TaintDroid source code released - Android Software/Hacking General [Developers Only]

Hi everyone,
I apologize if if this is not the appropriate place to post this info, but I thought it would be of interest to some people here. You may have seen stories in the news recently about the privacy-monitoring extension for Android called TaintDroid that was developed by researchers at Penn State, Intel Labs, and Duke University. An excellent summary can be found on Ars Technica.
The reason I'm posting to this forum is that we are proud to have made our source code available last night. If you want to play around with the code, you can find it at the TaintDroid website (search "taintdroid appanalysis"). Along with links to the source code, you will find instructions for getting the code up and running on a Nexus One. We have also set up a Google Group for users who want to discuss anything related to the project.
Our only caveats are that we are merely researchers so 1) you use the code at your own risk, and 2) we do not have the resources to offer proper support. We hope that by releasing the code to the public a self-sustaining community of interested users will form.
We hope that you find our code interesting and useful. Happy hacking!
-landon

Thanks for releasing the code. Look forward to using it on an incredible rom soon.
http://appanalysis.org/tdro1d.html
I'm assuming that's the link. Couple of questions.
1.I see it's on 2.1 rom, does it work with 2.2? Especially as it uses the 2.6.32 kernel.
2.Since the Desire is basically a Nexus One with sense, has it been tested on that platform or with sense?

Thanks for releasing the source and instructions!
This is what Android needs, as Google is not taking good care of the privacy of it's users.
It's impossible to install apps now, because most of them want really wide rights, but you have no idea what they do with those rights.
TaintDroid at least gives a possibility to peek into what is being leaked.
Soon some of the app makers will start to encrypt their calls to try and and mask what they are leaking. If/when this happens, it should be a warning sign to users about that particular app.

Related

Quick Update From Cyanogen

I’ve been working on getting my source trees on Github in shape so that anyone can build a basic CyanogenMod system. Some small parts still need added but things are looking good there.
I’m also continuing to examine the backup/restore option for the proprietary bits necessary to operate your device, so I can simply ship open-source code only. I believe this is well within the license and the spirit of the ADP1 and ION devices.
A lot of people are helping to work many of these issues out, notably the guys from Google (Dan and JBQ) who manage the open-source project. Some great discussion and initiatives are happening like the Open Android Alliance and the Replicant projects. As much as it sucks to be sort of the “fall guy” for this, I can take it. Let’s fix the problems and move on.
Expect more from me by the weekend!
http://www.cyanogenmod.com/home/just-a-quick-update
keep it running! =)
That's Greeeeat!
I take my hat off to you sir!.
Excellent News...
it's nice to get updates, but i'm sure most of us are smart enough to visit the site directly for his updates or check his twitter.
no need to open new threads for this. -.-
thats the way more donating to you

An application challenge for an altrustic purpose!

Hi.
I am using an HTC HD2.
So here's the challenge - or maybe not!
These guys (communicationautism.com) released PixTalk (see there download section), a WM application for children with Autism to allow them to communicate. The dark side (aka IPhone) have released a commercial application called Grace which achieves the same thing.
PixTalk is Open Source and the licence allows modification and redistribution.
The issue is this: I have been advised that it will not run on 800x420 screens (which is the HTC HD2). I get the following script:
ArgumentOutOfRangeException at System .IO.FileStream_Position(Int64value)
at Pixtalk>Form1.ctor()
at Pixtalk.Program.Main()
I am running it on an HTC HD2 1024Mhz with 800x480 display.
OS version is 5.2.23554.
I am running Microsoft .NET CF 3.5 (which is built into a customized ROM).
One thing I guarantee - I will be donating to the first person who can assist me as I have a 4 year old with Autism and I don't want to buy an IPhone!
Thanks in advance
Andrew
i'm sorry i'm not a developer, otherwise i would help you surely to make the app work, without any donation of course, the biggest one is the opportunity to can help your son.
bye!
ajt320 said:
ArgumentOutOfRangeException at System .IO.FileStream_Position(Int64value)
at Pixtalk>Form1.ctor()
at Pixtalk.Program.Main()
Click to expand...
Click to collapse
Doesn't sound like a screen related error, sounds more like you have a file that its trying to open and it's either missing or corrupt. You say it's open source, but I don't see the source available on their site ... do you have it or can point me to it? If so I'd be happy to take a peek.
-Chuck
I only have the CAB file and associated images at this stage. I have requested the program co-ordinator for the code and will get back to you as soon as I have it.
EDIT: Sorry it is not a CAB but an EXE.
The licence reads:
PixTalk is a software application for Windows Mobile 6 that allows people to communicate using icons. PixTalk has been funded by a grant from Microsoft Research.
Copyright (C)
Old Dominion University, Norfolk, VA, USA Claremont Graduate University, Claremont, CA, USA
This program is free software: you can redistribute it and/or modify it under the terms of the BSD License as published by the Open Source Initiative.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the Open Source Initiative OSI - The BSD License: Licensing
for more details opensource.org/licenses/bsd-license.php
Although I've never developed for compact .net, if you will be able to obtain the source, I'll do my best to help.
My uncle has Autism, Just wanted to thank you for putting this up!
Much respect!
I would donate to help If i wasnt so broke with 11 month old son..
Best of luck in your development!
I'll happily look at this once the source is available.
No donations required - I'm just a sucker for a good cause.
ajt320 said:
ArgumentOutOfRangeException at System .IO.FileStream_Position(Int64value)
Click to expand...
Click to collapse
it seems that the app tries to read data from a position in the file which is beyond the filesize.
e.g.
the file being read has a size of 2.000 bytes, and the app tries to read from position 2.500.
hebbe said:
it seems that the app tries to read data from a position in the file which is beyond the filesize.
e.g.
the file being read has a size of 2.000 bytes, and the app tries to read from position 2.500.
Click to expand...
Click to collapse
Or trying to read from a file that doesn't exist, and is being created by the stream object (whatever type of stream it actually is). It's pretty much guesswork until we see the source code.
Thanks
Thanks everyone for your great support.
The source code is on its way!
I just have to agree that the fix or updated version will be available to communicationautism.com for public download off their site.
The developer has said full credit will be attributable to those of you involved in the fix. I am hoping that will be some good cudos for you guys and gals!
ajt320 said:
Thanks everyone for your great support.
The source code is on its way!
I just have to agree that the fix or updated version will be available to communicationautism.com for public download off their site.
The developer has said full credit will be attributable to those of you involved in the fix. I am hoping that will be some good cudos for you guys and gals!
Click to expand...
Click to collapse
Nice one mate. It'll be like a busman's holiday
Source Code
Here is the source code for Pix Talk.
Please read the earlier posts for the condition attached to further development and also what the problem is all about.
rapidshare.com/files/381341025/pixtalk.zip
Please feel free to PM me with any questions or requests for other information.
To give you some idea of the IPhone applications check out: //blog.steventroughtonsmith.com/2010/03/grace-picture-exchange-for-non-verbal.html#comments
Thanks in advance to all who contribute to this extremely beneficial application. I will ensure that your names are revered far and wide!!!!!
Still Going
Hi all.
johncmolyneux is on board and it would be good to get some other members involved - good for the developers and good for XDA as this is truly a worthwhile application.
HELP
OK.
John M is unfortunately unable to assist.
Is there anyone else who may be interested?
Can you please re-upload the source code because it is no longer available for download.
Good Luck
Hope someone can help you with the app
Source Code
Hi.
Here is the code:
http://rapidshare.com/files/412861773/pixtalk.zip
Let me know if you need any assistance in any way whatsoever and I will see if I can oblige.
Thanks for your interest!
Please check your PM's. I have uploaded an initial working version for you to test.
Once any problems are fixed I will provide a public download link as well as a link to the source.
Thanks
Thanks a bunch!
Have downloaded and will test first thing in the morning.
Mate I appreciate the time you have put into it so far!
Greetz
Where can I find this updated version
Hi,
I just downloaded the app from the site, and seem to have similar issues. This is for my autistic son. I found this thread. Can I get the updated app - also for the HD2. I do have dev experience too, so if the source code is available, and the problem is not fixed, I can look at help at fixing it too.

