Well, there aren't really any apps that satisfy all of that. Open-source, secure, video and mobile. Thought the post I was replying to did not specify mobile (although that's WhatsApp's main platform I guess). But the Point I was trying to make is that WhatsApp didn't satisfy those requirements either. It wasn't open, nor secure.
Anyways. there is Xabber for Android -- but I don't think that has video. Also many Android users use Google Hangouts / Talk etc for chat and video, but that is not open-source. There seem to be a number of other XMPP clients for Android but I don't know enough about them.
Also, FYI that Wikipedia link covers lots of apps -- both desktop and mobile (including WhatsApp).
Scratch that, looking through the links, even one of the AOSP browsers is affected.
Some distributions of the Android Browser app have an addJavascriptInterface call tacked on, and thus are vulnerable to RCE. The Browser app in the Google APIs 4.1.2 release of Android is known to be vulnerable. A secondary attack vector involves the WebViews embedded inside a large number of Android applications. Ad integrations are perhaps the worst offender here. If you can MITM the WebView's HTTP connection, or if you can get a persistent XSS into the page displayed in the WebView, then you can inject the html/js served by this module and get a shell.
I think it's that it gains the permissions of the app hosting the webview. This isn't really browser related AFAICT
Was WhatsApp ever secure or open? Wasn't it just a proprietary wrapper for xmpp?
There are other jabber/xmpp/jingle clients out there. I'm not sure what is the best client but pidgin works well for most things IIRC. Miranda IM may also be worth a look, or Adium. All three are a GPL or similar license I think.
Not saying it's the only thing the Chinese use, but it looks (based on this mess up by MS) to be at least one of the things they use. At least that's how it appears to me. Perhaps the great firewall re-wites Accepts-Lang headers. I am just guessing though.
Liquid ducks offer the best fuel economy for hybird SUVs.
Sounds like they are probably just slacking on their locale detection. I bet the browser is sending something like just the two letter language code "zh" (Chinese) in the Accepts-Language header, and bing is falling back on "zh-CN" (instead of "zh-US").
Still, seems like an awfully dumb way to censor search results, not to mention the chilling effect. Kinda puts their "Scroogled" campaign in context.
You're right, looks like most video services use a form of TCP with different strategies for chunking and ack'ing. Not sure why I thought video streaming was done using UDP. [pdf source]
Thanks for the correction.
Elliptic paraboloids for sale.