Related
Hey guys!
I developed TalkMyPhone, an open-source app that enables you to control your phone from google talk. It's like android-notifier on steroids, since it brings almost the same features and you don't need wifi/bluetooth enabled.
I can't post links since I'm new here. Google for talkmyphone or look for it on the market.
Developers: I'm open to contributions
Users: please use the issue tracker for suggesting features
I don't have many non-french users since the info did not spread very well outside of french blogs, so I'm posting it here. I hope someone will find it useful and write something about it.
chm.duquesne said:
Hey guys!
I developed TalkMyPhone, an open-source app that enables you to control your phone from google talk. It's like android-notifier on steroids, since it brings almost the same features and you don't need wifi/bluetooth enabled.
I can't post links since I'm new here. Google for talkmyphone or look for it on the market.
Developers: I'm open to contributions
Users: please use the issue tracker for suggesting features
I don't have many non-french users since the info did not spread very well outside of french blogs, so I'm posting it here. I hope someone will find it useful and write something about it.
Click to expand...
Click to collapse
Do you need multiple GTalk accounts in order to talk to it, or can you "talk to yourself" ?
Niice Idea
sweeeet thx
Doesn´t work on my SGS. After trying to to login the app closed. And now i can´t open it again. Even every other app wont start.
Only a restart helped. Uninstalled.
But the idea is interessting. maybe i´ll give a try again later.
khaytsus said:
Do you need multiple GTalk accounts in order to talk to it, or can you "talk to yourself" ?
Click to expand...
Click to collapse
The 2 solutions work. Talking to yourself is possible in gmail, but you cannot initiate the conversation, so in this case, best is to use a third party client like pidgin. Otherwise you can set up a second account. Any standard jabber account is possible.
Accounts delivered at jabber.org are *very* easy to get. You don't need to give your email address, you don't need to sign an agreement. You just have to fill a captcha to prove you're human.
Doesn´t work on my SGS. After trying to to login the app closed. And now i can´t open it again. Even every other app wont start.
Only a restart helped. Uninstalled.
Click to expand...
Click to collapse
Weird. Some unlucky people experiment bugs like this one. I don't know where this comes from, and I try to improve the code. It works 100% of the time for me, so all I can do is look at 'adb logcat' traces users leave on the bugtracker. If you wish to do so, it might improve your chances to see this fixed
giving it a shot
you may try changing your preferences.xml to the attached (just because of english, just change .zip to .xml)
i have to find the other file, because i noticed some other grammatical things. no worries tho
and, 'additional settings', in the xml has too many 'n's, lol
timothydonohue said:
giving it a shot
you may try changing your preferences.xml to the attached (just because of english, just change .zip to .xml)
i have to find the other file, because i noticed some other grammatical things. no worries tho
and, 'additional settings', in the xml has too many 'n's, lol
Click to expand...
Click to collapse
Thank you, I'll update that in the next release.
Pretty Neat
I was able to go on Google Talk on my PC and send messages to my phone. The copy:text feature I can definitely see myself using so that I don't have to type long URLs in the browser. The other functions seem like they would be nice if you lost your phone or if it was stolen. Overall a pretty neat app! Thanks!
Rob
HTC Incredible
Virtuous Rom 2.7
So I have the app running and logged in. (Phone is logged into [email protected])
On my PC I have [email protected]. I message from PC to phone (John to Paul) and nothing happens.
I tried "where" "ring" etc, but the app doesn't respond. What am I doing wrong?
What next...
When you start the app on the phone, make sure you input your google information and then start the app. If you have Google Talk up on your PC, it should pop up a window for you to type commands into (talk to/control your phone). It did for me anyway. Type a "?" to get a list of the commands...
Rob
khukman said:
When you start the app on the phone, make sure you input your google information and then start the app. If you have Google Talk up on your PC, it should pop up a window for you to type commands into (talk to/control your phone). It did for me anyway. Type a "?" to get a list of the commands...
Rob
Click to expand...
Click to collapse
Hmm, I did all this. Let me see where the issue is:
My phone's Google account is set to [email protected].
I put in [email protected] and my password into TalkMyPhone.
I start up TalkMyPhone and it logs in -- successfully.
I go to my PC and log into gmail on [email protected].
I message from my PC ([email protected]) to my phone ([email protected]).
I get the message but nothing happens with TalkMyPhone.
Can you tell me where the issue is?
i entered in all of my information too and nothing seems to work, the app says loging in .. then that its successful. but then nothing can be done from there.
i cant even log in
i always get the message: "login failed" and then "stopping service"
i tried setting it on "use the phones account settings"
then i turned that off, and manually put in my gmail-settings - still didnt work
Same issues over here... Got it all connected, reciving messages from the phone works fine, too (welcome, battery, incomming callings) but sending commands doesn't work for me.
Got a HTC Magic/Sapphire with CM6 (2.2) running on it.
I had the same problem. I changed the GTalk Port to 5222 and entered my ****@googlemail.com instead of ****@gmail.com
Works perfect on my HD2 (Android ) Thank you!
When I log in on phone i get this gTalk message on my pc from my own account:
Welcome to TalkMyPhone. Send "?" for getting help
Battery level 78%
Works just perfect...
EggL said:
I had the same problem. I changed the GTalk Port to 5222 and entered my ****@googlemail.com instead of ****@gmail.com
Click to expand...
Click to collapse
i changed @gmail.com to @googlemail.com
and it logs in now....
but i dont get any messages....
do i need to have the real gtalk installed on my computer?
doesnt applications like trillian for windows work?
I tried Pidgin and it works but I use the GMail-Chat because it's my info hub
Anyways, great work chm.duquesne, this is a really great application.
Now there just needs to be a way in GTalk to turn off the chat notification in Android for a single contact
// Edit
The "where" feature is really awesome, mate.
Nothing serious but the reply feature does not work for me. When I received a SMS and I type "reply:This is my reply" it answers "No match for "+491234567890" (the number being the correct number, of course).
