Profile cover photo
Profile photo
Moritz Post
Tech and mobile enthusiast. :)
Tech and mobile enthusiast. :)

Communities and Collections
View all

Post has attachment
After years in the making we are happy to announce the latest incarnation of our Nine Men's Morris game: Doublemill 3! :)

You might wonder: "Another installment?" You heard right! Besides the delightful features you already enjoyed in Doublemill 2, version 3 adds the ability to play online with your friends (powered by Google Play Games).

The app is a complete rewrite and we are still early in the release process so we are constantly fine tuning little details. Please give the app a try and don't hesitate to provide feedback (and a good app store rating :)).

Post has attachment
Great set of tips here when working with Android Room to manage your SQLite database.

Post has attachment
Really love what you can do with adaptive icons in Android O. Go forth and layer your brand. :) Some nice interactive examples can be found at

Post has shared content
Interesting FAQ about the recent KRACK attack on WIFIs WPA2. has a FAQ. Some interesting questions from there:

Do we now need WPA3?

No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa. In other words, a patched client or access points sends exactly the same handshake messages as before, and at exactly the same moments in time. However, the security updates will assure a key is only installed once, preventing our attacks. So again, update all your devices once security updates are available.

Should I change my Wi-Fi password?

Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack. So you do not have to update the password of your Wi-Fi network. Instead, you should make sure all your devices are updated, and you should also update the firmware of your router. After updating your router, you can optionally change the Wi-Fi password as an extra precaution.

What if there are no security updates for my router?

Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones.

The 4-way handshake was mathematically proven as secure. How is your attack possible?

The brief answer is that the formal proof does not assure a key is installed once. Instead, it only assures the negotiated key remains secret, and that handshake messages cannot be forged.

The longer answer is mentioned in the introduction of our research paper: our attacks do not violate the security properties proven in formal analysis of the 4-way handshake. In particular, these proofs state that the negotiated encryption key remains private, and that the identity of both the client and Access Point (AP) is confirmed. Our attacks do not leak the encryption key. Additionally, although normal data frames can be forged if TKIP or GCMP is used, an attacker cannot forge handshake messages and hence cannot impersonate the client or AP during handshakes. Therefore, the properties that were proven in formal analysis of the 4-way handshake remain true. However, the problem is that the proofs do not model key installation. Put differently, the formal models did not define when a negotiated key should be installed. In practice, this means the same key can be installed multiple times, thereby resetting nonces and replay counters used by the encryption protocol (e.g. by WPA-TKIP or AES-CCMP).

Post has shared content
Good to hear something from +Roman Nurik. :)
Listen to the latest Method podcast:

In this episode, +Liam Spradlin interviews #Firebase designer +Roman Nurik about everything from density to #MaterialDesign, developer UX, design systems, and the time-saving potential of tooling:

"I love building tools that empower the designer to tell a computer how to do something. Literally anything that can save time for designers, I try to do."

Post has attachment
Good Bye Windows 10 Mobile. You tried hard. We liked you but it doesn't always work out. See you in another life.

Post has attachment
Here is a very nice set of photos taken with the Google Pixel 2. Impressive!

Post has attachment
Good bye spare time. Hello snes mini. 😊

Post has attachment
The new pixel phones are out! And while everybody is still digesting all the nity grity details i stumbled upon these portrait mode youtube videos made by google to introduce people to the phones capabilities. Watch in Portrait on a phone! Pretty smart. :)

Post has shared content
Great news for all of us. Not so much for the Firebase Realtime database. :)

Having read through some of the documentation, i am very fond of the Collection/Document data structuring model. It makes it much less verbose than in the realtime database.
Introducing Cloud Firestore: store, sync and query your app data at global scale easily

Read the blog here →
Wait while more posts are being loaded