BeCandid/Code

From Encyclopedia Dramatica
< BeCandid
This is an old revision of this page, as edited by imported>Goybe at 08:33, 14 October 2016. It may differ significantly from the current revision.
Jump to navigation Jump to search
BREAKING NEWS!!
Their newest release has removed almost all references to Kochava. Except them to find a new way to data mine you
<BeCandid

This was done by downloading an official APK, then decompiling it by using Eclipse, Dex2jar and jd-gui all freeware tools so from a legal aspect there are no issues. They didn’t even secure the APK. Although Kochava had encrypted some files as to how they store user information on the database candid is running. This does not impact the results of the finding.

How You Know This Code Is 100% Accurate


(archive)

(archive)

Imagine that when the company you said you used disagrees with you.

Candid Is Taking Your Facebook Info


Candid uses this to connect to your Facebook account, which they’ve announced on their site, what they haven’t said is that they’re downloading your user information and uses it to data mine you. Now note it is optional to skip Facebook integration via a very obscure skip button in the top right corner. Some of the information Candid is taking is where you work, what education you have, your age, gender and hometown. These are classic datamining fields used by many many corporations This code snippet was found in the file: sd.java

Candid Is Using A Datamining Service



In these two pictures you can see Kochava in action and the BuildConfig and that its being used but as referenced above Kochava has encrypted a lot of the storage processes and its referenced in 149 Documents in the APK. Now what exactly is Kochava?

   
  
Kochava is a mobile app marketing tracker with a unique approach, it looks at all device identifiers as equal and as such is able to match the identifiers of different publishers to provide effective analysis and reporting to advertisers. In addition to this, Kochava also automatically engages a device fingerprinting system, using a number of algorithms incorporating carrier and geo-location to match clicks to installs with an accuracy rate of 85%. Offering deep level integration support, Kochava supports server-to-server integration as well as an SDK for Android and iOS. Match reporting for each attribution includes how (device, hash types etc) and Cohort analysis is offered for ROI overlay as well as optimization according to various campaign metrics (clicks, installs, post-install revenue etc).
 
  		 

MobyAffliates

Now this is fucking scary, Kochava is integrated in everything you do. It's directly connected, for an app that claims to be “free speech” and “anonymous” this is pretty fucking de-anonymizing. Now this will be expanded upon, but Kochava gets all this information from Candid and uses it to sell you ads. They get your first name, (middle), last name, geo location, where you work, how old you are, what education you have, and candid has its own feature of deciding how “politically correct” you are, NIGGER.

These code snippets were found in the file: “Logging.java” & “BuildConfig.Java”

How Candid Datamines You


Now this block of code is very fucking interesting, if you connected to candid with a Facebook account, this is what you give Candid / Kochava access too. Your feed, your likes, your app invites and your messages. This is Clear data-mining and for an anonymous app this is really fucked up There are Lots of other ways candid is datamining you, they get your first name, last name if you connected it to candid, they get your cellphone number either from Facebook or if you registered it yourself, they get your phone model, your phone OS, all your installed apps. They also use this information via their partners google firebase and Kochava to get your custom google advertising id they then store this and use it for promoting customized ads too you This is a whole lot of fucked up to take in, for an app that claims to be free speech and anonymous they sure as hell collect a lot of data on you.


Here candid and Kochava is getting your location, your very accurate location. This is regardless of if you used Facebook or not.


Now here comes the fun part, Candid is making a list and checking it twice of which apps are naughty and nice:




Now what could Kochava possibly want with our installed apps? They already know our geo location, (cellphone numer & first last name (if you used those services) youre googleadid which it was given freely by candid. Candid literally gives you a tracking id after you’ve completed the signup procedure:


These code snippets were found in the file: “GossipApplication.java”

Candid And Advertisement

This is something that is baffling, for an app that claim they don’t do advertisement they have fucking lots of advertisement code, wherether this is future proofing or copypaste from mylikes can't be confirmed.

In this image you can clearly see candid connecting to google and get your personalized Advertising ID I would assume this is already given to them via google play store, which a lot of people use under their personal name, this is handed off to kochava in the mess that is the candid sourcecode, now why they would need this since theyre “ad-free”, we have no idea.


Here you have clear proof that candid uses kochava for advertising purposes this is further de-anonymizing when they can link you to twitter ads, say for example you want to get fisted up the ass by a robot dildo and then on your personal twitter 24 hours later you suddenly see ads for robots or dildos, this is the scenario this can be used in.

They even have folders named ads. How much clearer can it possibly get?

This seems to be the 3 levels of advertising they have

Another strange thing is that Candid uses the word upsell a lot, this is an advertising term:

   
  
Upselling is a sales technique whereby a seller induces the customer to purchase more expensive items, upgrades or other add-ons in an attempt to make a more profitable sale. While it usually involves marketing more profitable services or products, it can be simply exposing the customer to other options that were perhaps not considered. (A different technique is cross-selling in which a seller tries to sell something else.) In practice, large businesses usually combine upselling and cross-selling to maximize profit. In doing so, an organization must ensure that its relationship with the client is not disrupted.
 
  		 

Upsell has been used 150 in the becandid source code which for an app that doesn't have advertising is really strange.

Here you have a nice big code of an upsell example in Candid. What I think this code does it gets your phonenumber from candid or facebook and firstly archives this it's already been proved above that Candid and Kochava already knows what kind of phone and OS you are running.

Candid And Their AI Synthetic

A name that was noticed by us when we scoured the source code of candid was the name Synthetic; mentioned 2268 times and it is involved in everything

This seems to be the 3 levels the AI operates on, the Behavior aka level c is the really scary one, you'll see more of that as we delve into the shit that is Candid AI.

These are all the badges you can get, now if you notice something, you can see GossipApplication is called here. No that’s strange why would Kochava need access to the badge factory?

Could it be because Kochava is integrated everywhere in this application? (Yes)

Now were getting onto the Quality scoring system, which is a whole fucking bundled up in itself. The image above says “The more liberal you are” the higher our AI ranks you.

They run the quality score on both your user and what you post, overkill much?

Candid uses their AI synthetic to check your posts against your score this score is affected by any likes and dislikes you have, fall too far below the line I think and you will be auto shadowbanned. This would be really easy to abuse if you could manage to ID the person behind a post. Which in theory is possible by looking at the live sourcecode of the app. This is unconfirmed and untested but seeing as there is so many fucking unique identifiers going about its at least plausible.

Candid Is Connected To Google With Firebase

Firebase Analytics reports help you understand clearly how your users behave, which enables you to make informed decisions regarding app marketing and performance optimizations



this shows that Candid is handing off a lot of data to google for analytics, and who knows what else they're handing over?

Here we have proof that theyre syncing with google firebase and from the description above theyre syncing the user interaction and data.

If we were you, we would be very fucking careful about using candid, they are shady as fuck.
For questions about this document contact  itgoybe
Retrieved from "http://edramatica.com/index.php?title=BeCandid/Code&oldid=101881"