Related
Tested with Skype version 3.2.0.6673 (released 1st July 2013) on various
Android devices (Sony Xperia Z, Samsung Galaxy Note 2, Huawei Premia 4G
The Skype for Android application appears to have a bug which permits the
Android inbuilt lockscreen (ie. pattern, PIN, password) to be bypassed
relatively easily, if the device is logged into Skype, and the "attacker"
is able to call the "victim" on Skype.
This can be reproduced as follows with 2 Skype accounts, and 2 separate
devices to use with Skype. The target phone is presumed to have an Android
lockscreen configured and in use, and to be locked during the test.
1. Initiate a Skype call to the target device, which will cause it to
wake, ring, and display a prompt on the screen to answer or reject the call
2. Accept the call from the target device using the green answer button
on the screen
3. End the call from the initiating device (ie. the device used to call
the target phone)
4. The target device will end the call, and should display the
lockscreen.
5. Turn off the screen of the target device using the power key, and
turn it on again
6. The lockscreen will now be bypassed. It will remain bypassed until
the device is rebooted
Similar to (ironically enough):
http://arstechnica.com/security/201...een-lock-on-up-to-100-million-android-phones/.
Seems that internet based calling apps might well be "unlucky".
I suggest logging out of skype when not using it, until there is a fix.
Thanks to Turl for originally bringing this to my attention.
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
c0rnholio said:
Greetings pulser_g2,
Thanks for posting this. I found that all these screenlock bypass vulns (including yours) won't work if a enterprise policy is enforced on the target device. I've tested with 2 different smartphones, Note 8.0 and Note 2. Both with the current stock firmware. Can you or anyone else confirm this?
Cheers,
Michael
Click to expand...
Click to collapse
Hi Michael,
Thanks for the tip. However, forcing enterprise policy onto a device that does not need it should not be a solution for a bug like this (not ranting against you, please don't take it that way). Skype was already informed about this a couple of weeks ago and nothing has been done afaik.
I received a Skype update today from the market, so I guess it might be worth checking if the bug can be repeated or if it has been fixed.
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
SamsungPisser said:
Does andybody know which wrong usage of the Android-API might be used here? I'm developing myself an app which switches the Screen on and shows information without the need to unlock the device. Know I'm concerned that I might use the API wrong, too. There were also such bugs in other apps in the past month, so there must be some wrong usage type. Saidly I didn't find anything about it via googling. If you have links, please share.
Click to expand...
Click to collapse
It seems to be related to the use of the permission to disable the lockscreen.
I.e. http://stackoverflow.com/questions/12021800/disable-delay-android-lock-screen-programmatically
You want to ensure you definitely disable the option once done. I suggest you create a test plan and ensure even if everything goes wrong, the lock will still get enabled again in the end.
c0rnholio said:
Hi egzthunder1,
I don't take your post personal. My post was not made with the intent to be a bugfix. I just want someone else who also has access to provisioned devices to confirm my observation. Additionally if my observation is correct then it should be mentioned in a security advisory that enterprise provisioned devices with an enforced password seem to not be affected by all these lockscreen bypasses. I'm just discussing here
Click to expand...
Click to collapse
Hmmm that is interesting actually.
I need to see if I can replicate this by forcing provisioning manually.
I don't have an exchange server unfortunately (I use my own mail server that uses the protocol but doesn't do the complex provisioning.)
I'll have a look though as I think it supports provisioning in the configuration where it emulates Exchange. I believe this likely is a workaround for enterprise users.
This would be enough motivation actually to look at setting up proper provisioning of my devices.
Thanks for letting me know
SpeakApp is an application that will keep you aware of your friends speakerphone status when placing a call.
Description
You’re in your car, with a date, connected to your Bluetooth speakerphone. Then, all of a sudden, you get a phone call; you decide to play cool and take the call because you wouldn’t want your date to think you got something to hide. Well, look at that! It’s your best friend, whom you speak quite freely with, or even better, it’s your MOM. In the meantime, your blood pressure is rising, you’re starting to stutter and you pray to GOD because only he can come save you now…
We’ll let your fruitful imagination complete the end of that. But, that’s just the tip of the iceberg, right? And you can probably think of a dozen of other “skip-a-heartbeat” situations where you’d have wanted to send or receive a heads-up before establishing the call.