RazorHail said:
do i need to have the real gtalk installed on my computer?
Click to expand...
Click to collapse
I use gTalk and it works.
Is it possible to get some kind of ping button on the phone, that opens the conversation window on the pc? I cannot figure out how to open a conversation with myself in gTalk.
Seems that HTC is finally acknowledging Peep's vulnerabilities and while not publicly releasing an update, they will send it out to people who request it...
http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
It's about time they got a fix out for it!
By the way, the Tweet for @xdadevelopers went out saying this was for Android users, instead of Windows Mobile users.
We have published an article regarding this situation on our Portal
http://www.xda-developers.com/android/htc-peep-vulnerability-update/
How did you find the vulnerability, is there a packet analyzing tool for android?
No luck
I just received a response from HTC saying they have no idea what I'm talking about. I just sent them back a response with the linked article. Hopefully someone can get the update from them and post it here so we don't have to deal with them at all.
So is this Windows mobile only, or Android too?
Sent from my HTC Desire using XDA App
Lothaen said:
So is this Windows mobile only, or Android too?
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
I don't think Android uses Peep in its interface for Sense. I'm not 100% positive on that, but I know we've had an issue with this for WM for about five or six months now.
In trying to get a hold of this update, here are my responses from HTC so far for anyone interested.
Me said:
I just heard about the update to HTC Peep for Windows mobile users. I have an AT&T Tilt2 with Sense loaded on it. I was hoping you guys could send me the Peep update so I could use that tab again without worrying.
Click to expand...
Click to collapse
Kathleen said:
I understand how important it is for you to be able to update your Peep application. Unfortunately, we are not aware of an update for the Peep application. I have looked for the update and it is nowhere to be found. You will need to keep an eye on http://www.htc.com/us/support/tilt-2-att/downloads/ for updates for your device.
Click to expand...
Click to collapse
Me said:
I read about the security flaw in the HTC Peep tab back in August and never used it because of this. The Peep application discloses the username and password via a HTTP OAuth-related request during the initial sign in to anyone eavesdropping on the connection. It also exposes the username and password after the connection is established by having all of the requests from the mobile device to the Twitter service use a HTTP Basic authentication header even though the app is supposed to be using OAuth. For more information, please refer to this article: http://blog.taddong.com/2011/02/vulnerability-in-htc-peep-twitter.html
Click to expand...
Click to collapse
Lindsay said:
We have not made an official update, any updates found on 3rd Party websites are up to you to do the research and download yourself. Just know these updates are considered rooting on your Tilt 2, so make sure before you update you do the research.
Click to expand...
Click to collapse
Me said:
Then when will the update be made public? It is kind of a pain that I've waited for six months now to use a feature of this device because of a security issue. Also, how would this be considered rooting since I'm not using an Android device? Windows Mobile users have administrator-like privileges by default in this operating system. There is no such thing as rooting on a Windows Mobile device.
Click to expand...
Click to collapse
Lindsay said:
If you re-write the ROM it is considered rooting. If you can add any applications to the SD Card and install it to the device, that is not rooting. We do not have any information on any updates available for your device at this time. I apologize that we do not have any updates for HTC Peep.
Click to expand...
Click to collapse
Me said:
I don't mean to sound insulting, but rooting is not the same as flashing a custom ROM. Rooting is gaining root-level administrator privileges on a Linux based operating system. Windows Mobile provides this access to the user by default. There is no other setting for this. Android, being a Linux based distro, does not come with root privileges installed to protect itself from users inadvertently messing around with things they shouldn't. It is the same thing on desktop operating systems like Ubuntu, Fedora, and the like. Rooting is completely different from flashing a custom ROM, as you are suggesting. Either way, an updated Sense tab using HTTPS, as it originally should have done, would be as simple as installing a *.cab file. My question, then, becomes to whom should I address this issue to get further support should I decide to call about it with the information I have?
Click to expand...
Click to collapse
Lindsay said:
The fact is we do not have an update for your device at this time. I apologize for this, but at this time we do not have any updates.
Click to expand...
Click to collapse
Me said:
Yes, you mentioned that. I asked whom I should voice my concerns with since this is the case. I understand that you don't have any information to offer me. I wasn't questioning that. I would simply like to know where I should go from here as there has been a serious security flaw in this device for quite some time. I do not mean to insult you, if I have done so, and apologize if I have, but I want this matter resolved once and for all. Obviously, the users are not allowed to modify the HTC Sense code or this would have been resolved some time ago. If some users were allowed the Peep source code, this could be rectified very quickly with the SenseSDK, but as that isn't an option, I, and several others, look to HTC to provide support for their product and software. If it is simply a problem of my device becoming outdated, then the HTC HD2 (Leo_512, Leo_1024) has the same problem on the latest ROM image as well.
Click to expand...
Click to collapse
Lindsay said:
I have sent the forum you sent me to the appropriate department for review. If you would like to troublahoot you device I would be glad to further assist you, but at this time this email will need to be closed if there is no troubleshooting to be done on your device. Again, I have sent the forum to the appropriate department.
THREAD CLOSED
Click to expand...
Click to collapse
It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.
i contected taddong and they told me
yeah they told me they had no idea what i was talking about....i contacted "tadong" and they told me to sedn the link from there site regarding the issue to HTC and he would handle them if they wanted more info on it...i guess we'll see what happens
It doesn't look like HTC is playing ball here. I'm going to continue to try to figure this out as I would love to actually be able to use the Twitter tab for a change. I never really used it because of the security flaw that was found.[/QUOTE]
Uh... "If you can add any applications to the SD Card and install it to the device, that is not rooting."
Under that logic, if unrevoked forever ever releases a .apk to turn S-OFF, does that imply that merely doing that to get root access isn't rooting?
edit: this is what happens when companies aren't smart enough to release some kind of auto-app updater, separate from OTA updates. Stuff like this takes an eternity. How hard is it to add an "s" to the http of the authentication? (for that matter, why the hell is Twitter letting you log in this way in the first place?)
lol, first thing i thought of when i saw this posts title...
http://my.starstream.net/neobigd/htc_peep.jpg
HTC finally release the Peep security update for the Rhodium, Topaz, Leo, and Photon. I've attached the files to this post, but they can also be had at HTC's website at the link below.
HTC Peep security update
EDIT: These updates do not work with custom ROMs, it seems. The *.exe needs to be copied to your device and run from there. I'm working on extracting them and making proper *.cabs now.
Peep Update *.cabs
EDIT: DO NOT PM ME ABOUT THIS FIX. IT DOES NOT WORK.
Please do not PM me about this security fix. It has nothing to do with the current Twitter outage as of the beginning of May 2011.
After pulling them apart and recompiling them, with the help of JVH3, here are the HTC Peep Update *.cabs. These are for Windows Mobile users with version 6.5 or higher. It should work, in theory with version 6.1, but I didn't feel like testing it out. Obviously, you'll need Sense 2.5 as well. There are four versions, but they all seem to be exactly the same. I didn't notice any differences other than the dates they were packaged. The Rhodium version seemed to have a slightly smaller TwitterApp.exe file, but I still don't think it was different.
Disclaimer: I take no responsibility for anything you do to your devices. These are posted for informational purposes. If you choose to install the application update, then any side effects (of which there should not be) are on you.
Changes
This update changes the way the Twitter Tab (HTC Peep) authenticates your user account. Before this update, your account information is sent via unencrypted http headers upon login which reveal both the username and password to anyone who happens to be eavesdropping on the connection, whether it is by cellular data or wifi as seen below.
Code:
authenticity_token=c8b5abaf53f223e827d9258ddfef4285a816db5f&
oauth_token=I4FK956n1foaHjayLKXJT2IaBpsmoo0amKyPhebc&
session%5B[B]username_or_email%5D=USERNAME&session%5Bpassword%5D=PASSWORD[/B]
Also, when sending tweets or receiving them, their is a continuous authenticate request sent which exposes the username and password again as illustrated below.
Code:
GET /statuses/friends_timeline.json?count=50&page=1 HTTP/1.1
Accept: text/xml, application/xml;q=0.9, */*;q=0
[B]Authorization: Basic BASE64("USERNAME:PASSWORD")[/B]
User-Agent: TwitterEngine
Host: twitter.com
I haven't been able to confirm the status of the current update yet with traffic monitoring, but according to HTC, this update sets the Peep application to use OAuth to establish a connection with https to encrypt the username and password instead of leaving it exposed for all the world to see.
EDIT: This is not a 100% fix. It seems that while the initial session is now being sent over https using TCP port 443 (sending against the api.twitter.com domain), during the rest of the session, Peep switches back to HTTP basic. This still leaves the whole session after the initial login vulnerable to hijacking based on the Twitter's session ID through cookies. I suggest using a different Twitter client, as neither HTC nor Twitter care for our aging devices.
EDIT: DO NOT PM ME ABOUT THIS FIX. IT DOES NOT WORK.
i dont like to install os on sd card
squaloforte said:
i dont like to install os on sd card
Click to expand...
Click to collapse
What relevance does your post have to anything related to this thread?
Nothing about this thread has anything to do with installling an os or anything to your sd card.
It is about the twitter tab security flaw and the recent patch by HTC.
A patch could only be installed to the device, since patches need to replace files on the device.
Still getting login error!
I'm still getting login error problem on my HTC HD2 o2 uk phone, this update and the HTC HD2 Peep Security update on the HTC website http://www.htc.com/europe/SupportViewNews.aspx?dl_id=1085&news_id=866 doesn't work
Is anyone else getting this problem?
ramonguthrie said:
I'm still getting login error problem on my HTC HD2 o2 uk phone, this update and the HTC HD2 Peep Security update on the HTC website http://www.htc.com/europe/SupportViewNews.aspx?dl_id=1085&news_id=866 doesn't work
Is anyone else getting this problem?
Click to expand...
Click to collapse
Please try to keep up.
This fix has nothing to do with login errors.
This fixes a security vulnerablity.
Without the fix, user name and password are sent in plain text through http.
With the fix, oauth is used instead, so each request does not send this information. And when it initially is sent to authenticate, https is used.
The twitter tab works for just about everybody. And the fact that no one else is reporting problems since applying the fix indicates that the fix does not have a problem.
Things to check:
Do you have a twitter acount?
Are you entering your twitter user name and password correctly?
Is your twitter account locked by twitter? (try using it with your computer)
Do you have a data plan?
Do you have a strong cell signal with Edge or 3G service?
Have you tried soft resetting your device?
Are you in the UK?
If not, does the country you are in block access to twitter?
Can you browse web pages with your phone?
No need to reply to this reply to your post since your post was not on topic for this thread.
JVH3 said:
Please try to keep up.
This fix has nothing to do with login errors.
This fixes a security vulnerablity.
Without the fix, user name and password are sent in plain text through http.
With the fix, oauth is used instead, so each request does not send this information. And when it initially is sent to authenticate, https is used.
The twitter tab works for just about everybody. And the fact that no one else is reporting problems since applying the fix indicates that the fix does not have a problem.
Things to check:
Do you have a twitter acount?
Are you entering your twitter user name and password correctly?
Is your twitter account locked by twitter? (try using it with your computer)
Do you have a data plan?
Do you have a strong cell signal with Edge or 3G service?
Have you tried soft resetting your device?
Are you in the UK?
If not, does the country you are in block access to twitter?
Can you browse web pages with your phone?
No need to reply to this reply to your post since your post was not on topic for this thread.
Click to expand...
Click to collapse
My Peep app stop working in January, there are no problems with my twitter account, all I'm looking for is a solution or fix!
Do you know where i can get a Peep.cab?
ramonguthrie said:
My Peep app stop working in January, there are no problems with my twitter account, all I'm looking for is a solution or fix!
