azrienoch · Nov 15, 2011 at 12:00 am

Location Security Exploit on Samsung Devices

XDA Recognized Developer pedrodh recently identified an exploit in Samsung devices running AccuWeather, and developed an app for demonstration.  The app can poll your location without granting any permissions–not even Superuser permissions–using two lines of code.

As a system app, AccuWeather is automatically granted access to your GPS settings.  There are two ways to avoid giving away your location.  Under the AccuWeather settings you can set your location manually.  The developer recommends some remote village in China.  Unless, of course, you live in a remote Chinese village.  The second way is to gain root access to your Samsung device and remove the widget entirely.

The developer provides those two lines of code if you want to create your own app, or you can use his.  Hopefully this demonstration is enough to alert less enthusiastic Samsung users to where they are vulnerable.

Originally posted by pedrodh
The problem is even more serious than I first though, because you only need to have the widget on the launcher once, and that info will remain in the system informations when you remote it from the launcher, even across reboots or even if you clear the widget’s data and cache (pretty scary :S). Sometimes (I don’t know why exactly yet) the info goes away for good, but only if you don’t have this widget on your launcher!

Please see the development thread for more information.


_________
Want something on the XDA Portal? Send us a tip!

azrienoch

azrienoch is an editor on XDA-Developers, the largest community for Android users. View azrienoch's posts and articles here.
Mario Tomás Serrafero · Jul 5, 2015 at 11:00 am · 2 comments

Sunday Debate: Which Factors Caused HTC’s Woes?

Join us in a fun Sunday Debate on HTC's situation. Come with your opinions and feel free to read some of our thoughts, then pick your side or play devil’s advocate to get your voice heard and engage in friendly discussion. You can read our food-for-thought or jump straight into the fray below!     HTC is underperforming, and there isn’t much of a way of denying this. In April, their revenue nearly declined 40%, plummeting after the HTC One M9 had...

XDA NEWS
Mathew Brack · Jul 4, 2015 at 05:07 pm · 4 comments

HTC’s New Ad Campaign And What It Really Means

HTC has just released three new blind test adverts comparing app loading speed, audio and selfies. Whilst you are surely astounded that HTC won every time, the tests were incredibly biased and their release shows something concerning about the company and how they are performing in the current market.     One of the many reasons companies tend to utilize blind trials is when they feel that their product is comparable or better than its competitors. This leads to the assumption...

XDA NEWS
Mario Tomás Serrafero · Jul 4, 2015 at 12:00 pm · 5 comments

XDA Picks: Best Apps of the Week (June 27 – July 4)

Apps are at the front and center of any smartphone experience, and with over a million apps on the Google Play Store and new apps being submitted to our forums every day, staying up to date on the latest apps and games can be a hassle. At XDA we don’t discriminate apps - if it’s interesting, innovative, original or useful, we mention them. The XDA Portal Team loves apps too, and here are our top picks for this week.  ...

XDA NEWS
Share This