We’re proud to introduce SpeakApp, the mobile application that will save you from those embarrassing moments so you could keep a steady heart rate and live a lot longer.
In a nutshell, SpeakApp is a communication app focused on exchanging notifications based on your speakerphone status prior to establishing a call.
What do you need to do? Have you and your friends download the app, run through the super speed sign up process and let SpeakApp take care of the rest.
Now, whenever you’re about to enter a call with your friend and either of you has turned on his or her speakerphone, a heads up notification will be sent suggesting that “Other people may hear you..”
Together, with SpeakApp, we can replace the awkward “Cough” and rewrite the ending of such moments.
Features
Bluetooth
SpeakApp is completely aware of your Bluetooth speakerphone connectivity. So when you receive a call in the presence of others while driving, SpeakApp notifies the caller to let him or her know you’re behind the wheel and that others may hear you.
Mobile Speakerphone
SpeakApp integrates seamlessly with your mobile speakerphone, assuring that the other side of the conversation is notified when you turn it on.
SpeakApp Experience
To enjoy a full SpeakApp experience, use the built-in sharing option to invite people from your intimate circles to use SpeakApp so you could effectively exchange notifications based on your speakerphone status. Remember, it takes two to Tango and to SpeakApp.
Productivity
In SpeakApp, we realize that productivity is a top priority. To that end, after running the initial sign up process, SpeakApp will operate in the background and allow you to use your native dialer app while enjoying a full SpeakApp experience.
Information
Download
You can download the app for free from the Google Play store
play.google.com/store/apps/details?id=com.speakapp
App Web-Site
You can always enter our app web-site to get further details:
myspeakapp.com
Hope you'll enjoy SpeakApp, and we're happy to hear any comments, ideas or bugs (hopefully not...) you have.
Does anyone know of a call blocker/blacklist app that has a "pick up and hang up" mode that still works on Marshmallow? I don't mind if it requires root, but it can't be an Xposed module.
The aim is to block calls from blacklisted numbers without allowing them to leave a voicemail. There are a few apps on the app store that offer this feature, but they all seem to have notes or recent reviews saying that this is broken as of Android 5.0+.
The only one I've found that claims to still have it working on Marshmallow is Extreme Call Blocker but this is a relatively expensive paid app and has various negative reviews saying it either fails to block calls, or in some cases, blocks all calls!
Hello nogaff,
I exhume this post because I'm also looking for an app like this. I tried Extreme call blocker and it doesn't work at all for the "pick up & hang up" function.
This is not really surprising because it seems that the "automatic hang up" feature by an application has been blocked on the latest versions of Android to avoid malicious applications that might call and disconnect.
However, I also hope that there is a possible workaround because I am also looking for such a solution.
Does anyone know a way or an app?
Earlier this evening I worked out how to do it using Tasker: https://forum.xda-developers.com/showpost.php?p=76529612&postcount=17
I used to use Extreme Call Blocker (and £4 is not "relatively expensive" at all) but it no longer works under Oreo. At least, not on my phone. It might still work for others. I can't comment about Marshmallow.
Call Control does do the "answer and hang up" thing under Oreo.
However, none of these are likely to be useful to the OP, since the OP appears averse to paying for apps. Call Control demands a subscription after the initial 7-day trial, and my method also requires paid-for apps (Tasker and AutoNotification). But if the OP can go without a cup of coffee then the low purchase price of the apps in question might be met.
I just bought my first ever Android phone, Acer Liquid Zest Plus.
It's not quite working in the limited ways I was hoping it to work.
First, I drive a Honda, which has handsfreelink system for connecting the phone to the car. The phone connects to handsfreelink ok, but then shows some weird behavior, in that when using the car's controls to place a call through handsfreelink, handsfreelink immediately apparently hangs up the call (i.e. the car's display shows that it hung up the call). However, this does not actually hang up the call on the phone itself, as the call gets placed nonetheless and when someone picks up on the other side, I can have a conversation through the car's audio system. Seems to almost work, but the weird behavior just described means that I can't hang up a call without pulling the phone out of my pocket and hanging it up from the phone (as opposed to hanging up using the car's controls) while driving, which takes a lot away from the point of it all.
What could be the issue with this? Note that I had a Blackberry Passport before, which used to work all as intended with handsfreelink, and my family member's iPhone 7 Plus also works as intended with handsfreelink. Is it that my Acer Liquid Zest Plus does not have the necessary bluetooth profile/stack to works with Honda's handsfreelink? Is it that handsfreelink proprietary to Honda and uses something unique, as opposed to being a generic bluetooth device of the kind? Is a bluetooth device link this, used by other auto manufacturers, feature the same generic bluetooth thing, or is this something only Holda can possibly answer for me?
Could updating the phone solve this issue? If so, how? I go into Settings -> About phone -> System updates and it tells me that my device is up to date (I did not update it since pulling it out of the box). I notice that it's on Android 6.0 , and a quick Google search showed some discussions that it is highly unlikely that the phone will get newer Android update. The "Android security patch level" shown in "About phone" says December 5, 2016. That's a long time without a security patch. Should I, and is it possible to, update the phone?
I've heard of rooting an Android device and installing custom Roms before. Where can I find a guide for my device and the custom Rom files? I am hoping this might solve my issue with handsfreelink.
I know I am all around the place with my questions, but essentially, the issue I am having is that bluetooth connection to my car's audio system does not work as expected, and I am wondering how I might fix it. I am wondering if an OS update (either official version by manufacturer or a widely-used custom Rom) might solve this issue, or simply adding an extra bluetooth profile to the phone.
A solution would be awesome, but I'd be asking too much if I was hoping for that. Instead, if anyone can just provide me some pointers in terms of how to do research on what I should be doing to solve this, or clarify some concepts (to the extent you can tell I got it wrong from reading this post) for me, it would be really appreciated.
I've already been to Honda's handsfreelink website and Acer's support page for this product and there's nothing helpful there.
Thank you very much.
ACER
monotious said:
I just bought my first ever Android phone, Acer Liquid Zest Plus.
It's not quite working in the limited ways I was hoping it to work.
First, I drive a Honda, which has handsfreelink system for connecting the phone to the car. The phone connects to handsfreelink ok, but then shows some weird behavior, in that when using the car's controls to place a call through handsfreelink, handsfreelink immediately apparently hangs up the call (i.e. the car's display shows that it hung up the call). However, this does not actually hang up the call on the phone itself, as the call gets placed nonetheless and when someone picks up on the other side, I can have a conversation through the car's audio system. Seems to almost work, but the weird behavior just described means that I can't hang up a call without pulling the phone out of my pocket and hanging it up from the phone (as opposed to hanging up using the car's controls) while driving, which takes a lot away from the point of it all.
What could be the issue with this? Note that I had a Blackberry Passport before, which used to work all as intended with handsfreelink, and my family member's iPhone 7 Plus also works as intended with handsfreelink. Is it that my Acer Liquid Zest Plus does not have the necessary bluetooth profile/stack to works with Honda's handsfreelink? Is it that handsfreelink proprietary to Honda and uses something unique, as opposed to being a generic bluetooth device of the kind? Is a bluetooth device link this, used by other auto manufacturers, feature the same generic bluetooth thing, or is this something only Holda can possibly answer for me?
Could updating the phone solve this issue? If so, how? I go into Settings -> About phone -> System updates and it tells me that my device is up to date (I did not update it since pulling it out of the box). I notice that it's on Android 6.0 , and a quick Google search showed some discussions that it is highly unlikely that the phone will get newer Android update. The "Android security patch level" shown in "About phone" says December 5, 2016. That's a long time without a security patch. Should I, and is it possible to, update the phone?