Opinions about open source

Hi,
I am accustomed to the habits of the Linux community. There, if you have created an app, the first thing you do is to provide a g'zipped archive file containing all source code, a README file, and a manual. Then you announce it in forums, get response and comments about your code. Everybody happy.
In the Android (and possibly other xda) communities the source code seems to be "top secret". There are many free apps but very few open source projects. Why is this? Why has every developer to reinvent the wheel?
As you might guess, I created an open source project. This is an audio app for Android tablets, it's a software instrument, and I was unable to announce it here because I have less then 10 posts. Please google for "One-Hand-Synth".
wboe

Paid APK Hacking... specifically Escort Live

Hi Everyone, long time reader, modder, flasher, 0 time poster:.
I just wanted to get a gauge on the community's attitude towards hacking a paid application. Not for the intent of making it free, but for the intent of making it work!
You see, There's an app out there called "Escort Live!". Don't get me wrong, it's a great app as it integrates with your radar detector and laser jammers while driving... but it's rife with issues that the company just hasn't been able to address... see the following forum for more information on that:
I can't outside link yet due to the post count, but you can find all of the issues on escort live! for android's forums. I'm sure you can google them.
So... I made a post to try and help the community out by decompiling the 2.04apk hosted on their site... not even their latest version... with Virtuous 10 Studios, and Informed the community of the Sloppy Dev work, and that I would try to fix the issues with our specific phones (Motorola based).
2 days after that post was made...
I get permanently banned. no reason given.
They then pulled the old .apk's off of their site, so I've conveniently uploaded it to mega upload so everyone can see the crappy dev work for themselves... again... can't post links yet, but if someone with a post count pms me I'll send it to them.
I don't have enough of a post count to make a dev project out of this yet either, but as soon as I do then I'll post the progress on of the project on github.
If anyone would like to join in the effort to give PAYING CUSTOMERS a functioning apk to use with their phones... volunteers are more than welcome, especially those with java / xml experience.
I have a wordpress site that I can't link here, but it's my first name Philip Last Name Cabibi at wordpress if you're interested in tracking the issue with the full links.
market link
From a technical standpoint the app is free (with premium subscription options) and I can only assume there's some sort of verification process for that subscription so as long as that's kept in I would think this is certainly acceptable though I'm not sure what your post actually said
did find this though (basically just talks about it and then links here and the blog) relevant post on his blog is here
@ University of Pi...
You are correct... It's a free app; however, in order to all the app to connect with your escort compatible radar detector, one must purchase a separate cord, and pay for a yearly subscription of about 79.95.
Full disclosure: the management at escort has been nothing but professional, and have extended the subscription of the beta testers for another year as a result of all the bugs.
The problem though is the lack of updates. Alot of us have invested alot of money into the app. Cost of Radar detector, Cost of the special chord, plus the cost of the subscription. New users, unfortunately, don't get the benifit of the extended subscription.
The point is... is that users of certain phones, paid for a product, and the product isn't functioning correctly. The reasons for this are the sub-standard programming of the devs. No notation on the methods in the smali files, poorly designed xml arrays, cryptic variable definitions, etc.
Personally, I feel as if the management have no control over the fixing of the problems, and are handcuffed, because the initial developer purposefully made the program extremely difficult for a new developer to come in and fix the issues, as a result of the poor structure of the program itself.
Anyway, glad to see you found those links... Thank you... didn't know that another thread was made requesting information about what happened to the original thread (they are correct, I in no way posted the entire source code of the program on their site) What I did was point out the flaws, and logcat results that tell a completely different story regarding the root issues effecting motorola devices than what the devs have told management, and as a result, what management has in turn relayed to the users.
Unfortunately, I can't follow up in the forum as I am permanently banned, but I, and many others, really just want the program to work correctly. It's an excellent concept and it's a shame that Escort is resorting to these types of tactics in an attempt to prevent the open source community from improving their product.
I'm sure even with the improvements, a subscription fee would still be required; however, the original concept of the OP was to convey the fact that it's possible for the open source community to bypass the "premium features".
I don't condone this; however, it's a difficult pill to swallow when faced between choosing the ethical choice.... paying the yearly subscription for a poorly functioning app... or sideloading a fully functioning app created by an open source community because the official developers aren't making any progress.
Would any other senior devs on this site wish to chime in on this?
You should have never been banned from there...but hey...no good deed goes unpunished right?
I've had EL for quite some time and it's irritating to no end to see how flawed it is. It's a shame that they won't welcome help and instead act that way toward people trying to do something good for them.
Hacking and posting an app that uses paid services is considered warez and will not allowed to be posted here nor will any help be given in doing so.

