It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.
In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:DevCon13 where he discussed “Android Security Vulnerabilites and Exploits.” There, he identified how OEMs (LG was his main example) are directly responsible for many of the vulnerabilities and exploits he finds.
The researchers at NC State found that 60% of the security issues were directly tied to changes OEMs had made to stock Android, specifically related to apps requesting more permissions than were necessary. They looked at 2 devices from each 4 different OEMs (Sony, Samsung, LG and HTC), with one running a version of Android 2.x and another running 4.x from each OEM, along with the Nexus S and Nexus 4 from Google.
Here are a few of the findings:
For the user, this should be a warning to pay attention to the permissions used when you install an app and take steps to protect yourself, like with the Xposed module XPrivacy. For OEMs, shame on you. Consumers place trust, no matter how unfounded and risky that is, on you. For you to be breaking that trust by not being responsible and open in your dealings and development is just plain careless.
The full study, presented yesterday at the ACM Conference on Computer and Communications Security in Berlin, is definitely a good read, with specific case studies done on the Samsung Galaxy S3 and LG Optimus P880.
Source: MIT Technology Review
[Thanks to XDA Elite Recognized Developer toastcfh for the tip.]
June 18, 2013 By: Samantha
There are still quite a few of folks who run Gingerbread on their devices—either because their devices have started to age a little bit, or the stability of ports of later versions is just not cutting it. However this doesn’t mean that they should be left out in the cold in terms of new functions and features, as XDA Recognized Themer and Contributor SpaceCaker has created a guide to get the Samsung Android 4.2.2 status bar and toggles on your Samsung device running Android 2.3.
SpaceCaker guides you through the necessary steps to successfully edit the .xml and .smali files within your SystemUI.apk clearly and logically, with accompanying examples of code to aid you through the way. Extra files are also needed, and these are conveniently provided by SpaceCaker in a downloadable zip file from the original post. The end result is the familiar tabbed settings and contact information in addition to the notification area with a row of quick settings lined up on the top. The settings are themed based on Samsung’s distinct lime-green UI design, although I suspect that the colors can be changed according to your own tastes with a couple simple changes of Hex values.
Third party status bar apps that essentially provide the same end result are often buggy and incompatible with earlier versions of Android. This guide offers a reliable alternative that’s also a great exercise for those who are into theming.
If you would like to give this a go, make sure to visit the original thread for more information.
May 27, 2013 By: Jimmy McGee
XDA Elite Recognized Developer Chainfire has worked around Samsung’s attempt to block rooting your phone. Therefore, new devices have been added to CF-Auto-Root. That and more are covered by Jordan, as he reviews all the important stories from this weekend. Included in this week’s news is a tutorial on testing your app with Robotium. And in related news, there is an article on how flash custom ROMs and Recovery to the Samsung Galaxy S 4.
Jordan talks about the other videos released this week on XDA Developer TV. XDA Developer TV Producer Jayce released a video on phone interview tips and tricks and he follows it up with a video on tips and tricks for a main interview. Pull up a chair and check out this video.
April 24, 2013 By: Jimmy McGee
If you’ve seen XDA Developer TV Producer Steve’s video on switching from Windows Phone to Android, you know Steve has no problem sharing his thoughts. He has been reviewing apps on the different operating systems. He has been using Samsung Devices to represent Android and Windows Phone, the Samsung Galaxy Nexus and the Samsung ATIV S, respectively.
However, his satisfaction with his Samsung devices has waned and he is switching to HTC. Steve takes the time to explain why Samsung is not the brand for him. He shares the frustration and quirks he experienced with Samsung. Check this video out.
March 3, 2013 By: Haroon Q. Raja
This year’s Mobile World Conference was different from most. There were still all the device presentations, announcements, and revelations that we’ve come to expect from the biggest tech event of the mobile industry each year. What’s different was that this time, the spotlight wasn’t taken by hardware, but rather by software—and for good reason. After all, it isn’t every day that three upcoming mobile operating systems backed by big names like Samsung, Intel, Mozilla, and Canonical are showcased at the same event. Apart from Mozilla’s Firefox OS and Canonical’s Ubuntu Touch, MWC 2013 also saw Samsung and Intel finally showcase Tizen OS running on actual hardware.
Among all contemporary mobile operating systems, Tizen OS has had perhaps the most tumultuous and complex history. First there was Nokia’s Maemo and Intel’s Moblin, before the two companies decided to combine them together into MeeGo, in collaboration with many major hardware and software partners. Then Nokia decided putting all its eggs in Windows Phone’s basket, and abandoned the platform after releasing the amazing N9 running MeeGo with Nokia’s Harmattan UI that won hearts of users and critics alike, despite not making many sales due to Nokia’s abandonment. While all this was occuring, Samsung had also decided to build an open OS of its own in order to decrease its dependence on Android, and the result was Bada. After Intel’s abandonment, the future looked bleak for MeeGo, and it indeed proved out to be so as well. The OS was shortly abandoned completely by all other supporters as well, and Tizen was born under the patronage of The Linux Foundation. Later, Samsung decided to join the picture as well, with an aim to merge Bada with Tizen.
