April 19, 2014 By: Will Verduzco
You may recall that we’ve talked about XDA Recognized Contributor ricky310711‘s Samsung Tool a couple of times throughout the app’s lifespan. For those who don’t remember the name, this simple tool allows users to perform several simple but handy tasks such as backing up and restoring EFS, hot rebooting for a quick refresh, and full rebooting to recovery, download mode, or the Android OS.
Now, Samsung Tool has received a rather significant update to version 5. Chief among the new features is universal support for any Samsung device, as long as BusyBox is installed thanks to its new automatic block detection. In addition, v5 also brings md5sum checking for backups and restores for better flashing safety, improved logging, and an improved device properties menu. There is also native support for three new devices, which can be used without BusyBox.
To get started, simply head over to the original thread and store your EFS safe and sound.
April 17, 2014 By: Tomek Kondrat
Android is the only popular mobile operating system that allows users, developers, and OEMs to implement dramatic modifications to its user interface. Some OEMs such as Samsung, LG, and Sony release their devices with highly modified custom software, which differs greatly from Google’s version of Android that is seen in Nexus and GPe devices.
One of the aspects that is often changed in OEM skins is the lock screen. Almost every OEM has its own unique style of lock screen. But what to do when you want to have a bit of the AOSP taste in your device without fully switching to an AOSP-based ROM? If you have an ICS-powered Samsung device, the answer is simple: Read a guide written by XDA Recognized Contributor Mohitash that shows you how to change the lock screen on Ice Cream Sandwich-based Samsung devices like the Galaxy S Duos or Captivate Glide.
The guide begins by using the well known APKTool to decompile SecSettings.apk and android.policy.jar. Then, you perform some smali editing, recompile, and send the modified files back to the device. The method is thoroughly described, so you shouldn’t have much trouble adding it to your stock or stock-based TouchWiz ROM.
If you still own an older Ice Cream Sandwich-powered Samsung device and want to make it to look a bit more like a Nexus phone, head over to the guide thread and give the described method a try.
Playing with custom ROMs and kernels is fun, but sometimes a phone needs to be restored to its stock, vanilla state. With Google Nexus devices, this is extremely easy, as no additional tool other than fastboot is needed. With Sasmung, Sony, and other devices, the situation becomes more complicated and some guidance might be required.
To restore Samsung device, you can pursue two methods: Odin and Kies. You can find plenty of guides on how to use Odin, but using Kies may require some explanation. With a guide written by XDA Forum Member SadEff, you will learn how to fully restore your device with Kies.
The guide also shows you how to unroot your phone and fix various issues that may be encountered. SadEff carefully describes every step of the process, and includes various photos to make the process easy for even total newcomers. After the process is complete, your phone will look it’s straight from the factory—or at least it’s software will. The process can be applied to every Samsung device with firmware newer than Android 4.1 Jelly Bean.
To get started learning more about Kies, make your way to the guide thread. You can find all necessary information there.
March 13, 2014 By: Will Verduzco
Earlier today, we talked about how the Replicant team found a potential backdoor in Samsung’s proprietary radio software. As demonstrated in a proof-of-concept attack, this allowed certain baseband code to gain access to a device’s storage under a specific set of circumstances. But upon closer inspection, this backdoor is most likely not as bad as it was initially made out to be.
A few hours after posting our previous article on the alleged backdoor, a highly respected security expert who wishes to remain anonymous approached us, stating that the way in which the proof-of-concept attack was framed by the Replicant team was a bit misleading. Essentially, it boils down to the POC requiring a modified firmware with with security features disabled. Thus, if a user is running an updated version of the official firmware, this attack will not work. To that end, the Replicant team even states in their write-up that SELinux would considerably restrict the potential files that the modem can access, such as those on the /sdcard partition.
Now, another highly trusted security researcher (XDA Recognized Developer djrbliss) has gone on record with Ars, stating that there’s “virtually no evidence” that this is indeed a true backdoor, although his reasons are a bit different. There is absolutely no indication at this time that the baseband file access can be controlled remotely. Rather, this is only a “possibility,” since the baseband software is proprietary. Instead, it’s far more likely that this was only ever intended to write radio diagnostic files to the /efs/root directory, as that is is the radio user’s home directory.
In summary, we shouldn’t rush to replace our Samsung phones just yet. There is absolutely no evidence to state that this can be controlled remotely. And even if it were possible, using SELinux, which is set to Enforcing in stock firmware, would restrict the radio user’s access.
March 13, 2014 By: Will Verduzco
You may recall that about five months ago, we touched upon a study demonstrating how OEM modifications are the primary cause for most “Android” security issues. Unfortunately, we offer yet another example of OEM-caused security issues—but this time, it’s not because of an OEM skin or bloatware. Rather, this is a potential vulnerability at a far deeper level: proprietary modem software.