[Q] Rules of Open Source development

Hi!
After only being a user for a long time, I've recently begun to develop for Android as well, and I think that I have identified quite a few niches that could use better apps. However, I've never collaborated on an Open Source project, and I'm really unsure what the written and unwritten rules of the subculture are. Could anyone point me in the direction of good resources to learn about them? I know I can probably find those through Google, but I wouldn't know if I'd end up on any site owned by Stallman or Shuttleworth and I'd rather be part of the mainstream, so to speak.
To indicate what kind of questions I'd like to have answered, without requiring anyone to answer them here: What level of expertise is required? Can I just join anyone and upload to their repository, relying on them to sort out the parts they want? When can or should I fork a project? When is it considered rude to take code snippets from someone? How sure can I be that the project's owner won't change the license and steal my code? How would those questions be answered if money is involved? Is it considered reasonable to make an Open Source application that people pay for in the Play Store? How would I handle contributions to such a project? What would be the best license to ensure that I both contribute to the Open Source movement and protect myself against people stealing code? (I. e. just forking it and slapping their name on it.) And many, many more - as I said, I'm really unsure how to start out with this.
Thanks very much in advance!
Regards,
David
Maybe I can help you on a few of those points. First off, feel free to fork anything you feel like, whenever you feel like something needs to change. Also feel free to push any changes you make back to the original project. The project owner can decide what to merge in. As for lisening, please note Im NOT A LAWYER, however, I think I can offer some general knowledge. If code is under a typical open source license, the code at that particular point in time is free to be viewed by anyone. A lot of open source licenses, though not all, are considered 'copy-left', in that any code DERIVED from the liscensed code also has to follow the same license (GPL comes to mind). This helps from people 'stealing' your code at a later point under a closed license. As for taking code snippets, it depends on the license of the code. If you grab a piece of code from a GPL codebase, whatever you're using that code in also has to be GPL licensed. You are in essence taking their code, and modified it. Learning more about different open source licenses might be something to look into, depending on how far you want to delve into this As for making people pay on Play store for open source projects, its certainly acceptable. A lot of people make money from open source software by prividing some form of 'support'. Whether thats tech support, or whether its compiling, packaging, and making it available (as you might do for an android app) you are providing some sort of service aside from the actual code that people will pay for. I've seen a few projects go this route. Hope this gives you more answers than it does questions! The OSS community I've found to be a pretty easy going group of people, so long as you follow a little common courtesy, and have a bit of common sense. Cheers!
Thanks a lot for your reply! It has certainly helped me to make my mind at ease - I know that Open Source people can often be _very_ friendly and open, but it seems like you really do not want to get on their bad side if you intend to be a developer. That's also why I especially worry about being rude, not about doing something illegal - the licenses themselves seem to be quite permissive.
Quick followup question on the money thing, though - is it accepted by Google if I offer a paid app in the Play Store and at the same time free on F-Droid? Or would I have to ask someone to compile and upload it there without my official participation? Because that would kinda be the ideal model for me - Open Source, free app on F-Droid and sideloaded, "lite" and paid versions in the Play Store. Something like that would be good to know before I actually begin thinking about deploying some app.

Categories

Resources