co.uk
Tonight's update, same as Reddit:

What I've found out today:

- SMS and Hangouts, although hinted at in the code, cannot be enabled using Xposed at this time.
- I worked out how to make messages appear in the conversations using the database, YouTube video here
- Messages support text, images (GIF or normal), videos, stickers and YouTube links, with previews. YouTube links open in the app, not inline
- There appears to be a read receipt for messages, as well as sent ticks.
- As expected (it being an internal release), there's a lot of debug code in (but disabled by default, it's not a debug release) the app. AlloAllo enables it (see the video)

Xposed Module new APK

Massive document on how the database works and how to add your own stuff

Xposed Module Source

I'll do a proper writeup as a teardown tomorrow if I get the time, but Duo is pretty much a writeoff as it's pointless
 

MishaalRahman

Editor in Chief
Nov 2, 2015
1,038
2,118
www.xda-developers.com
Tonight's update, same as Reddit:

What I've found out today:

- SMS and Hangouts, although hinted at in the code, cannot be enabled using Xposed at this time.
- I worked out how to make messages appear in the conversations using the database, YouTube video here
- Messages support text, images (GIF or normal), videos, stickers and YouTube links, with previews. YouTube links open in the app, not inline
- There appears to be a read receipt for messages, as well as sent ticks.
- As expected (it being an internal release), there's a lot of debug code in (but disabled by default, it's not a debug release) the app. AlloAllo enables it (see the video)

Xposed Module new APK

Massive document on how the database works and how to add your own stuff

Xposed Module Source

I'll do a proper writeup as a teardown tomorrow if I get the time, but Duo is pretty much a writeoff as it's pointless

Hey there, great work! If you want, we can feature your findings on the portal. Just send me a PM or post your findings here when you're ready with it!
 

Tanmoy Mitra

Senior Member
Nov 11, 2015
87
9
21
Raipur
:good:
 

Attachments

  • nexus2cee_original.jpg
    nexus2cee_original.jpg
    68.7 KB · Views: 1,408
Last edited:

Luke T. Kirk

Senior Member
Nov 1, 2015
63
17
hey guys i need a way to download my profile picture out of google allo. I've deleted the original one and i cant seem to find an option to download it officially. Perhaps there's a location in the data partition where it's stored? Any ideas?
 
G

GuestK00326

Guest
I am rooted can any one point me in the direction of can any one point me where the allo stickerpacks all saved located on device as I have download them all can any one tells me where I have to look ps
do I need xposted?

Thanks
 

Top Liked Posts

  • There are no posts matching your filters.
  • 31
    THIS DOES NOT ALLOW YOU TO USE ALLO AS A SERVICE! IT USES DUMMY MESSAGES SO YOU CAN SEE WHAT THE APP IS LIKE!
    USE THIS AT YOUR OWN RISK, GOOGLE MAY NOT LIKE IT

    Allo for Android was leaked yesterday in APK form, as an internal early build release. When you launched the app on a compatible device, it shows a screen to authenticate via text, but the servers aren't actually sending out verification codes so you end up stuck in a loop.

    I decompiled the app, and removed the method where the "Welcome" activity is launched, allowing the app to at least show the conversation screen, using Xposed. This could probably be achieved using Smali edits, but I haven't tried that.

    I then tried to get the app to actually allow me to add users, but of course, as it was trying to connect via an account that was not authorised, that wouldn't work. So I took a different approach, and edited the database used by the app using Root Explorer + SQLite Editor to add dummy users, conversations and messages that way. I'll go into what I've worked out about the database in a later post, so you can trick your friends or something.

    After that, I had pretty much full access to the offline features of the app (ie. those that didn't need a constant connection, messages still would not send), and could look around the app and its UI:
    - Normal (1 to 1) conversations with other users
    - Group conversations
    - Incognito conversations

    Stickers were working earlier on, but have since stopped loading. I can say however, that the default, included, stickers were not the only stickers available, as you could download two more packs. That was working around midday BST today but has since stopped, so either Google has blocked me or capped it entirely.

    Anyway, below is some videos of the aforementioned features, as well as a couple of others.

    https://www.youtube.com/watch?v=aI-kXmzhLeo&feature=youtu.be
    https://www.youtube.com/watch?v=Y4mUKRtr4kg

    There's some things I didn't mention:

    The app appears to link your number to your account, which may mean tablets work too as long as you have a phone

    You can send voice messages (I didn't cover this in the video because I assumed it was a voice input rather than a voice message)

    You can send videos

    Tapping a 1 to 1 conversation's image on the list opens information about the user, allowing you to call and send a message

    Sharing images from other apps works the same as other messaging clients



    Want to try this yourself?
    You'll need Xposed and Titanium Backup (free is fine) to do this:
    1. Download the Xposed Module and Titanium Backup file from GitHub here
    2. Install the Xposed module, activate it and reboot
    3. Open the TiBkp file using Titanium Backup, and restore app and data
    4. Run Allo (it's been renamed from Messaging to Allo now)
    5. Look around, but remember nothing actually works

    Next job is to see if I can get onto Duo in the same way, although that will allow even less than Allo.
    4
    Tonight's update, same as Reddit:

    What I've found out today:

    - SMS and Hangouts, although hinted at in the code, cannot be enabled using Xposed at this time.
    - I worked out how to make messages appear in the conversations using the database, YouTube video here
    - Messages support text, images (GIF or normal), videos, stickers and YouTube links, with previews. YouTube links open in the app, not inline
    - There appears to be a read receipt for messages, as well as sent ticks.
    - As expected (it being an internal release), there's a lot of debug code in (but disabled by default, it's not a debug release) the app. AlloAllo enables it (see the video)

    Xposed Module new APK

    Massive document on how the database works and how to add your own stuff

    Xposed Module Source

    I'll do a proper writeup as a teardown tomorrow if I get the time, but Duo is pretty much a writeoff as it's pointless
    3
    Great work! I featured this on the XDA Portal as this is the first hands-on of the app I could find!
    2
    Tonight's update, same as Reddit:

    What I've found out today:

    - SMS and Hangouts, although hinted at in the code, cannot be enabled using Xposed at this time.
    - I worked out how to make messages appear in the conversations using the database, YouTube video here
    - Messages support text, images (GIF or normal), videos, stickers and YouTube links, with previews. YouTube links open in the app, not inline
    - There appears to be a read receipt for messages, as well as sent ticks.
    - As expected (it being an internal release), there's a lot of debug code in (but disabled by default, it's not a debug release) the app. AlloAllo enables it (see the video)

    Xposed Module new APK

    Massive document on how the database works and how to add your own stuff

    Xposed Module Source

    I'll do a proper writeup as a teardown tomorrow if I get the time, but Duo is pretty much a writeoff as it's pointless

    Hey there, great work! If you want, we can feature your findings on the portal. Just send me a PM or post your findings here when you're ready with it!
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone