Will Verduzco · Dec 11, 2013 at 11:30 pm

Source Code Commits in Android 4.4.2 KOT49H Reveal Flash SMS Attack Fix and App Ops Removal

Just a few hours ago, we talked about how the source code for Android 4.4.2 had made its way into the AOSP. Now, the fine folks over at FunkyAndroid have once again created an exhaustive change log detailing all of the commits made between 4.4.1 and 4.4.2.

Nexus device owners who upgraded from 4.4.1 to 4.4.2 will attest to the small size of the incremental OTA. Accordingly, only four source code commits differentiate the two versions. But never fear, as these changes are actually significant. And if you haven’t already updated, they definitely warrant a few minutes of your time.

Chief among the fixes, 4.4.2 brings a solution to the previously covered low risk Flash SMS vulnerability. Although they went about “fixing” the problem the wrong way initially, we’re glad to see a legitimate solution appear. There is also a fix for the OOBE Denial-of-Service crash after receiving 0-byte WAP push messages, as well as reduced camera logging.

In addition to the fixes, the much loved App Ops program that we covered not too long ago has been further hidden away. As such, it is no longer accessible through the previous means. This change is entirely intentional, as Google always meant to keep the program for internal debugging. As stated by Google Framework Engineer Dianne Hackborn:

 That UI is (and it should be quite clear) not an end-user UI.  It was there for development purposes.  It wasn’t intended to be available.  The architecture is used for a growing number of things, but it is not intended to be exposed as a big low-level UI of a big bunch of undifferentiated knobs you can twiddle.  For example, it is used now for the per-app notification control, for keeping track of when location was accessed in the new location UI, for some aspects of the new current SMS app control, etc.

To get started, make your way over to the FunkyAndroid KOT49E Changelog and check out those commits. The complete (and miniscule) changelog can be found in its entirety at the bottom of this post. What are your thoughts on the update to 4.4.2? Are you glad that Google finally fixed the SMS and OOBE crash bugs? Despite Dianne’s explanation, are you still a little peeved about the further hiding of App Ops? Let us know in the comments below.

[Source FunkyAndroid | Via AndroidPolice]

Full Changelog, as reported by FunkyAndroid:

Project: platform/build

986567d : “KOT49H”
d470407 : “KOT49G”
5de4753 : .1 becomes .2
a7e544d : KOT49F

 

Project: platform/frameworks/opt/telephony

567ea11 : Fix OOBE crash/DoS after receiving 0-byte WAP push.

 

Project: platform/packages/apps/Camera2

3574026 : Reduce logging of flattened Preferences

 

Project: platform/packages/apps/Mms

d00f7cd : Android denial of service attack using class 0 SMS messages

 

Project: platform/packages/apps/Settings

37f06a4 : Put fragment in specific activity’s whitelist


_________
Want something on the XDA Portal? Send us a tip!

Will Verduzco

willverduzco is an editor on XDA-Developers, the largest community for Android users. Will Verduzco is the Portal Administrator for the XDA-Developers Portal. He has been addicted to mobile technology since the HTC Wizard. But starting with the Nexus One, his gadget love affair shifted to Google's little green robot. He is also a Johns Hopkins University graduate in neuroscience and is now currently studying to become a physician. View willverduzco's posts and articles here.
Mathew Brack · May 22, 2015 at 02:30 pm · 3 comments

Introducing Voices of XDA: Have Your Ideas Heard

By far the greatest assets we have at XDA-Developers are you, the developers, the eager to learn and the bold. Everyday we see innovation and brilliant ideas across the site, from this we know that many of you have great insight in to your respective fields. That is why today, I am honored to announce a new project that will allow us to work with you directly to have your views and thoughts expressed clearer than ever. Introducing:    ...

XDA NEWS
Jimmy McGee · May 22, 2015 at 12:10 pm · 3 comments

YotaPhone 2 Pre-Order, Xperia Z1 Price Cut – XDA TV

Android Wear 5.1.1 OTA downloads are now available. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of Sony cutting the price of the Xperia Z1 and be sure to check out the article talking about the YotaPhone 2 Indiegogo pre-order. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA...

XDA NEWS
TK · May 21, 2015 at 02:15 pm · 3 comments

Device Review: No.1 X1 Rugged Smartphone

We are almost at the end of Q2 for 2015, and we have seen most of the flagship phones for the year already. While flagship phones usually offer bleeding-edge specs and are the most sought after phones, there is a huge market for non-flagship phones. Some offer value, others offer unique differentiating features. Today, we are going to look at the X1 phone by a Chinese company named N0.1. The company promises a truly rugged IP68 Certified phone. The device has a Quad...

XDA NEWS
Share This