Do you know where i can get a Peep.cab?
Click to expand...
Click to collapse
As I previously said, this thread is dedicated to the HTC Security Patch for the twitter tab.
I suggest either looking for a thread dedicated to the twitter tab not working or creating your own thread in the question and answer section.
http://forum.xda-developers.com/forumdisplay.php?f=456
This thread is not the appropriate place for your question.
My HTC Peep stopped working on my Rhodium after installing this update. Peep worked right up until I installed the HTTPS Fix.
Verizon TP2, using the Custom ROM --> Verizon MR2 Fixed by Mr. X
(ROM Found here)
http://forum.ppcgeeks.com/cdma-tp2-...zon-mr2-fixed-mr-x-boots-unlocked-device.html
I see the "Tap Here to Authenticate" Screen
I type in Username/Password (which works when logging into the website)
HTC Peep tries to log in, but I get an error --> "You entered an incorrect username or password."
I cleaned out the Temp folder to try and get a fresh start, but no luck.
I tried to uninstall, but I am unable to uninstall properly.
I tried to Re-install, but no luck.
I shut down Sense, re-installed, and rebooted and turned on Sense, no luck.
So, minus doing a brand new ROM flash it looks like this .CAB tanked the Twitter tab for me. I didn't really want to keep using it unsecured, but it sucks that the update stopped it from working altogether.
I made the world's lamest app because my wife won't let me squish spiders... She wants me to take it outside. I called it Spider Squisher.
I signed up for a Google developer account about 1 month ago and now I am trying to upload my app. When go to https://market.android.com/publish and try to publish an app. I
1. select the app by clicking browse
2. click upload
3. receive the following dialog box pop-up
Unable to parse response. If you have a browser extension or add-on installedwhich changes the JSON response, please disable and refresh this page.
Click to expand...
Click to collapse
Then
4. when I click back, I get a dialog popup that says
Unable to process the uploaded file. Please check if it exceeds the size limit.
Click to expand...
Click to collapse
and it's only 13Kb!
5. I click back again after clicking OK on the dialog and I get to my developer console.
6. I click "edit profile" or "Setup Merchant Account" and it takes me back to the Android Developer Console (basically refreshes the page Https://market.anrdoid.com/publish/Home)
I have tried using the following
Ubuntu Desktop 10.10 computer 1:
Firefox
Firefox in safe mode (firefox -safe)
Google Chrome
Windows computer Windows 7 home 2:
Windows Internet Explorer
Windows Internet Explorer in safe mode
Windows 7 Starter Computer 3
Another Windows internet explorer
Ubuntu 10.10 netbook Computer 4
Another firefox
My Phone- Samsung Captivate running Andromeda3 (Android 2.2)
My phone webkit
Windows XP Home Virtual machine 1
Windows Internet Explorer
Windows XP pro Virtual machine 2
Windows Internet Explorer
Nothing is working! I still get the errors above
I opened up a java console and see a whole bunch of errors relating to border-radius, align, cursor, zoom, user-select, and filter on the market.android.com/publish/gwt/*.css... about 20 warnings in all. Nothing I can point a finger at though.
What's going on? I'm flipping out here... I just want to publish this stupid apk file myself.
I have my receipt to the android market. It's linked to my google account. It's been over a month and I'm still receiving this message
Your Registration to the Android Market is still being processed.
You can upload applications to the Android Market but you cannot publish until your registration is completed.
Click to expand...
Click to collapse
Attached is the "Spider Squisher" apk file. I would like to publish this myself.... Is there something wrong with my APK?
Yes this is a hello world app... Please tell me I didn't just download a virus.
Sent from my ADR6400L using XDA App
No, it is not a virus. I am frustrated with the google publishing process. It won't let me upload!
AdamOutler said:
No, it is not a virus. I am frustrated with the google publishing process. It won't let me upload!
Click to expand...
Click to collapse
The market is pretty buggy at times, last weekend i tried for 3 days to update an app without success.
I had the exact same error you had, after sometime i just said f*** this and went to sleep. Sometime next day it worked.
Don't give up hope!
K... I've been trying for 2 days now.
Somewhere i also read that he had the same message, which was very misleading because he got it as he was not yet fully unlocked to use the market.
Seems you are not either? Maybe this could be it too.
They wire you some cents money, which you have to type into a field to complete registration, did you do that?
Dark3n said:
Somewhere i also read that he had the same message, which was very misleading because he got it as he was not yet fully unlocked to use the market.
Seems you are not either? Maybe this could be it too.
They wire you some cents money, which you have to type into a field to complete registration, did you do that?
Click to expand...
Click to collapse
That is for a sales account. I did not set that portion up. I am not accepting money for this. However, I i tried, and It's doing the same thing as clicking on my account which I mentioned earlier. The market appears to be fully broken and inoperative here. I just don't understand. Who can we call about this?
No one.
You can probably fill out a form somewhere, thats the google way im afraid.
They don't support phonesupport.
I can't find the form... that's why im here on the forums. I could not find a form or email address.
Can anyone help me? Where do I contact google market?
Here is the form http://www.google.com/support/androidmarket/bin/request.py?contact_type=publishing
Litterally, within 1 minute of hitting submit, I received an email apologizing for the delay.
Now when I log into the developer console I see
Your Registration to the Android Market is approved!
You can now upload and publish software to the Android Market.
Click to expand...
Click to collapse
And I can upload apps!
Interesting, must be their cunning plan to cut down on the amount of junk apps that just aim to get ad clicks.
(Not saying yours is - I like the sound of it lol)
Have you made a Boss Spider with your wifes face on it yet
This thread is to track my dealing with HTC and their service department over the current Twitter Tab (HTC Peep) outage. Please don't PM me about it, I'll just make fun of you for not reading and searching.
The current outage has NOTHING AT ALL to do with the Peep security updates published back in February. For information on the past update, please refer to this post.
