While working on my Toggle 2G app, I found that I can run an app in the CM6 system process by signing it with the CM6 cert. If you download the apk from my app thread, and install it, you will see that the app will have access to your entire phone and all permissions are listed. This is a good thing since it actually tells you that it will have all permissions.
However when I posted this app to the market, and installed it, it only showed the 1 permission! This means that anyone running a custom ROM, like CM6, with a key that is available to anyone can download an app from the market that has full access to your phone without you knowing it.
Discuss....
TheMasterBaron said:
While working on my Toggle 2G app, I found that I can run an app in the CM6 system process by signing it with the CM6 cert. If you download the apk from my app thread, and install it, you will see that the app will have access to your entire phone. This is a good thing!
However when I posted this app to the market, and installed it, it only showed the 1 permission! This means that anyone running a custom ROM, like CM6, with a key that is available to anyone can download an app that has full access to your phone without you knowing it.
Discuss....
Click to expand...
Click to collapse
Have you checked this with TeamDouche?
No, I don't think it specific to CyanogenMod. Any custom ROM signed with a cert that's publicly available could has this problem.
i don't see how that's a good thing...
that is most likely a bad thing considering they can put malicious code into your phone without you even knowing it.
mr_billionaire said:
i don't see how that's a good thing...
that is most likely a bad thing considering they can put malicious code into your phone without you even knowing it.
Click to expand...
Click to collapse
What I was saying is that it's a good thing that if you install the apk from your sd card, you are correctly warned of all the permissions the app will have access to.
It's when installing from the market that you don't get warned of all the permissions the app will have access to. That's the bad thing.
TheMasterBaron said:
What I was saying is that it's a good thing that if you install the apk from your sd card, you are correctly warned of all the permissions the app will have access to.
It's when installing from the market that you don't get warned of all the permissions the app will have access to. That's the bad thing.
Click to expand...
Click to collapse
I don´t like what your saying here...but there´s no way out (yet), right?
I think it would be up to Google to fix the Android Market app to properly list all the permissions an app will inherit instead of just listing the ones that the app has explicitly specified.
Another option is have all ROM coders add code to prevent apps from installing from the market if they share a process with system apps.
the CM team could have the cert only on the build server, it's only accessable by those we trust to build the roms, I'd be happy with that.
Any updates on this issue, as it is a security concern?
Just read the user comments. If it is malicious, people will say so. I never read the permissions anyway.
Related
ok, i have just done the v10d update and the video is much better...
Now id like to install an apk from my desktop of minidiary but it doesnt install..
Is that what rooting is for? to accept all apk's?
Sorry for the dumb question, i was a symbian s60v3 and s60v5 user..
Nope. To install apk's you just need to tell the phone to accept non-market items. Go to your phone's settings, then Applications and check the top option (should be called something like Unknown Sources, I have to translate from Dutch).
Then just copy the apk to your phome and use Polaris Office or a separate apk installer from the market to browse to the apk and install it.
Hello
I tried that and it didnt work, was not installed or something like that. I ticked it to accept non android market apps.
Its probably pirated i guess.. found it on the net. Does rooting make it accept all non-signed apps? What is root for?
Thanks
ps: does anyone know where i can download mini-diary. Great little app i saw in the galaxy s2
No, rooting gives you administrative access to some files which you normally don't have so you can customize the phone the way you like it.
The safest way to download applications is via the Market app on your phone (you can also try http://market.android.com). However if you don't want to pay for some apps then you can search google adding the ".apk" and the apk version in the search bar.
hey all,
first post, apologies if this might be in the wrong place.
i've just picked up the kobo vox, and it's awesome, but i can't figure out how to get the android market running. i've got the apk installed, but the device doesn't give me the option to add a google account. the kobo vox explicitly says it supports the android marketplace, so i'm hoping i'm doing something wrong.
thanks!
I'm in the same state. I've looked about and managed to use some of Cyanogen's packages to install a few core stuff like the framework and the market app itself, but trying to run the Market asks me to register a Google account, which always fails saying there was a connection issue. On a further reboot android.process.acore decided to crash every five seconds and I had to reset the device to factory settings.
This kinda sucks because the device is fairly solid, but the default "market" is a joke. I'm already annoyed by the fairly large amount of preinstalled apps (which can't be uninstalled, as usual), but not having proper Market access would probably be a deal killer.
Please use the Q&A Forum for questions Thanks
Moving to Q&A
What about Rooting?