I've heard of rooting an Android device and installing custom Roms before. Where can I find a guide for my device and the custom Rom files? I am hoping this might solve my issue with handsfreelink.
I know I am all around the place with my questions, but essentially, the issue I am having is that bluetooth connection to my car's audio system does not work as expected, and I am wondering how I might fix it. I am wondering if an OS update (either official version by manufacturer or a widely-used custom Rom) might solve this issue, or simply adding an extra bluetooth profile to the phone.
A solution would be awesome, but I'd be asking too much if I was hoping for that. Instead, if anyone can just provide me some pointers in terms of how to do research on what I should be doing to solve this, or clarify some concepts (to the extent you can tell I got it wrong from reading this post) for me, it would be really appreciated.
I've already been to Honda's handsfreelink website and Acer's support page for this product and there's nothing helpful there.
Thank you very much.
Click to expand...
Click to collapse
Acer is just the brand and few software smartphonne.they just order big amount of phones and sell them. the phone shows as Shanghai Huaqin Telecom Technology Co.,Ltd),have seen this on my old --vodaphonne-.The only emergenncy update from january 05 2018 and this is as far you go with ACER. YOU will never get any update .The name LIQUID is there PR name of there LAUNCHER,that´s all.ROOTING??? no point,waste of time no one will till today do it. Have the same phone and feel that I did a mistake and lost money.ACER stopped to sell smartphones. If you want to modiffy the phone the LAWNCHAIR launcher is good ,aswell others. But keep in mind that will be always android 6 and no security updates
Freudeauf2 said:
Acer is just the brand and few software smartphonne.they just order big amount of phones and sell them. the phone shows as Shanghai Huaqin Telecom Technology Co.,Ltd),have seen this on my old --vodaphonne-.The only emergenncy update from january 05 2018 and this is as far you go with ACER. YOU will never get any update .The name LIQUID is there PR name of there LAUNCHER,that´s all.ROOTING??? no point,waste of time no one will till today do it. Have the same phone and feel that I did a mistake and lost money.ACER stopped to sell smartphones. If you want to modiffy the phone the LAWNCHAIR launcher is good ,aswell others. But keep in mind that will be always android 6 and no security updates
Click to expand...
Click to collapse
your bluetooth -you have to install a app from third party and then configure the rest in the app and in setting device.Importend timer schould be always set as on in bluetooth .Standard is few minutes.good luck
---------- Post added at 02:23 PM ---------- Previous post was at 02:06 PM ----------
Freudeauf2 said:
your bluetooth -you have to install a app from third party and then configure the rest in the app and in setting device.Importend timer schould be always set as on in bluetooth .Standard is few minutes.good luck
Click to expand...
Click to collapse
To keep all your apps uptodate I use from FDROID app the YALP STORE ,there you can in settings update your system apps,as I sad this is the way as far you go with ACER. Hope it helps
I'm rooted on Pie June update (PQ3B.190605.006) and suffering from infamous "CaptivePortalLogin keeps stopping" issue reported on Reddit ( can't post link due to policy, sorry).
As a temporary solution I use CAPTIVE_PORTAL_MODE_IGNORE in Settings.java to prevent Android from detection of captive portals.
To do that in root shell on device run:
settings put global captive_portal_mode 0
The same could be accomplished over ADB.
After updating that setting I don't get notifications until opening page in browser, which redirects me to the login page of the Wi-Fi provider.
I'm looking for ideas how to make CaptivePortalLogin to work on PQ3B.190605.006 version.
Tried to remove Magisk, reflash clean and replace CaptivePortalLogin in /system/apps with different APK provided here on XDA, sideloaded July PQ3B.190705.003 version, but nothing helped.
SOLUTION: Clean flash of July update PQ3B.190705.003 on both A/B and full factory reset.
my workaround for this is basically turning on airplane mode -> turn on wifi and connect to network -> open browser and load a random page to be redirected to the captive portal.
Did it work with the march version? Looks like even stock phones seem to have a problem with it according to reddit. It worked just fine for me on june when it wasnt rooted..
Thank you so much for workaround! It works.
