azrienoch · Nov 15, 2011 at 12:00 am

Location Security Exploit on Samsung Devices

XDA Recognized Developer pedrodh recently identified an exploit in Samsung devices running AccuWeather, and developed an app for demonstration.  The app can poll your location without granting any permissions–not even Superuser permissions–using two lines of code.

As a system app, AccuWeather is automatically granted access to your GPS settings.  There are two ways to avoid giving away your location.  Under the AccuWeather settings you can set your location manually.  The developer recommends some remote village in China.  Unless, of course, you live in a remote Chinese village.  The second way is to gain root access to your Samsung device and remove the widget entirely.

The developer provides those two lines of code if you want to create your own app, or you can use his.  Hopefully this demonstration is enough to alert less enthusiastic Samsung users to where they are vulnerable.

Originally posted by pedrodh
The problem is even more serious than I first though, because you only need to have the widget on the launcher once, and that info will remain in the system informations when you remote it from the launcher, even across reboots or even if you clear the widget’s data and cache (pretty scary :S). Sometimes (I don’t know why exactly yet) the info goes away for good, but only if you don’t have this widget on your launcher!

Please see the development thread for more information.


_________
Want something on the XDA Portal? Send us a tip!

azrienoch

azrienoch is an editor on XDA-Developers, the largest community for Android users. View azrienoch's posts and articles here.
Mario Tomás Serrafero · Jul 30, 2015 at 02:04 pm · 3 comments

What Do You Think About Fingerprint Scanners?

More and more phones are featuring fingerprint scanners, and with many promising developments and it being natively supported on Android M, we can soon expect to see them on smartphones everywhere. If done right, it is a useful feature that allows for quick unlocking and authorization. There are concerns regarding security, but nonetheless the industry seems to be embracing it with open arms. What do you think?

DISCUSS
Aamir Siddiqui · Jul 30, 2015 at 01:20 pm · no comments

What’s Next for Samsung and Its Flagships?

If we were to say that the Galaxy S6 was a leap of faith made by Samsung, we wouldn't be too wrong. After all, the device marked a definite change in how Samsung perceived the market and its own place in it, as it stood amongst the signs of decline which started with the critical reception of the Galaxy S5. To recap, the Samsung Galaxy S5 was criticized heavily for feeling more like a toy, rather than a premium flagship...

XDA NEWS
Eric Hulse · Jul 30, 2015 at 12:24 pm · 2 comments

The Ultimate Showcase of dBrand Skins

In the search for ways to protect, accessorize, and personalize; a user has many options. One could choose a case, a “skin”, “armor”, or “wraps.” In fact, the global mobile accessory market is poised to reach a high of $62 Billion in 2017. dBrand is one of the more creative and friendly vinyl skin manufacturers around. In hopes of sharing what they can offer, our friends at dBrand sent us over some skins to have a look at. They offer...

XDA NEWS