There are a number of different apps on the Play Store that make browsing the XDA portal and forums a fun experience on mobile, but we want to know: What's your favorite way to access the XDA forums? Do you prefer browsing on the desktop, mobile app, or mobile browser? If you use a mobile app, which one? Let us know how you connect with our community in the comment section below.
Here’s Everything That’s Changed in Android 4.4.4 KTU84P
Earlier today, we were all surprised at the sudden release of Android 4.4.4. Naturally, this left us all a bit curious as to what exactly went into this latest release, which according to Sprint’s update support documentation, brings an unspecified “security fix.” Now, the fine folks over at FunkyAndroid have done what they do best by listing out every code commit introduced with this new version of Android.
The FunkyAndroid team has already given us developer changelogs for Android 4.4.1, 4.4.2, 4.4.2_r2, and 4.4.3. Now, they’ve gone ahead and given us yet another developer changelog for Android 4.4.4 KTU84P. As always, this service is made possible thanks to an open source script released by none other than former AOSP lead JBQ.
The complete changelist:
b8e2dab : DO NOT MERGE Update for version bump
6da2c75 : CTS test for OpenSSL’s early CCS issue (CVE-2014-0224)
a3b762f : Disable host side holotests also
8e02f46 : CTS report MUST not display raw performance numbers. bug:13347703
510cfbc : media: Refactor and improve robustness of AdaptivePlaybackTest
e502d40 : Fix a concurrency bug in OpenSSLHeartbleedTest.
3a90060 : hardware: consumerir: Increase test pattern length
c070509 : hardware: consumerir: Fix time discrepancy
1856a4e : CTS test for Heartbleed vulnerability in SSLSocket.
e2f305e : Cherrypick “OpenSSL: add CVE fixes from 1.0.1h”
As specified by Sprint’s update support documentation, this is indeed a security update. And looking into the commits made to 4.4.4, we can now see that this is the case. We can also see that the vulnerability patched by this update isn’t the Linux kernel CVE-2014-3153 vulnerability exploited in geohot’s towelroot, but rather an OpenSSL early CCS issue (CVE-2014-0224) that may lead to certain types of man-in-the-middle attacks. In addition to the security fixes, some minor changes were made to webview and chromium, as well as event logging.
It is possible that in addition to the AOSP code commits, there may be certain device-specific fixes that come through the proprietary driver blobs that were also released at the same time. However, nothing is known at this time, including whether the dreaded mm-qcamera-daemon issue is still present.
Want something on the XDA Portal? Send us a tip!
Once a year, top players in the mobile sphere gather for MWC, to show off what they've been working on and collectively set the standard for the year to come. Yesterday was a big day with the launch of HTC and Samsung's flagships, alongside numerous other announcements, and today it was Google's turn to take the stage. SVP Sundar Pichai took the stage in Barcelona to speak about Google's network initiatives, Project Link and Project Loon, as well as to...
Intel showed its face at MWC 2015 to give the world a yearly update on their upcoming line of chipsets for mobile. While last year the company focused on gathering partnerships and strengthening up their services, architectures and production, now they are revamping their Atom line of SoCs for mobile with a new brand name and a distinctive category format much like that of their i3/i5/i7 line of personal computing processors. The new scheme will be naming the chips x3, x5...