I am reaching out to everyone who uses this application to bug the crap out of HTC until they fix this problem. Please read this post all the way through so you can contact them with a bit of information. I originally tried to ask about it as simply as possible, but only got an idiotic response. The communication log will be posted in the next post.
Basically, for anyone experiencing issues with Peep, simply read the post I linked to and the following post. This will give you enough information to be able to contact HTC and make some noise. If you do contact them, please use proper grammar and be respectful. Typing like a pissed off high school girl (no offense to pissed off high school girls) will get us no where.
A brief history of Peep outagesSince the very beginning of HTC Sense, most experienced users have known about Peep's security flaws and have either decided to live with it, figuring that it wasn't very important to them, or simply used another client for Twitter. The problem is that Peep was accessing the Twitter API through use of unencrypted HTTP headers which exposed your username and password to anyone who might be eavesdropping on the connection via cellular data IP or WiFi.
Twitter experienced some headlines last summer where several celebrity and high profile accounts were compromised due to lax security features. This caused them to begin shifting their API towards a more secure end. In doing this, they notified the developers of Twitter clients of this shift and to update their applications accordingly. HTC was one of the few who did not update their applications.
Late last year, HTC's Peep application experienced some outages. HTC, instead of repairing the problem, petitioned Twitter about the outage and, after several weeks, the functionality of Peep was restored through an exception made in Twitter's API. This was the easiest solution for HTC, but the worst solution for the customers, since it still left the user's data exposed to risk and was only a temporary solution.
Then, sometime in late January/early February, the members of Tadong blog released their security information to the general public after trying for months to get HTC to fix the security flaw in Peep as outlined above. Subsequent to the release of the information, HTC finally release the security updates for Peep that corrected half of the problem. The initial log in attempt now used OAuth to establish a secure connection over HTTPS on TCP port 443. This fixed the update Twitter rolled out shortly after where some users got the "Forbidden" errors when trying to use the tab. It did not fix the remainder of the session where Peep would request data from Twitter. The rest of the time, Peep requested data over unencrypted HTTP basic headers just as it always had. This, as most of you know, caused problems with the most recent update to Twitter's API.
Twitter rolled out an update again at the end of April that broke the Peep client again. The problem wasn't really Twitter, though. Twitter has now disallowed any new requests to access it through unencrypted channels. This, of course, blocks Peep again. The sad thing now is that this would not be a problem if HTC had simply fixed the problem last year during the first outage or even produced a secure client in the first place.
This brings us to the present. I have contacted HTC with all the information I could gather about this problem. The conversation is listed in the next post. I encourage everyone reading this to learn a bit here and contact HTC via their support page. Any serial number should work as long in the contact form as it matches the correct device. The only Rhodiums to receive the Sense update were the Euro and AT&T ones, as far as I know. Leos ship with it, and I'm sure there were other devices that got Sense updates as well, such as the Photon and Topaz. I'm not up to speed on the models of those devices that got Sense, though. If you contact them, please post in here your conversations. If you need help crafting a proper response to the HTC support techs, please PM me. I will try to assist as best I can.
Communication log
Log between myself and HTC reps, Douglas and Danielle.
Me said:
I have both a Tilt2 and a HD2. Both are using HTC Sense as the primary GUI. On both of them, the Twitter Tab (HTC Peep) no longer works. I put in the right username and password and it always tells me that it is the wrong username or password. I have done this multiple times, and am absolutely certain that I am typing it in correctly.
After searching around for a while, it appears that I am not the only one to have this problem. I also have the HTC Peep security update installed on both of the devices, but it does not work with or without that fix.
Is HTC planning to roll out an update to fix this problem?
Click to expand...
Click to collapse
HTC Douglas said:
understand you are unable to log in to Twitter even with the Peep security update. The link you need to download the update for is different for your two devices.
Use this first link for your Touch Pro 2:
http://www.htc.com/www/SupportViewNews.aspx?dl_id=1085&news_id=874
And this link for your HD2:
http://www.htc.com/www/SupportViewNews.aspx?dl_id=1086&news_id=865
If this does not work you may need to restore your devices to factory settings and re-apply the appropriate hotfix after backing up your information, for example with ActiveSync or the Windows Mobile Device Center to sync your information with Outlook.
Sync software is available at: http://www.microsoft.com/windowsphone/en-us/apps/65-downloads.aspx
You can back up your information using ActiveSync or the Windows Mobile Device Center located at the following URL:
http://www.microsoft.com/windowsphone/en-us/apps/65-downloads.aspx
Essentially, plug your phone into the PC after installing the software and select Activesync as your connection type. Your computer will walk you through backing up your data.
A factory data reset will clear all data from the phone's internal memory and restore the device to manufacturer defaults. Information on your storage card will be kept. To reset the phone press start>settings>(menu>all settings)>system>clear data and confirm.
Click to expand...
Click to collapse
Me said:
I just mentioned that I installed the security update already, and the response I got was to install the security update? What kind of answer is that? Even if the line of thinking was that I perhaps installed the wrong update, how would that even be possible considering the updates require the installation to pass software version checks before installing? I was trying to make this as simple as possible, but considering the response I received, it is apparent I will be unable to do this.
The problem is that the Peep Security Update did not fix the problem all the way. Originally, the Twitter account information was sent via unencrypted http headers upon login which reveal both the username and password to anyone who happens to be eavesdropping on the connection, whether it is by cellular data or wifi. Also, when sending tweets or receiving them, their is a continuous authenticate request sent which exposes the username and password again in the same manner.
The security update is not a 100% fix. After installing the update, it seems that while the initial session is now being sent over https using TCP port 443 (sending against the api.twitter.com domain), during the rest of the session, Peep switches back to HTTP basic. This still leaves the whole session after the initial login vulnerable to hijacking based on the Twitter's session ID through cookies. Because this was not fixed properly in the first place, Twitter has blocked the application from accessing its api. Twitter has increased its security measures and disallowed new authenticate requests from unsecured clients. So any device that is currently authenticated in Peep will not be affected, but once the user logs out of Twitter, does a hard reset, or a ROM upgrade, the Oauth token will be invalidated or removed and will not allow Peep to log back in.