The OEM in question is none other than Samsung, the Android ecosystem’s largest and most successful device manufacturer, and the backdoor itself comes as proprietary radio software. This software is responsible for communicating with the modem hardware, and is capable of implementing RFS commands. These RFS commands are then able to perform I/O operations on the device’s storage.
No big deal, right? I’ll just load CyanogenMod and be done with it. Wrong.
Since the cause is a proprietary radio software, changing to an aftermarket ROM will not solve anything, so long as the ROM uses Samsung’s proprietary blobs. In fact, the Replicant team used Galaxy Note II and Galaxy S III devices running CM10.1 to demonstrate how this was ROM-agnostic.
Currently the list of known affected devices includes the Galaxy S, Galaxy S II, Galaxy Note, Galaxy Tab 2, Galaxy S III, and Galaxy Note II, but it’s highly likely that many other Samsung devices are vulnerable. Furthermore, this also seems to affect the Samsung-built Google Nexus S and Galaxy Nexus, as this is a back door at the radio software level, rather than as a part of an OEM skin. Whatsmore, on certain devices, this incriminated process runs as root.
While it is entirely possible that there is a legitimate reason for this backdoor, it’s hard to envision a scenario where one would be necessary. As such, it would be great to hear Samsung’s official statement on the matter. Until then, perhaps it would be a good idea to look into fully open source projects like Replicant, or at the very least, building an aftermarket kernel capable of blocking (and logging) RFS command requests.
You can learn more by heading over to the source link below.
March 6, 2014 By: Tomek Kondrat
Aside from being a famous god in Norse mythology, Odin is the name of an application used to flash Samsung firmware onto Galaxy phones and tablets. With this tool, you are able to revert your phone or tablet to vanilla state, and you can also root it using CF-Root or by changing the kernel without recovery.
Creating Odin- or Heimdall-compatible packages from scratch is not easy. But this isn’t challenging anymore, as XDA Senior Member hnkotnis wrote a simple guide that explains how to create an Odin-compatible firmware in just a few steps. To crate said firmware, you need a Linux machine or VirtualBox with Ubuntu or another Linux distribution mounted as the operating system.
Hnkotnis presents three situations for creating said packages. The first is RSF format with simg2img support, the second is an image with EXT4 format, and the last is RFS firmware incompatible with simg2img. Making a compatible image requires a few files and UNIX commands, which thankfully are described in detail in the thread.
If you own a Galaxy device and want to make your own pre-rooted firmware, head over to the original thread to learn more.
February 26, 2014 By: Jimmy McGee
Mobile World Congress is happening right now. Chances are your FaceGramTwitterBook Plus feeds are being spammed with all the exciting announcements—everything from Sony’s new devices to Samsung and HTC, and that’s not all! There’s a good chance you missed something or have Kelly Bundyed it. That’s when you hear too much stuff and you loose the older information as it falls right out of your brain.
There is no need to fear because XDA Developer TV Producer Extraordinaire Jordan has scoured the web, RSS feeds, Social Media feeds, YouTube, and a Taco Bell Breakfast menu to compile all the information you need to know about what has been announced at this year’s Mobile world Congress. So, pull up a chair and check out this video.
February 21, 2014 By: Jimmy McGee
Android 4.4.2 KitKat for the Samsung Galaxy S 4 has been leaked! That and much more news is covered by Jordan, as he reviews all the important stories from this week. Included in this week’s news is the announcement that Samsung devices are getting unified CyanogenMod 11 builds. Google Project Tango has also been made public, and this project promises Kinect-like abilites for smartphones! That’s not all that’s covered in today’s video!
Jordan talks about the other videos released this week on XDA Developer TV. XDA Developer TV Producer TK released an Xposed Tuesday video for Physical Button Music Control, then he reviewed the Lepow U-Stone 12000 mAh Power Bank, and he gave us an Android App Review of OmniSnitch. Pull up a chair and check out this video.
February 18, 2014 By: Will Verduzco
Before today, Samsung has been very cautious in tempering expectations regarding official Android 4.4 KitKat updates for its recent devices. While certain phones have already received the 4.4.2 goods, much of the rest of the company’s lineup is still in Jelly Bean limbo. We’ve seen leaks fly around left and right for the Galaxy S 4, but official word regarding KitKat for the device has been lacking. And since this is just for their latest and greatest, the future didn’t look so hot for Samsung’s older devices.
