The china bit
Pub. 2023 Jan 7You've all heard the news. TikTok. TikTok is singlehandedly reducing zoomer's attention spans from 2 seconds to some amount less than 2 seconds. And the TikTok is taking their data and using it for unknown and inscrutible reasons!
Now fortunately America has had a long history of dealing with very difficult problems, and we've come up with a general solution:
We slap a sticker on it!
When we had a problem with vulgar and powerful lyrics that spoke to teenagers, we slapped a sticker on it!
When we had a problem of teenage obesity and long term health effects from heart disease caused by widespread unhealthy food, we slapped a sticker on it!
I'd feel honored to join this beautiful American tradition and propse a solution to the TikTok problem!
The China Bit
I've worked some with the internals of Java class files before, so I know that there are a number of reserved bits that can be used to signal Chinese origin. From the JVM spec:
A class file consists of a single ClassFile structure:
ClassFile {
u4 magic;
u2 minor_version;
u2 major_version;
u2 constant_pool_count;
cp_info constant_pool[constant_pool_count-1];
u2 access_flags;
u2 this_class;
u2 super_class;
u2 interfaces_count;
u2 interfaces[interfaces_count];
u2 fields_count;
field_info fields[fields_count];
u2 methods_count;
method_info methods[methods_count];
u2 attributes_count;
attribute_info attributes[attributes_count];
}
In case you're confused, the JVM spec uses the cursed int types u1, u2, u4 to mean 8-bit uint, 16-bit uint, and 32-bit uint resp. The field access_flags is expanded in table 4.1-B:
ACC_PUBLIC 0x0001 Declared public; may be accessed from outside its package.
ACC_FINAL 0x0010 Declared final; no subclasses allowed.
ACC_SUPER 0x0020 Treat superclass methods specially when invoked by the invokespecial instruction.
ACC_INTERFACE 0x0200 Is an interface, not a class.
ACC_ABSTRACT 0x0400 Declared abstract; must not be instantiated.
ACC_SYNTHETIC 0x1000 Declared synthetic; not present in the source code.
ACC_ANNOTATION 0x2000 Declared as an annotation interface.
ACC_ENUM 0x4000 Declared as an enum class.
ACC_MODULE 0x8000 Is a module, not a class or interface.
...
All bits of the access_flags item not assigned in Table 4.1-B are reserved for
future use. They should be set to zero in generated class files and should be
ignored by Java Virtual Machine implementations.
As you can see, the bits 1<<2, 1<<3, 1<<6, 1<<7, 1<<8, and 1<<11 are all free and reserved.
I suggest making a new ACC_CHINA and setting it equal to 1<<8. This bit will be mandated by any standards compliant compiler to be set if the compiler detects that the OS's language is set to Mandarin.
I posit that this will be relatively safe and resistant to tampering. I mean, just take a look at some code from OpenJDK. if, else, public, it's all English words! It'll be a long time before they can figure it out.
But just in case they do, we can coopt some more bits for security. There are a variety of known, solid private keys, like 0x09F911029D74E35BD84156C5635688C0, that can be used to sign the file. What I propose:
1. Do compilation as normal
2. Detect the presence of Mandarin, China geolocation, or probable Chinese heritage (p < 0.05)
3. Set ACC_CHINA accordingly
4. Compute the signature of the class file using a known secure NSA-approved, China-unapproved key
5. Truncate the signature to two bits and stick them in `1<<6` and `1<<7`
After the .class files in the APK have been set and it's uploaded to the Google Play Store, the Play Store can slap a sticker on it if it contains any ACC_CHINA bits set!
God bless America.