After being in works for several years under all the different names, it was actually disappointing to see what was showcased at the MWC demo. With a conventional home screen that seemed to be nothing more than a mere grid of icons and an overall UI not too different from Android’s, Tizen seems to bring nothing new to the table that might lure users into switching to it when devices running the OS show up in the market. Granted it’s still in the making and what was demoed was essentially an early preview, it came nowhere close to what Canonical showcased in Ubuntu Touch.
The experience offered by the OS running on the demo devices was sub par at best, being laggy as well as lacking anything truly special and intuitive that’s not already out there. For an OS that has been in the making for several years by now and has major names of the industry backing it, this seems nothing short of inexplicable. One good thing was the announcement of the Tizen 2.0 Magnolia SDK being made available for developers to start working on apps for the OS. That said, there’s still a long way to go before we start seeing devices running Tizen hit the market. There have been no official time frames announced in this regard, but it is expected to be late 2013 by earliest. Also, since Bada is essentially being merged into Tizen, many are speculating whether Samsung will decide to abandon the devices running Bada, or upgrade them to the new platform in the future.
Here at XDA, we get excited about any development in the smartphone industry, especially when it’s an open-source mobile operating system aimed to offer a completely open alternative to Google’s semi-open Android ecosystem. We have also merged our Tizen and Bada forums to consolidate development for them under once roof, where you can also join several discussions about the OS.
You can learn more about Tizen and download its SDK from the Tizen website.
Another wonderful International CES has passed us by. The event was filled with many exciting displays, like the Intel Ultrabook Tree, but most important were the announcements made by many manufactures. Some announcements are still years out, embodying nothing more than an idea. Other announcements having working prototypes, while still others are in the final stages before release or have been released.
Due to the open nature of Android, at times device manufacturers make absolutely ridiculous decisions in an attempt to set their devices apart from those of the competitors. A perfect example of this is Samsung’s choice of using a proprietary QMG format for its boot animations, as opposed to the standard bootanimation.zip format used on Android by default. The QMG files need to be created using the expensive Qmage commercial software, thus effectively barring the average consumer from cooking up their own.
XDA Recognized Developer smokin1337 decided do something about it and created a hack that brings back Android’s standard bootanimation.zip support to Samsung devices. The mod was created for the Samsung Galaxy Note II, but should work on any Samsung device that uses samsungani to load up the bootanimation. The developer has also provided the Google Gears boot animation with the package, but you can choose an alternate instead.
This will add the ability to use a custom bootanimation on any rom with any kernel and probably any samsung device.
It has been tested on the Note II but should work with any samsung device that uses samsungani to load boot animations. If it doesn’t work for you please post here.
Uses the typical settings bootanimation is at /system/media/bootanimation.zip, this is for those using a stock rom or a rom the dev didn’t add it in.
As always, more information and download links can be found in the forum thread.
December 30, 2012 By: Former Writer
Android devices support a lot of external devices. From Bluetooth speakers to external hard drives, there really isn’t much you can’t hook up to an Android device anymore. However, one thing that users may have trouble with is an external microphone.
XDA Elite Recognized Developers AdamOutler and Rebellos are at it again. This time with a hardware mod that will allow better external mic support on most Samsung Galaxy devices. This includes the Galaxy Note II and the Galaxy Camera. AdamOutler explains the mod in more detail:
Elite Recognized Developer Rebellos searched the code, and we figured out that the device wouldn’t recognize my mic because its Ohms are too low. The WolfsonMicro chip uses any value below 1000 Ohms to signify button presses. Above 1000 Ohms, it signifies a microphone. My microphone is a 900 Ohm microphone, so in all actuality, it’s pretty high considering most are around 100-500 Ohms. However, Rebellos and I managed to hack through it. I wanted to share this method.
The result is a hardware mod that allows the use of larger external microphones. There are a few things to note. As Adam stated, in order to be detected, the mic must offer 1000 Ohms of resistance. If it doesn’t, then the device won’t register it as a microphone, but rather, as a button press. Since most of us don’t want to buy an entirely new microphone, a tempting solution is to create an adapter to enable the one you already have to work on the device.
According to Adam, you’ll be building a, “Samsung 4-pole to 1/4″ Mic adapter with a 200 Ohm resistor inline.” The process itself isn’t overly difficult, and for frequent hardware modders, it should be a walk in the park. Since you’re not soldering anything onto your device, you most likely aren’t putting it in direct jeopardy. Just be careful not to burn yourself with that soldering iron.
If this looks like something worth trying, head over to the original thread.
December 17, 2012 By: jerdog
We recently told you about the Exynos4 security hole found by XDA Member alephzain. This is a security hole in the kernel that allows malicious code full access to all physical memory. XDA Elite Recognized Developer Chainfire would have none of it, and not only pointed out the security hole by creating an app that roots your device without ODIN, but also provided a way to plug it.
