By now, you’ve undoubtedly heard of the Android Master Key vulnerability, which allows a malicious payload to be inserted in an application that is installed, due to a discrepancy between signature verification and app installation. The vulnerability has been known for some time, having been responsibly disclosed by Bluebox back in February, and patched a couple of weeks ago.
Another vulnerability, also known officially as Bug 9695860, works in a similar fashion and results in the installation of an unwanted malicious payload from a seemingly innocuous file. It, just like its predecessor, has also been patched a little . . . READ ON »
For anyone with a passing interest in developing apps or who has made an app that makes use of a remote web service, listen up. Much as it can be dull to talk security, particularly when it comes to Android applications, it’s still necessary. Today though, I’m going to go through some suggestions for securing applications that make use of remote web services. Whether this is a server to store data on or a server to deal with communications and messages being sent between users, it’s always worth paying attention to a few things that are often overlooked.
1. Encrypt. . . . READ ON »
In light of all the recent panic over surveillance and Internet monitoring, there are a plethora of “secure” communication programs being announced and launched. These tend to make bold promises of being secure, protecting users from surveillance, and being better than equivalent services.
Yesterday, 3 notable personalities in the web-o-sphere lost much credibility in my (and anyone interested in security’s) view. Why? For using pseudo-security, and trying to market it as security. They clearly do not have a strong background in cryptography or security theory, and appear out to make money, rather than to create a well-designed and well-architected, . . . READ ON »
For the standard end user, this year’s Google I/O, left much to be desired. The disappointment lied mainly in the fact that Google failed to release the highly anticipated Android update, Key Lime Pie. Instead, the annual developers conference, which was held the week of May 15, focused on developer tools and a rebuild of Google Maps. The “new Google Maps,” as the San Jose based company calls it, is a major update which integrates Google Earth to create three-dimensional tours of user surroundings. According to Google, the application highlights the things that matter most to you, wherever you go and whatever you are doing.
On July 10, two months after Google’s announcement of the exciting new update, the company finally introduced the mapping application for Android smartphones and tablets. Google Maps v7.0.0 is gradually rolling out global updates to Android 4.0.3+ devices through the Google Play store, and soon through the App Store for iOS products. For those of you who cannot wait for the update, leaked apk’s are already being seen in the wild. Updates are specific to android versions, so if you can’t wait for it to be officially rolled to your device, make sure you are following the correct download. For quick access to Android 4.1+ updates, see Android Police compiled list of mirrors.
Right or wrong, first impressions often shape the way we view people, places and things. It’s in our makeup, the fabric of who we are. Sometimes we can ignore these thoughts, but more often than not they influence us. And that’s literally the first thing I thought when I was given a Release Preview to Oppo’s new Find5 Firmware, codenamed “Color” (previously known as “Project Firefly”).
For those who aren’t familiar, the Oppo Find5 is a beautiful device we’ve talked about on a few occasions, and our Portal Admin WillVerduzco reviewed recently. Having used one for the last few . . . READ ON »
The interwebz are alight. Debate and argument is intense, following the launch of the HTC One and Samsung Galaxy S4, Google Play editions. The Google Play edition moniker, for those (such as I) who choose to reside under a rock, refers to the fact these devices come minus the manufacturer skins and modifications users are accustomed to, and instead ship with the “stock” Google experience, most commonly seen from AOSP or Nexus devices. A fair idea, it appears, although the launch has been met with controversy and debate over if these new handsets are a let-down. Why? Let’s take a . . . READ ON »
All too often, major device manufacturers such as HTC, Samsung, and Motorola steal the thunder with their announcements and product releases, leaving little room for smaller OEMs to enter the market. Today we’re going to put aside the HTC One and Samsung’s Next Big Thing to talk about the Oppo Find 5, the Chinese company’s first foray into the global market.
You may be asking why we at XDA-Developers would want to review a relatively obscure device that is unfortunately difficult to procure in many regions. Well, availability was recently broadened, and we’ve already been inside the device. . . READ ON »
Android, as an operating system, is fairly unique in that it makes users aware of the permissions available to apps in a fairly transparent way. Compared to Blackberry or iOS, which issue granular prompts such as “Can Angry Birds access your location?” or “Can Instagram access your camera to take photos?” There is a somewhat subtle difference here: The rivals give the user a choice about these requests.
Jump over to Android where, after installing an app, it has free reign to use every permission you agreed to. While this doesn’t sound an issue, let’s take a look at the . . . READ ON »
Everyone loves a good competition; there’s no denying it. Generally, we don’t just give away devices for the sake of giving them away. Sure it drives traffic, but that traffic usually ends up going away until the next giveaway. Wash. Rinse. Repeat. We would rather showcase the amazing work done by the developers on XDA and let that drive traffic than to try and drive traffic by giveaway. However, when given an opportunity to give away something that promotes development, we are all in. This is just such an example.
As promised, the first in our series of “Say Sayonara to Google” articles is about the Play Store. Love it or loathe it, the Play Store is popular. It is so popular, in fact, that it is often berated for the poor quality of apps contained within. While Google is making strides to improve this via their Bouncer malware screening platform, at the end of the day, the Play Store is built on fairly shaky security grounds.
The first security issue with the Play Store is that of remote control. Imagine someone told you the . . . READ ON »
What is freedom? This is a big question being asked by people around the world over the past few years. Many of us believe (and often rightly so) that we are fairly free. Arguably, this is correct in many countries throughout the world. You have political freedoms and many many more. But do you have electronic freedom?
For almost everyone reading this article, it is likely you have a Google Account. This means you have a Gmail account. It’s tied deeply into Android via the Google Apps package of proprietary applications (they are not open sourced, unlike the core Android . . . READ ON »
For most of us, Google I/O is probably beginning to feel like a distant memory—perhaps less so for those lucky enough to be browsing on your shiny new Chromebook Pixels. We’re all aware by now of the big stories from this years conference, but among all that was something that was of great interest to us here on the Portal, which you might not have noticed.
With all of the (often pointless) sound “tweaks” out there, it’s easy to forget that the true sonic upgrades will almost invariably come from output hardware rather than software. And while some software tweaks do actually make a marked improvement on sound quality without sabotaging clarity and neutrality (Elite Recognized Developer Supercurio‘s Voodoo Sound and the HRTF functionality in DSPManager come to mind), much of the software tweaks are are just glorified bass-heavy equalizers (*cough*Beats*cough*) that would make any true audiophile cringe.
So, what does this mean? Simple. It means that if you’re looking to improve the . . . READ ON »