For your question about March version, I don't have an answer if it worked out of the box, as I didn't try it.
It would be nice to fix CaptivePortalLogin, not sure how to attack it though.
While waiting on support to fix CaptivePortalLogin, I came up with a temporary solution, to avoid a brute force "Airplane mode" method. I decided to use CAPTIVE_PORTAL_MODE_IGNORE in Settings.java to prevent Android from detection of captive portals.
Solution:
in root shell on device run:
settings put global captive_portal_mode 0
The same could be accomplished over ADB.
After updating that setting I don't get notifications until opening page in browser, which redirects me to the login page of the Wi-Fi provider.
I hope someone can benefit from this solution until we get a real fix for CaptivePortalLogin.
I have disabled MAC address randomization in the advanced options of the WiFi network and it seems to solve the issue. Many captive portals use the MAC address to identify the device, so this would be a good explanation of the problem.
Thanks for suggestion. That option was off on my device by default and I didn't play with it. And in my case Captive Portal Login crashed on every network implementation from my corporate one to coffee shop.
R0BiN0705 said:
my workaround for this is basically turning on airplane mode -> turn on wifi and connect to network -> open browser and load a random page to be redirected to the captive portal.
Did it work with the march version? Looks like even stock phones seem to have a problem with it according to reddit. It worked just fine for me on june when it wasnt rooted..
Click to expand...
Click to collapse
This did not help
Still keep getting captiveportal crashed.
Any other suggestions?
Look at my original post or post #4 how to use CAPTIVE_PORTAL_MODE_IGNORE to disable Captive Portal login.
Wow! I am glad I am not the only one experiencing this issue!
I have the google pixel 3a with June security patch and rooted with Magisk via patched boot image.
Im wondering, is this due to Magisk or is this an actual issue with the June 2019 Factory Images/OTA?
Thanks!
djjohnnyblaze said:
Wow! I am glad I am not the only one experiencing this issue!
I have the google pixel 3a with June security patch and rooted with Magisk via patched boot image.
Im wondering, is this due to Magisk or is this an actual issue with the June 2019 Factory Images/OTA?
Thanks!
Click to expand...
Click to collapse
I speculate it's a bug in June update, because it did crash for me with or without Magisk. But on another hand I would expect more activity on this thread if it is a widespread issue.
pasha_d said:
I speculate it's a bug in June update, because it did crash for me with or without Magisk. But on another hand I would expect more activity on this thread if it is a widespread issue.
Click to expand...
Click to collapse
Looked at some threads on Reddit and it seems like even new devices are having this issue.
I don't think anyone knows what's causing it but this is a big deal. What scares me is one thread that said a replacement device works now with June security update. How could this be hardware though? Especially if it was working prior to June 2019 security update ...
The July security patch did not resolve this issue. How do we escalate this?
Issue had already been raised... No fix yet.
https://issuetracker.google.com/issues/135711621
karimski75 said:
Issue had already been raised... No fix yet.
https://issuetracker.google.com/issues/135711621
Click to expand...
Click to collapse
Not sure where they're going to fix it though, maybe in Q only. I'm looking for a fix in Pie.
Here is the post from assigned developer from Google:
vi.. @google.com <vi.. @google.com> #83 Jul 9, 2019 02:26AM
Marked as fixed.
The issue has been fixed and it will become available in a future Android release. Please keep an eye on the release notes(https://developer.android.com/preview/release-notes)
It crashes for me too. Bummer!
Stock and non-rooted.
Pasha_d posted a solution that worked for me. You need to be rooted.
https://forum.xda-developers.com/pixel-3a/help/captiveportallogin-apk-t3940042
Pasha, did you ever find a copy of the March version of the captiveportallogin.apk?
No I didn't. The only ones I found on APK mirror were from February. Nobody replied to my original request here on XDA.
I was able to turn off data. Load a web page and sign in over wifi.
pasha_d said:
No I didn't. The only ones I found on APK mirror were from February. Nobody replied to my original request here on XDA.
Click to expand...
Click to collapse
March apk