Some time ago, we saw a leaked internal memo pointing to a potential KitKat release schedule for various devices. Now, however, Samsung has broken the silence by stating which devices will receive official updates to Android 4.4.2 KitKat. Unfortunately, they aren’t stating when, though.
Samsung Galaxy U.S. devices currently scheduled to receive the KitKat update include select carrier variants of the Galaxy Note® 3, Galaxy Note® II, Galaxy S® 4, Galaxy S® 4 mini™, Galaxy S® 4 Active™, Galaxy S® 4 zoom™, Galaxy S® III, Galaxy S® III mini™, Galaxy Mega®, Galaxy Light, Galaxy Note® 8.0, Galaxy Tab® 3, Galaxy Note® 10.1, Galaxy Note® 10.1 2014 Edition.
In addition to the Android version bump, the update will also pack the following additional features:
- Location Menu: An integrated location menu enables users to easily activate GPS, Wi-Fi and mobile networks, while simultaneously checking the battery usage of apps running location service capabilities.
- Enhanced Messaging: Enables users to choose between Messages or Hangouts as their preferred default messaging application, and select from a larger assortment of updated Emoji icons.
- Upgraded Google Mobile Service™ (GMS) apps: Users can automatically back up photos and video and can open, view, rename and share Google Docs and files.
While the update news is a few months later than we would have liked, it’s nice to see that older devices like the Note II, S III, and Note 10.1 will get to enjoy the KitKat goods in official capacity. However, the presence of the word “select” when talking about which carrier-branded devices leaves us more than a bit skeptical about certain US-based carriers with less than stellar track records. Furthermore, we’d still like to know when exactly Samsung plans on delivering the goods!
January 31, 2014 By: Jimmy McGee
Android 4.4.2,for the AT&T Galaxy S4 and Note 3 has been leaked! That and much more news is covered by Jordan, as he reviews all the important stories from this week. Included in this week’s news is the announcement that the Sony Xperia Z1 received a maintenance release and the HTC One KitKat release for the US carrier versions has been delayed! That’s not all that’s covered in today’s video!
Jordan talks about the other videos released this week on XDA Developer TV. XDA Developer TV Producer TK released an Xposed Tuesday video for HKThemeManager, Jordan reviewed the RAVPower RP-WD01, and TK gave us an Android App Review of ZDLock. Pull up a chair and check out this video.
January 12, 2014 By: Jimmy McGee
The spectacle that is the International CES show has come to an end for yet another year. While there are bound to be more Android announcements at the upcoming Mobile World Congress, there are still some things announced this week to look forward to—and some things that were announced that you won’t look forward to.
Let’s start with the unexciting. The mobile device manufacturer with a name that is not pronounced how it is spelled, Huawei, released an updated version of the Ascend Mate phone. Adding in 4G LTE connectivity, the creatively named follow-up, Ascend Mate 2 4G sits squarely in the middle of the road. With a Mediatek chip running four cores and sporting a 6.1” 720p screen, this device won’t be making the list of juggernaut phones for 2014. As a favor to you, we got hands on with the device to show you what you won’t be missing.
To follow in this pattern, let’s talk about the LG G Flex. While the G Flex has been announced and available internationally for a while now, LG announced US carrier versions. As the name implies, this device is flexible and sports a curved design. This devices still disappointingly rocks Android 4.2.2 Jelly Bean, and is really nothing more than a bent LG G2. However, we can’t blame LG, as they were not the only ones who think the future of consumer electronics is bending your old products.
To be honest, we are a little disappointed by this company’s announcements. Sony has made some great devices, and unfortunately they are content with just making some small tweaks. This year they released a duo of phones: the Xperia Z1S and the shrunken Z1 Compact. If you shorten the name, you could call it the Z1C—though Sony won’t call it that, and you have a familiar naming convention. Not only is the naming convention similar, so is the approach to product design: Take an existing device and tweak it. The Z1S is Sony’s attempt at capturing some of the delicious US market share. The device will only be available with T-Mobile. The Z1S is basically a Z1 made of plastic with pre-installed Sony apps, like the PlayStation app. The Z1 Compact is the Z1 only smaller. And since it also features a 720p resolution on its smaller screen, the screen density goes down. Some say the screen is better than the bigger brothers, but that’s in the eye of the beholder. If you want to know more about Sony’s devices check out our video.
Sony is not the only one to announce a hardware “refresh.” Android device powerhouse Samsung released newer versions of the Samsung Galaxy Camera, a new big Note, and a trio of new Galaxy Tabs. The tablet updates are all Pros: The Note Pro 12.2, the Galaxy Tab Pro 12.2, 10.1 and 8.4. These tablets introduce a new navigation idea called Magazine UI, which reminds us of Windows Phone live tiles. There was a lot of information about these devices. And since a picture is worth a thousand words, check out our video to learn even more.
