Te-k
commented
1 year ago Hi,
Apologies for the delay. This is a good question : checking bug reports is clearly easier in term of check but it is also more limited, mostly you won't be able to check Settings, details of SMS and details of packages. So if for instance you have a clear package name that you know as malicious, it may be enough, but chances are that you will want to check the details of each package and only package name and permissions are available in bugreport (not certificate or hash of the APK)
I hope it helps
Hello!
First of all, thank you for putting your time into developing this tool.
I am working with some of your acquaintances on testing the phones of vulnerable individuals. We plan to distribute and deploy test-stations in various countries. After the option to check bug-reports was added to the project, we've been wondering if there are any difference in the thoroughness of running MVT over adb rather than on bug-reports. The bug-report option is quite advantageous regarding remote analysis, but is it in any way compromising the quality/results of the tests run? Which method is to prefer in order to conduct the most profound analysis? Are there disadvantages in using one over the other?
Hope you can enlighten us :-)