His application, aptly named ExynosAbuse APK, gains root privileges via the ExynosAbuse exploit and installs SuperSU. In addition, in version v1.10, it allows you to disable the exploit at boot. The downside of disabling the exploit is that your camera may break. However, this is not so bad considering how your device can no longer be compromised by this exploit. Lesser of two evils, right? If you absolutely must have your camera, the application allows you to re-enable the exploit.
Unlike the other app-based patches out there, Chainfire’s solution to patch on boot runs before any normal Android apps perform their launch after boot code, thus preventing that attack vector as well. One thing Chainfire points out is that the protections included in his APK are just workarounds, rather than actual fixes. For that, we’ll have to rely on our talented developers in the XDA Developer community or Samsung. (Do I hear crickets chirping?)
For more details on the exploit, you can head over to alephzain’s exploit thread or Chainfire’s application thread. When visiting the latter, be sure to help Chainfire test various Samsung devices by stating your device, its firmware, and whether the application and fix worked.
December 5, 2012 By: Jimmy McGee
Today on XDA Developer TV, XDA Recognized Developer and XDA Developer TV first timer Benjamin Dobell gives us a tutorial on USB logging. Dobell is responsbile for Heimdall. Heimdall is an open source cross platform flashing utility much like Odin, but better. Heimdall lets you flash ROMs on Samsung devices, only Heimdall runs on Windows, Linux, and OS X.
In today’s video, Dobell introduces himself and his Heimdall suite. He then he shows you how to log the USB connection of a flash download on your Galaxy device. Dobell explains that if you log a USB connection during a Kies firmware flash and send the resulting file to him, he may be able to reverse engineer the log and get your device working in Heimdall. So check out this video and help out the community.
November 18, 2012 By: Conan Troutman
“Why not upset the Apple cart? If you don’t, the apples will rot anyway.” – Frank A. Clarke
The news that Apple and HTC had decided to settle their differences outside of the courtroom in favor of a licensing agreement came as shock to many, not the least of whom was Samsung. Not only are they somewhat surprised at this turn of events, but they are also very, very curious—so curious in fact, that they’ve asked the courts to force Apple to reveal the details of the agreement in the hope that it can help them in their continuing struggle against “the fruit company.”
As Samsung knows that two of the patents the courts previously ruled had been infringed upon were also being used against HTC, they are understandably curious to know whether these are covered by the agreement between HTC and Apple. If so, it could certainly work in their favor, as they attempt to fight a permanent US sales ban on some devices. As the two companies are scheduled to meet on December 6th to discuss the issue, Samsung will no doubt want to have all the facts available.
You may ask why this would have any effect on whether Apple can acquire a sales ban. However, it’s simple. Apple previously stated Samsung’s behavior caused them “irreparable harm,” and monetary compensation was not sufficient. However, Samsung’s line of thinking is that if these patents have been licensed to HTC, that’s not the case. When you also consider the billion dollar judgement against Samsung, it might be likely that things do not go quite so smoothly for Apple in their quest for a flat out sales ban.
This of course is all dependent on a great deal of things—mainly whether or not the two “infringed” patents that connect Samsung and HTC are contained in the recent agreement. It remains to be seen how this will pan out. Stay tuned.
Well, it’s been a long time coming. But after a whole load of nay-saying, conjecture, and incessant optimism, Samsung Galaxy S II owners can finally grab hold of a leaked Samsung test build of Android 4.1.
Although Jelly Bean has been available for the Galaxy S II for some time now, there’s been no sign of a version from Samsung. But thanks to XDA Forum Member izap, build XXLSJ based on Android 4.1.2 is now available to download. The build features the latest version of TouchWiz known as Nature UX, which will give your Galaxy S II something of an S III look and feel. And to quote one user - “It’s freaking smoooooooooooth…”
So far the general feedback seems to be quite positive, and it looks like the i9100 is handling the transition to an official version of Jellybean quite well. You’ll need to be familiar with Odin to flash this latest build, as there’s currently no flashable .zip available. If you’re not familiar with Odin, I’d strongly suggest you read up first to save yourself from running into trouble further down the line.
If you want to take this build for a spin, check out the original forum thread for the details and those all important download links.
November 15, 2012 By: Jimmy McGee
The story of the Samsung Galaxy Note II is an interesting one. When the first Samsung Galaxy Note came out, many people panned it, saying it was too large to be a usable phone and too small to be a usable tablet. The sales must have been good enough because Samsung has released the Galaxy Note II, and it’s bigger than before. So we got our hands on one, and we took it for a test drive.
This is the second part of a two part review series by XDA Developer TV Producer TK. You can catch his full write up here. This part covers an overview of the phone’s power, camera, and the coveted S-Pen. So check out this Review of the Samsung Galaxy Note II.