This is the position I am currently in, along with hundreds other users. It affects every user on HTC Sense as it will break the Peep client as soon as they log out. Since these devices are still being sold as brand new, HTC should still be providing support for them, since it is the HTC software that is not functioning as intended. Now, what is HTC prepared to do for every single Sense user? All that needs to be done is to FINALLY secure the Peep client and force it to use HTTPS instead of basic HTTP. The Twitter api will refuse all new auth requests that are unencrypted.
I have attached an eavesdrop of the timeline update request that is sent when the client refreshes. Notice that the username and password are UNENCRYPTED and shown in plain text. One more time I will ask what HTC is prepared to do to solve this problem. Please don't give me a cookie cutter response again. Thank you for your time.
Click to expand...
Click to collapse
The previously mentioned log is attached to this post.
HTC Douglas said:
Thank you for your reply. If you have performed the security update after performing a factory data reset please let me know and I can escalate this issue within HTC.
These are standard troubleshooting steps required to identify an issue and would be required before Escalations can review the case. I appreciate the additional data and log you included, as well.
Also so that I can escalate this issue, please reply with the following information:
Mobile device number:
Alternate contact number
Time zone:
Preferred contact time:
Current ROM version: (Start>Settings>about phone>software information on the HD2)
Click to expand...
Click to collapse
Me said:
As I mentioned, this is problem is persistent through hard resets and ROM updates. Anytime you log out or clear the Peep auth token in any way, it will not allow any further logins due to the (lack of) security of Peep. The only way around this currently is to back up the registry data associated with the Peep client in [HKLM\Software\HTC\HTCAccountManager] as well as the entire folder [\Temp\TwitEng]. If these are imported into a new flash of a ROM update or after a hard reset, the client will function again, as no new initial auth request will be needed. This still does not fix the problem of the client exposing usernames and passwords during EVERY update attempt. Nor does it allow less savvy users to use the Tab after having to hard reset or update the ROM.
The Tilt 2 is running ROM version 2.10.502.4.
The HD2 is running ROM version 3.14.531.1.
You may contact me via e-mail (email removed). I prefer not to be called.
Click to expand...
Click to collapse
HTC Douglas said:
Thank you for your reply. I have escalated the issue for further review. An escalations agent will reach out to you soon. Escalations contacts are performed in the order they are received so it may take a few days for us to review this information and get in touch with you.
Thank you for the detailed information about your analysis.
Click to expand...
Click to collapse
HTC Danielle said:
The previous agent has forwarded your email request to the next level for further review. The escalations team will be getting back with you as soon as they have any information for you. I hope you have a safe holiday weekend.
If you need any further assistance, you are welcome to send another inquiry through the HTC website by going through the Support page (http://www.htc.com/us/support) then tapping ‘send us an email’. You should input all the necessary information requested on the page.
Click to expand...
Click to collapse
Me said:
I will be awaiting further reply. Thank you for your attention to this matter.
Click to expand...
Click to collapse
HTC Travis said:
Thank you for provding us information about the shortcomings of our PEEP security update. I have verified that you are correct and have alerted our corporate office of this fact. They are researching the root cause in terms of the programming and will look into providing an update.
Click to expand...
Click to collapse
Me said:
This is great news. I'm having trouble seeing that I'm the first person to bring this to HTC's attention, though, seeing as this has been an issue for right about a month now. I figured someone else would have reported the problem before me. Please do keep me informed as this progresses. It should be as simple as forcing Peep to use secure HTTPS over TCP port 443 during the session as it does during the login procedure that was updated in February. Currently, it uses OAuth over HTTPS to establish the initial login, but switches back to HTTP basic for the remainder of the session. This allows the username and password to be seen in plain text every time the application requests an update from the Twitter API. Using this method also has another side effect. Twitter updated its security measures to disallow unencrypted requests. This means that Peep is no longer able to establish a connection since it moves from OAuth over HTTPS to HTTP basic during the initial session. If I can be of any other assistance, please let me know. I look forward to updates in this matter.
Click to expand...
Click to collapse
HTC Travis said:
You are not the first person to tell us they are having a problem with Twitter. You are the first person to provide us with this level of information and we thank you for that. Please reply to this email in a few days and someone should be able to give you more information.
Click to expand...
Click to collapse
Me said:
I see. I'm just doing what I can to benefit the dwindling Windows Mobile community. I will check back later this week. Thank you for the updated information.
Click to expand...
Click to collapse
Retain Twitter Tab/Peep functionality through a flash or hard reset
Before you ask, I don't have first hand experience with this. This is based on successful attempts by other members of the community.
This only works if the Twitter Tab/Peep currently still work for you. If it doesn't, then you are out of luck, and this will not work for you.
To retain the functionality of the Peep client through a flash of a new ROM or a hard reset, you will need to follow the steps listed below.
1. Stop Sense and soft reset to make sure that Sense doesn't continue altering information while you are backing up data.
2. Back up the entire key of "HKLM\Software\HTC\HTCAccountManager." You really only need the Twitter strings, but it's easier to just back up the whole thing.
3. Backup the entire folder of \Temp\TwitEng. This is where the Twitter authentication token is stored.
4. Flash the new ROM or hard reset, whichever you need to do.
5. Once the new ROM is stable and working, stop Sense and soft reset.
6. Restore the registry key and backed up directory.
7. Soft reset and then enable Sense. The Twitter tab should now continue working for you without any trouble.
EDIT: JVH3 made a pair of posts about this HERE and HERE. The second one talks about authenticating another device with the backed up data.