I have run into the same problem. I think that before you can install the full android market we will have to Root the tablet. Has anyone tried the Gingerbreak.apk? Or is there some other way to Root the tablet?
Syncmaster700nf said:
I have run into the same problem. I think that before you can install the full android market we will have to Root the tablet. Has anyone tried the Gingerbreak.apk? Or is there some other way to Root the tablet?
Click to expand...
Click to collapse
I've tried GingerBreak on my Kobo Vox and it seems to have installed, however I'm not certain the SU access is working properly. When I try repairing permissions in ROM Manager, I get the message "An Error occured trying to run priviledged commands!". It also fails when I try to backup my ROM.
This is honestly the first Android device I've ever owned so I'm not certain that I'm doing everything correctly. I did make sure to allow SuperUser permissions to ROM Manager, but I'm still getting errors. Any help from a Veteran Android user would be appreciated.
Can't get past the Android Login
After rooting and installing Busybox I was able to install the Android Market but every time I try to login the app will not connect to the Market to confirm my ID, it seems to time out. Any Ideas on what I can try?
Turns out my inability to repair permissions was simply due to me not having busybox installed. I can attest that GingerBreak does successfully root the tablet.
I'm hoping I can find a way to install Clockwordmod recovery in order to install the google apps from CM7. I tried simply copying the files into place without success.
So, did you manage to install busybox? What version and where?
Tell me if you manage to install the recovery, the vox don't seem to have one by default.
If we manage to install all the google app and the googleframeworkservice, that would make the tablet a lot better and give the possibility to install the android market.
I was able to install busybox 4.3 /system/xbin. I do not know about a recovery mode but I did manage to put the tablet into "Safe Mode" after it do stock in a loop at bootup but I am not sure how I did it. According to user help you can not update the firmware from the SDcard.
Have you tried to install Clockwordmod?
I managed to install the googleserviceframework, but I need to install some other thing that don't want to install.
I also manage to install youtube (the real one) and it work great, I just can't sign in...
In the accounts & sync settings section, I can create a google account, but It can't communicate with the google server to set up the account, it give me the error:
"Can't establish a reliable data connection to the server."
It's probably cause by some app that I didn't manage to install yet, like "onetimeinitializer", "googlepartnersetup" and some other...
I've managed to install Busybox, but have yet been unsuccessful installing the Google Framework.
I was able to install the Clockwordmod, but I have yet to find a phone or tablet on it's list that is compatible with the Kobo Vox. I'm going to do my research to see if any phones or tablets have similar specs to the Vox and see if that will work. So far I've just been picking at random and trying it.
Try the B & N Nook Color - same CPU, Memory & screen size.
That was my first thought. Unfortunately no luck. With a couple of them I can seem to get them start loading as if they're going into an update but it always errors out. I'm now just systematically going through the list and driving every version.
If you attempt to install a version of Clockwork made for another device, you'll brick it.
Don't forget that after dropping in the files to the various system directories, you also have to set permit permissions properly.
Also, would be good to request a Kobo Vox forum here: http://forum.xda-developers.com/showthread.php?t=1301121
If anyone in this thread is actually a developer who knows how to compile and so forth, Koush has a brief guide to porting Clockwork:
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html
Manual Configuration is a must have option. Thanks
wow, pretty lame that the android market seems not to be supported despite it being touted as an official feature
on a side note, has anyone figured out how to change or remove that default dock (without rooting)? it's kind of a pain in the ass.
I've installed a couple dozen different clockwork of recoveries so far and haven't bricked it yet but maybe I should quit while I'm ahead. I'd rather not brick my shiny new Kobo.
Need Kernal Version & Build Number
I have to return my Kobo Vox because the speaker is not working. Under Privacy Settings I have done a Factory Data Reset but I am still showing the Super Icon. Does anyone have a copy of the original firmware or know how to unroot the device?
jakeopolis said:
wow, pretty lame that the android market seems not to be supported despite it being touted as an official feature
on a side note, has anyone figured out how to change or remove that default dock (without rooting)? it's kind of a pain in the ass.
Click to expand...
Click to collapse
Official marketing material says apps but doesn't say Android Market. Some media outlets misquoted and wrote Market falsely.
Sent from my Nook Color!
Syncmaster700nf said:
I have to return my Kobo Vox because the speaker is not working. Under Privacy Settings I have done a Factory Data Reset but I am still showing the Super Icon. Does anyone have a copy of the original firmware or know how to unroot the device?
Click to expand...
Click to collapse
Factory Reset just clears the data partition but doesn't reset the system partition.
