Fix ad discovery false positives and improve WebView blocking heuristics#4
Fix ad discovery false positives and improve WebView blocking heuristics#4Illhm wants to merge 5 commits into
Conversation
- Fix hooked package guard to be process-aware and thread-safe. - Introduce `AdHeuristic` to score class names and URLs reliably and reduce false positives in `HookDiscovery`. - Adjust `WebViewRequestBlocking` to hook explicitly and safely, avoiding `hookAllMethods`. - Introduce rewarded ad protection: detected rewarded ads are not automatically blocked, and are logged instead. - Improve pattern loading logic in `Main`. - Add documentation for Hook Discovery.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
- Introduced `blockAdFunctionSafe` and `blockAdFunctionWithSafeDefault` in `ApiBlocking.java` to prevent `ClassCastException` in target apps. - Added modern blocker classes for `GoogleMobileAds`, `AppLovinMax`, `MetaAudienceNetwork`, `UnityAds`, `IronSource`, `Vungle`, `Pangle`, `Mintegral`, `Chartboost`, `InMobi`, `Appodeal`, and `YandexAds`. - Registered new blockers in `Main.java`. - Implemented `GenericModernAdHeuristic` placeholder. - Avoided blindly replacing missing hooks and properly implemented reward flow protection by skipping rewarded hooks.
- Add modern blocker implementation for `Fyber/Inneractive`, `Tapjoy`, `Smaato`, `StartIo`, and `AmazonPublisherServices`. - Register the new blockers in `Main.java`. - Include `"serversideverification"` as a protected rewarded identifier in `AdHeuristic`. - Strip query string payload before logging allowed rewarded URLs to prevent information leak in `WebViewRequestBlocking`.
- Refactored legacy `blockAdFunction` hooks in `ApiBlocking.java` to use dynamic reflection-based safe default returns (e.g. `0`, `false`, `null`), mitigating application crashes caused by `ClassCastException`. - Removed explicit rewarded ad hooks (`showRewardedVideo`, `loadRewardedVideo`, etc) from legacy blockers like `Applovin`, `Chartboost`, and `Ironsource` to enforce the strict reward protection policy (i.e. do not bypass or auto-complete rewarded ads).
- Removed explicit video/rewarded ad hooks from `Appnext` and `Yandex`. - Migrated legacy `ApiBlocking.blockAdFunction` hooks in `Appnext`, `Adcolony`, `UnityAds`, `Facebook`, and `Vungle` to use the safe reflection-based `blockAdFunctionWithSafeDefault` proxy logic to prevent potential `ClassCastException`s.
This PR addresses several issues and improvements related to ad discovery and web request blocking.
Changes:
hookedPackageswas modified to use a synchronized set and correctly trackpackageName + ":" + processNameto prevent skipped hooks in secondary processes.AdHeuristic.javato contain the ad discovery logic. It flags obvious ad-related keywords and ignores common false positives (likeAdapter,Badge,Shadow).hookAllMethodswith targetedfindAndHookMethodfor both older and newer Android APIs. Improved matching logic by ignoring null/empty patterns, isolating host match rules, and ignoring query strings.AdHeuristic.isRewarded()check to bypass blocking on rewarded ads. Bypassed rewarded ads are now safely logged.UnpackResourcesfallback inMain.javato attempt loading the host pattern assets regardless of the LSPosed version, with safe fallbacks and logging on failure.docs/HOOK_DISCOVERY.mdexplaining how to enable discovery mode, interpret the logcat, and outlining the rewarded ad policy.PR created automatically by Jules for task 12926542409016962392 started by @Illhm