| Aspect | Observation (based on reverse‑engineering of v24.3.1) | |--------|------------------------------------------------------| | | com.faceniff.unlocker24 (occasionally obfuscated as com.fxn.unlocker ). | | Permissions | READ_PHONE_STATE , WRITE_EXTERNAL_STORAGE , CAMERA , INTERNET , READ_CONTACTS , SYSTEM_ALERT_WINDOW , REQUEST_INSTALL_PACKAGES , ACCESS_FINE_LOCATION . Many of these are excessive for a lock‑screen bypass tool. | | Core components | - Native libraries ( libfaceniff.so ) compiled for ARM/ARM64, containing OpenCV‑based facial‑recognition routines. - Background service ( UnlockService ) that runs at boot and monitors lock‑screen events. - Network module that contacts a remote “validation server” ( unlocker24.xyz ) to retrieve device‑specific payloads. | | Obfuscation | Uses ProGuard + custom string encryption. Some strings reveal URLs: https://api.unlocker24.xyz/v2/handshake . | | Root / ADB requirements | None advertised; the APK attempts to gain Device Administrator rights and, if denied, prompts the user to enable USB debugging and install via ADB . | | Data flow | 1. Capture selfie via camera. 2. Compute facial hash locally. 3. Send hash + device identifiers (IMEI, Android ID) to remote server. 4. Receive an “unlock token” that is then injected into the lock‑screen verification routine. | | Persistence | Registers a device‑admin component and a boot‑completed receiver; also creates a hidden folder /data/local/tmp/.fxn/ . |
Public Wi-Fi at cafes, airports, hotels — these are prime targets. faceniff unlocker 24 apk new