Until someone properly compiles a custom recovery or finds a stock reset file, there's no safe way back.
Sent from my Nook Color!
The is an app in the market that I would like to get but it says it is incompatible with the transformer but I am 99 44/100% sure it will work.
Is there a way to fool the market place? I searched and found answers for other devices but none for the transformer.
Thanks in advance!!
DougP123
Hi
If you have another android device, like phone, download it to phone, make backup, transfer apk to TF and install. Works for me.
I have downloaded apps directly to my tf and after uninstalling them tried to get them from the market only to be listed as incompatible..think it had something to do with having a custom rom, some of them include older versions of market, some have the option to install the ics market app, while others have options to go back to the hc market app. AS poster before said, you can download on another compatible device and make a backup and just swap the apk over, but if you don't have a backup device many of the apps on the market can be found in the wild as the raw apk file, even some pay apps can be found in the wild, though i don't pirate apps because that is the sure way to kill or own market (who is going to design apps for android if they can be pirated so easily?).
Also, try to get the 'tablet market' app, that seems to have the tablet optimized versions of some apps that are hard to find via market.
stenc55 said:
Hi
If you have another android device, like phone, download it to phone, make backup, transfer apk to TF and install. Works for me.
Click to expand...
Click to collapse
After downloading to the compatbile device, how do you transfer it to the incompatible device can you explain?
cetindk said:
After downloading to the compatbile device, how do you transfer it to the incompatible device can you explain?
Click to expand...
Click to collapse
Like sent an email with attached apk to yourself and open it on the device were its needed on
batjuh said:
Like sent an email with attached apk to yourself and open it on the device were its needed on
Click to expand...
Click to collapse
Wait I dont get it. After downloading the app from Google Play, where do I find the apk for that app? And do I need a root for this?
God I hate sounding like a noob...
cetindk said:
Wait I dont get it. After downloading the app from Google Play, where do I find the apk for that app? And do I need a root for this?
God I hate sounding like a noob...
Click to expand...
Click to collapse
O didn't understand you had the apk from the market the first time. Thought you said you first downloaded it from another site then the google market.
Otherwise you need root for you transformer indeed. they are in /data/app folder
[ps] = I have downloaded apps directly to my tf and after uninstalling them tried to get them from the market only to be listed as incompatible <----this is why i thought you downloaded somewere else !!
After lots of reading through this site and others I successfully rooted and installed CM9 on my Nexus S.
How do I get Google Maps back on my phone? It's my main issue.
After flashing the ROM I immediately flashed the GAPP package. Did something go wrong that prevents me from having Google Maps as well the the Navigator program?
I am ready to try to flash the GAPP package again from Clockwork Mod Recovery.
Can I just use the "Install ROM from SD Card" option in ROM manager to install the GAPP.zip file?
If not I assume I should just boot into recovery and run the GAPP.zip file?
When I installed the ROM I was only able to do so after disabling the signature check as I kept on getting an "e-signature failed" and abortion of the install. Was I correct in moving the check?
Thank you in advance.
..
I have wiped totally clean before the installs and it just seems like Google Maps isn't in the GAPP.zip pack. Everything else is there. Are you suggesting that signature verification would prevent one program like Google Maps from being installed?
I used CWM to install the pack again and same results. Everything there except what I assume are more proprietary apps...Google Maps and the Navigation. I don't know what others Google considers proprietary.
..
Just install it from the market
Sent from my Nexus S 4G using xda premium
..
I downloaded the .zip file you used and still can't seem to find google maps in the .apk files...very strange. As I could have sworn I saw it there earlier.
Does anyone know what is happening or how I can get google maps in working order?! It almost prevented me from scoring a phone number from a good looking spanish woman tonight.
Install it from the market. All the gapps that you can download from the market are not in the zips. Earth,voice,videos, music etc.
If for reason its not in the market on your device use the web version or market enabler.
Election Day said:
That will probably not work because of the fingerprint of these alpha builds. It's not in the Market on my phone, for instance.
Click to expand...
Click to collapse
Which alpha build are you using? Maps should definitely be available in the Market.
..
If someone could direct me to a working APK that would be great.
You have to understand that I am in China, so market-wise google maps isn't available, neither is skype, neither are alot of the VPN programs etc. Or at least I assume its because I'm in China....also browser wise its pretty damn hard to track things down that aren't blocked. Haven't got around to installing a VPN but it would kick ass to get help to get a free vpn up and running too.
