azrienoch · Nov 15, 2011 at 12:00 am

Location Security Exploit on Samsung Devices

XDA Recognized Developer pedrodh recently identified an exploit in Samsung devices running AccuWeather, and developed an app for demonstration.  The app can poll your location without granting any permissions–not even Superuser permissions–using two lines of code.

As a system app, AccuWeather is automatically granted access to your GPS settings.  There are two ways to avoid giving away your location.  Under the AccuWeather settings you can set your location manually.  The developer recommends some remote village in China.  Unless, of course, you live in a remote Chinese village.  The second way is to gain root access to your Samsung device and remove the widget entirely.

The developer provides those two lines of code if you want to create your own app, or you can use his.  Hopefully this demonstration is enough to alert less enthusiastic Samsung users to where they are vulnerable.

Originally posted by pedrodh
The problem is even more serious than I first though, because you only need to have the widget on the launcher once, and that info will remain in the system informations when you remote it from the launcher, even across reboots or even if you clear the widget’s data and cache (pretty scary :S). Sometimes (I don’t know why exactly yet) the info goes away for good, but only if you don’t have this widget on your launcher!

Please see the development thread for more information.


_________
Want something on the XDA Portal? Send us a tip!
Emil Kako · Feb 26, 2015 at 12:30 pm · 1 comment

What Bugs You Most About Google’s Play Store?

Google announced today that it will be bringing ads to the Play Store, and while that will surely annoy the majority of us, it isn't the only thing that sucks about the Play Store. From the lack of clear communication with developers to ridiculous restrictions, there are a handful of very annoying things about Google's approach. Let us know what bugs you the most about the Play Store.

DISCUSS
Mario Tomás Serrafero · Feb 26, 2015 at 11:32 am · 1 comment

Watches: Luxurious Frivolity vs. Humble Practicality

Smartwatches still have a lot of growing up to do. Not too long ago the latest Canalys figures revealed a rather disappointing outcome for 2014, something we covered with the ultimate conclusion that, once again, smartwatches had no year. The direction of smartwatches is unclear to even the biggest OEMs, and with every new option there seems to be polarizing dissonances from what people and OEMs want and what they both think they want. We've documented many of the reasons as to...

XDA NEWS
Mathew Brack · Feb 26, 2015 at 10:28 am · no comments

Do ISPs Abuse Their Power?

Every day, the majority of us use the internet through several different internet service providers, but what we may not think about whilst using this service is how much control these companies have over our experience. AT&T recently launched their rival to the Google Fiber service and subsequently looked for a way to further monetize on their offering. For an extra $29 on top of the $70 monthly charge, you can buy your privacy back from them. Otherwise expect online adverts...

XDA NEWS
Share This