Great initiative ! I'm very curious to hear about HTC's reception of the issue, and see if they will take the initiative to fix it...or imagine a way to justify how not doing it
majorasshole said:
Great initiative ! I'm very curious to hear about HTC's reception of the issue, and see if they will take the initiative to fix it...or imagine a way to justify how not doing it
Click to expand...
Click to collapse
Please use this thread to contact HTC about the problem. Please don't link them to this thread, though. I started this with the intention that others would use the information I have gathered on the issue to contact HTC in an informed manner to get it resolved.
Basically, the more noise is made on this issue, the better chance there will be to have it fixed.
HOLY $ |-| 1 +, it worked!
Ok, so I received official word that Peep is being looked into by HTC. I would still encourage anyone reading this to contact them with the information I have provided here. The squeaky wheel gets the grease, as they say.
HTC Travis said:
Thank you for provding us information about the shortcomings of our PEEP security update. I have verified that you are correct and have alerted our corporate office of this fact. They are researching the root cause in terms of the programming and will look into providing an update.
Click to expand...
Click to collapse
Me said:
This is great news. I'm having trouble seeing that I'm the first person to bring this to HTC's attention, though, seeing as this has been an issue for right about a month now. I figured someone else would have reported the problem before me. Please do keep me informed as this progresses. It should be as simple as forcing Peep to use secure HTTPS over TCP port 443 during the session as it does during the login procedure that was updated in February. Currently, it uses OAuth over HTTPS to establish the initial login, but switches back to HTTP basic for the remainder of the session. This allows the username and password to be seen in plain text every time the application requests an update from the Twitter API. Using this method also has another side effect. Twitter updated its security measures to disallow unencrypted requests. This means that Peep is no longer able to establish a connection since it moves from OAuth over HTTPS to HTTP basic during the initial session. If I can be of any other assistance, please let me know. I look forward to updates in this matter.
Click to expand...
Click to collapse
HTC Travis said:
You are not the first person to tell us they are having a problem with Twitter. You are the first person to provide us with this level of information and we thank you for that. Please reply to this email in a few days and someone should be able to give you more information.
Click to expand...
Click to collapse
Me said:
I see. I'm just doing what I can to benefit the dwindling Windows Mobile community. I will check back later this week. Thank you for the updated information.
Click to expand...
Click to collapse
cajunflavoredbob said:
Before you ask, I don't have first hand experience with this. This is based on successful attempts by other members of the community.
This only works if the Twitter Tab/Peep currently still work for you. If it doesn't, then you are out of luck, and this will not work for you.
To retain the functionality of the Peep client through a flash of a new ROM or a hard reset, you will need to follow the steps listed below.
1. Stop Sense and soft reset to make sure that Sense doesn't continue altering information while you are backing up data.
2. Back up the entire key of "HKLM\Software\HTC\HTCAccountManager." You really only need the Twitter strings, but it's easier to just back up the whole thing.
3. Backup the entire folder of \Temp\TwitEng. This is where the Twitter authentication token is stored.
4. Flash the new ROM or hard reset, whichever you need to do.
5. Once the new ROM is stable and working, stop Sense and soft reset.
6. Restore the registry key and backed up directory.
7. Soft reset and then enable Sense. The Twitter tab should now continue working for you without any trouble.
Click to expand...
Click to collapse
Looks alot like what I posted here: http://forum.xda-developers.com/showpost.php?p=13790743&postcount=34951
Your thread is a better place for it though.
I also posted this: http://forum.xda-developers.com/showpost.php?p=13520319&postcount=34836
Which is helpful if you have another device that still is authenticated with the Twitter tab and transfering the info to another device.
Real glad you got things going with HTC to finally work on this.
JVH3 said:
Looks alot like what I posted here: http://forum.xda-developers.com/showpost.php?p=13790743&postcount=34951
Your thread is a better place for it though.
I also posted this: http://forum.xda-developers.com/showpost.php?p=13520319&postcount=34836
Which is helpful if you have another device that still is authenticated with the Twitter tab and transfering the info to another device.
Real glad you got things going with HTC to finally work on this.
Click to expand...
Click to collapse
Well, I already knew the key and file that needed to back up, but I forgot where I saw the bit about turning on and off Sense. Thanks. I'll add some credit for you.
Yea, there's a bit more that I can't post due to personal or sensitive information, but it's looking good so far. I'll keep updating this as more info rolls in. I'm hoping that other people contact them about it as well.
Very good afford cajunflavoredbob .
Lets hope Peep developer team in HTC are getting ready with new client
Thanks.
prabhat said:
Very good afford cajunflavoredbob .
Lets hope Peep developer team in HTC are getting ready with new client
Thanks.
Click to expand...
Click to collapse
I have a bit more to update tonight. They have sent the information onward and are working on a fix right now. No ETA was given, however.
Ive just suffered this problem today - logged out of peep and now i cant get back in again. As i didnt know about this issue, obviously dont have any backup! Thanks for pursuing this!
This has been my ongoing encounter with HTC Support for the Touch HD / Blackstone
Simon Lee Reply
Ok, could you keep me notifed if the touch HD will get the update or not ?
Thanks 2011/06/08 18:04:45
Bjorn [EU team] Close Pending I'm not saying it won't happen, I'm just saying that at this point I can not guarantee taht the touch HD will get such an update as it is an older device. I'm not saying it won't happen, I'm just saying that at this point I can not guarantee taht the touch HD will get such an update as it is an older device. 2011/06/08 16:15:10
--
Simon Lee Reply How come thou ? If theres no fix then that might meen i will have to buy a new phone, and am quite happy with the Touch HD ?
--
2011/06/08 10:57:55 Bjorn
[EU team] Close Pending I can not guarantee That a fix will be released for the Touch HD when te issue is resolved. I can not guarantee That a fix will be released for the Touch HD when te issue is resolved.
--
2011/06/08 07:59:10 Simon Lee Reply
Yeah, i realise its an Unoffical ROM, but thats beside the point, When tyou fix the HTC peep, will the Touch HD get a Upgrade for 6.1 with the HTC Peep fix?