Perhaps the most exciting announcement of CES 2014 turned out not to be a device at all, but rather a mobile chipset. Nvidia announced their new 192-core Tegra K1 chip. This Tegra chip features the same architecture as Nvidia’s desktop GPUs, while sipping only 5 watts. This allows for some tremendous eye candy. To check out some of that eye candy, check out the video.
A big thing this year was the so called wrist revolution. There were many smartwatches at this year’s event. From the LG LifeBand Touch, which is a better fitness tracking device than smartwatch, to the stylish new MetaWatch and huge Neptune Pine; smartwatches might be the next big thing. Our favorite from this year is possibly the svelte all-in-one smartwatch, the Omate TrueSmart. Check out our videos to learn more about the different type of smartwatches.
Video Courtesy of Twildottv
Video Courtesy of Twildottv
Video Courtesy of Twildottv
Another CES has come and gone. And while there was some news of impending mobile devices, nothing really stands out and the must have device of this year. However, don’t think that means there will be no good smartphone releases this year. You will just have to wait for them. They may be announced at Mobile World Congress or some other event. We wait eagerly for the next must have device to be announced, so save your money, and join us. Just don’t hold your breath.
January 11, 2014 By: Jimmy McGee
Samsung was at this year’s CES in a BIG way! They have advertisements on just about any of the many shuttle buses circling the Las Vegas Convention Center, they had ads all over the Convention Center itself, and that got the location into trouble, as the ads announced their releases before the actual press event. At the press event, Samsung announced a new Samsung Note Pro 12.2, three new Galaxy Tab Pros—coming in the sizes of 8.4, 10.1, and 12.2 inches—and the Samsung Galaxy Camera 2.
XDA Developer TV Producer Jordan was on site and got a chance to get his hands on the Note PRO 12.2, the Galaxy Tab PRO trio, and the Galaxy Camera 2. Jordan sat down and talked with the folks at Samsung. In this video, he shares what he learned and shows off the Note PRO 12.2, the Galaxy Tab PRO 10.1 trio, and the Galaxy Camera 2. Check out this video to see what the newest Samsung looks like.
January 10, 2014 By: Will Verduzco
About a month ago, we talked about a recent study (PDF) stating that most security vulnerabilities on Android are ultimately due to OEM customizations. And surprise, surprise—this can even happen on devices with technologies designed to protect users.
Late last month, security researchers at Israel’s Ben-Gurion University of the Negev discovered a security vulnerability that allowed a user-installed application to intercept unencrypted network traffic. Rather than describing this as a flaw or bug, Samsung labels the vulnerability a classic Man in the Middle (MitM) attack, which could be launched at any point on the network.
Samsung was also quick to state that this type of attack can be thwarted using existing KNOX technology (or the device-wide VPN support in stock Android):
Android development practices encourage that this be done by each application using SSL/TLS. Where that’s not possible (for example, to support standards-based unencrypted protocols, such as HTTP), Android provides built-in VPN and support for third-party VPN solutions to protect data. Use of either of those standard security technologies would have prevented an attack based on a user-installed local application.
KNOX offers additional protections against MitM attacks. Below is a more detailed description of the mechanisms that can be configured on Samsung KNOX devices to protect against them:
1. Mobile Device Management — MDM is a feature that ensures that a device containing sensitive information is set up correctly according to an enterprise-specified policy and is available in the standard Android platform. KNOX enhances the platform by adding many additional policy settings, including the ability to lock down security-sensitive device settings. With an MDM configured device, when the attack tries to change these settings, the MDM agent running on the device would have blocked them. In that case, the exploit would not have worked.
2. Per-App VPN — The per-app VPN feature of KNOX allows traffic only from a designated and secured application to be sent through the VPN tunnel. This feature can be selectively applied to applications in containers, allowing fine-grained control over the tradeoff between communication overhead and security.
3. FIPS 140-2 — KNOX implements a FIPS 140-2 Level 1 certified VPN client, a NIST standard for data-in-transit protection along with NSA suite B cryptography. The FIPS 140-2 standard applies to all federal agencies that use cryptographically strong security systems to protect sensitive information in computer and telecommunication systems. Many enterprises today deploy this cryptographically strong VPN support to protect against data-in-transit attacks.
Now before we start bashing Samsung’s KNOX technology more than necessary, let’s remember that these kinds of attacks can affect non-KNOX devices as well. Furthermore, sending personal data in unencrypted form is simply asking for trouble. If anything, this should serve as a reminder to use encrypted transfers and connections whenever possible and to be wary about where we store and input our data.