Nonetheless I have definitely installed the GAPP.zip file correctly after a good wipe of everything. I am pretty certain it should work since maps.google.com through the browser seems to locate me and load the map ok.
About Phone: Nexus S running 4.0.3.
Kernel version 3.0.17-Cyanogenmod-gc2b5fb4
Cyanogen Mod version 9.0.0-RC0-NS
Build number IML74K
I really appreciate the help and look forward to contributing in the future!
Is Dropbox blocked? http://db.tt/KIiPq4QQ
@jesusice Thank you and no Drop Box is not blocked. I was successfully able to download and install the map file. Everything is in proper working order as far as I can tell.
CM9 and ICS = success. It is snappy and have yet to have any issues with the system. Just my abilities!
I am thinking of starting another thread titled: "Why[Not] ICS and WHY [Not] CM9?"
MC Pono said:
@jesusice Thank you and no Drop Box is not blocked. I was successfully able to download and install the map file. Everything is in proper working order as far as I can tell.
CM9 and ICS = success. It is snappy and have yet to have any issues with the system. Just my abilities!
I am thinking of starting another thread titled: "Why[Not] ICS and WHY [Not] CM9?"
Click to expand...
Click to collapse
I hear that Market Enabler is what you need. Should allow you to make the Market think you're in a country or on a carrier that does allow the apps you want.
jesusice said:
I hear that Market Enabler is what you need. Should allow you to make the Market think you're in a country or on a carrier that does allow the apps you want.
Click to expand...
Click to collapse
How to use it??
I have tried it but nothing changed.
Sent from my Nexus S using xda premium
tankkiez said:
How to use it??
I have tried it but nothing changed.
Sent from my Nexus S using xda premium
Click to expand...
Click to collapse
You need to choose a American carrier to use American market. And of course you need root access.
Sent from my Nexus S from Tapatalk
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
gymka said:
Phone leagoo m5, fw latest official based on freemeos. Reflashed latest rom, installed only apps which i used long time without any ads and still grtting annoying full screen ad which can't be closed 10seconds. Phone rooted, but none app aaked/granted root permissions. My only though that it's caused by os itself. There are 2 weird apps: "settings"(can be deleted, but restores after some time. Not weird settinga app(definetely part of os}) shows translated name "nustatymai") other is "app store" can't even delete. Eg. In screenshot imgur dot com/a/btCfz ad appears from time to time even if none apps is opened
Click to expand...
Click to collapse
You probably used Kingroot or Kingoroot to root your device and it installed malware/adware apps your system partition. Flashing stock firmware probably doesn't wipe system during flashing instead of removing those apps and factory resetting won't work because the apps are in system and factory reset doesn't touch system, it only wipes the user partition.
If none of your apps are requesting root permission then I'd say you lost root and need to root the device again.
Try MalwareBytes app to remove those apps. If that doesn't work you need to get the device properly rooted and then look in your system/app or system/priv-app folder and delete those apps.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
From twrp, wipe system and flash some rom
Sent from this galaxy
pr1jker said:
From twrp, wipe system and flash some rom
Sent from this galaxy
Click to expand...
Click to collapse
That can work...........
But.......
Assuming there are ROMs available and assuming they want to use a ROM. But what if they don't want TWRP or a custom ROM? What if they want to stay with what they have?
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
gymka said:
Looks like adware installed by root app. "Supersu" caused problems. Kaspersky/malwarebytes and few other random AV didn't found any issues, then i searched with "dr. Web" it found 4 threats i deleted them(with twrp, dr web not offered option to delete) and no more issues. Thanks for pointing to right direction.
Click to expand...
Click to collapse
Just remember, this is typical behaviour when using Chinese rooting apps and other Chinese softwares, pretty much all of them come with unwanted extras that hide themselves in your system. China is the hacker think tank of the world, they design software to invade devices and steal personal information.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
wiped everything with all possible tools which twrp offers(even sdcard), then installed rom and twrp with sp flash tool(all tools took from xda or xda forum links) and adware still exist. searched google and it's not only mine problem a lot of people complains about same "triada" from stock firmware. found workaround and it fixed problem, but still need normal fix.
only few people complains about it... noone from xda don't use last firmware on leagoo m5?
i still not rooted phone, but adware already recreates it after each reboot antimalware apps only detects created bad app and deletes it, but none app can remove virus itself only it's consequences
workaround: create file /storage/emulated/0/.SDAndroid and chmod to 0600; and file /storage/emulated/0/.jm with same permssions. virus won't create folder with that name so he stops recreating it's files