--
2011/06/07 17:15:23 Bjorn [EU team]
Close Pending As your device is runnig an unaproved ROM we are unable to support it and can not guarantee that any applications will work properly. We have how ever had reports regarding this and are looking in to it on our approved ROM's, As your device is runnig an unaproved ROM we are unable to support it and can not guarantee that any applications will work properly. We have how ever had reports regarding this and are looking in to it on our approved ROM's,
--
2011/06/07 16:14:50
spikeyl said:
Ive just suffered this problem today - logged out of peep and now i cant get back in again. As i didnt know about this issue, obviously dont have any backup! Thanks for pursuing this!
Click to expand...
Click to collapse
Theres some kind of solution floating around here somewere
- Edit -
you could try this: http://forum.xda-developers.com/showthread.php?t=708770
Thanks - i found this earlier and tried all these but none of them work! Having read through the thread above I can see why though - it is related to the security authentication issue, so currently no fix.
spikeyl said:
Thanks - i found this earlier and tried all these but none of them work! Having read through the thread above I can see why though - it is related to the security authentication issue, so currently no fix.
Click to expand...
Click to collapse
Yeah, and HTC are planning on bring out a fix, but wont say which devices, will get the supported fix,
Simon_WM said:
Yeah, and HTC are planning on bring out a fix, but wont say which devices, will get the supported fix,
Click to expand...
Click to collapse
The only devices that will get the fix are the ones that have official Sense 2.5 ROMs. There are only four of them.
1. Leo
2. Rhodium
3. Photon
4. Topaz
My recent communications with HTC contain personal information regarding the fix. It is being worked on, but there is no current ETA that they have provided. I am keeping in touch with them and working with HTC to resolve the problem. I'll update this thread as more information is provided to me.
EDIT: Please don't post here about possible fixes. There is no fix for this error. The problem is with Peep and has nothing to do with Twitter. Logging in and out of Twitter on the desktop will have no bearing on the Peep application. No applications are allowed to access Twitter's API though unsecured connections, thus Peep is excluded.
My Twitter also stopped working sometime last week, but I don't ever remember logging out. However when I scrolled past the peep tab on my HD2 this morning it read "no tweets" instead of the click to login screen (or whatever it said). I clicked the screen and now have tweets going back to sometime yesterday. Is this any way connected?
jools5431 said:
My Twitter also stopped working sometime last week, but I don't ever remember logging out. However when I scrolled past the peep tab on my HD2 this morning it read "no tweets" instead of the click to login screen (or whatever it said). I clicked the screen and now have tweets going back to sometime yesterday. Is this any way connected?
Click to expand...
Click to collapse
This is unrelated if you did not log out, as far as we know. Twitter isn't yet blocking anyone from their API who already has a connection. They are only refusing new attempts.
HTC knows the problem, is working on it, but still no ETA
Just to add my story:
Originally Posted by Me
After flashing a new row to my HTC HD Mini, HTC Peep cannot sync with Twitter anymore.
I have flashed this rom: http://www.htc.com/europe/SupportDownload.aspx?p_id=314&cat=2&dl_id=980
And updated it with this update: http://www.htc.com/europe/SupportDownload.aspx?p_id=314&cat=0&dl_id=1085
When I enter my account and password, HTC Peep tells me: "You entered an incorrect username or password".
The account and password are OK, since I can use them via the web and other Twitter-applications.
I tried revoking HTC Peep as a Twitter-application and then re-adding HTC Peep.
But the message is still "You entered an incorrect username or password".
From an old backup I have retrieved registry settings at HKLM\Software\HTC\HTCAccountManager and the directory at \Temp\TwitEng.
After putting these settings back into the new rom I get a message: "The account was forbidden to access the twitter server!"
This is logically because I revoked HTC Peep as a Twitter-application at the Twitter website.
So, the HTC Peep client does not recreate the connection to Twitter.
Please provide a solution or update so that the HTC Peep client will work again.
Click to expand...
Click to collapse
Originally Posted by HTC
Thank you for contacting HTC Support.
The problems you are experiencing is because of a change in the Twitter API's that Peep has not yet adapted to.
Unfortunately I have no ETA for when this might be.
Until then I can only recommend using another Twitter client.
I hope this helps.
Click to expand...
Click to collapse
Originally Posted by Me
Thank you for the answer.
I am already using another Twitter client, but miss Peep...
I sincerely hope that Peep will be adapted soon.
Is this problem (already) sent to the development department?
Click to expand...
Click to collapse
Originally Posted by HTC Thank you for your email.
Yes, HTC is working on solving this issue as soon as possible.
If you have any further queries please don't hesitate to contact HTC again.
Have a nice weekend.
Click to expand...
Click to collapse
So, HTC knows the problem, is working on it. But still no ETA.....
wensing said:
Just to add my story:
So, HTC knows the problem, is working on it. But still no ETA.....
Click to expand...
Click to collapse
It's good to hear someone else's experience. I will ry to get back in touch with the HTC rep I've been communicating with this evening or tomorrow to see if there are any updates.
Hello xdadevelopers,
I've been having a heck of a time accessing the market to get U.S. apps that I'm otherwise entitled to owning. Being outside the country doesn't allow me to download these.
I then came across:
http://www.abtevrythng.com/2010/10/how-to-download-android-apps-which-are.html
As you can read from the instructions, it states that you must hand over your Google username and password.
Humm.... Isn't that exactly what one should not do????
I have not used AppBrain myself, but it is a huge and very popular portal.
I doubt it will misuse your google credentials and i probably would have heard of something like that happening.
But i can understand your worries and it is good to ask before just entering ones passwords and account into random sites.
Lets wait for another answer, maybe from someone using appbrain, as i don't plan on signing up there .
try VPN,pls.
I don't use appbrain myself, but I know people who do. Very good app, from what I've heard.
GhostElves said:
try VPN,pls.
Click to expand...
Click to collapse
What? Spam?