Althought Motorola want us to believe the Moto X Play was protected from stagefright vulnerability right after launch, I tested it using Zimperium StageFright Detector and it appears that the phone is still vulnerable. The app is showing CVE 2015-3864 vulnerability as exploitable. On my old Galaxy SIII, I had latest CM12.1 nightly and there was no exploitable vulnerabilities. I guess it will take a while before we can get CM on the Moto X Play.
Same with mine. Arrived on September 2nd, Stagefright is not 100% fixed. The only reason I ordered it were the promises from Motorola that it is fixed on launch.
Besides of this, it does make a difference telling people the phone comes with 16 GB of space and only listing it as 11 GB.
I use Textra for messaging, it has builtin protection.
For now, the issue is non-existant. But yeah, it'd be nice to have something builtin!
It's ok to use alternatives, but as Motorola promises fixed on launch, I want them to fix their build at launch.
I'm not even sure if the fix for CVE 2015-3864 is in the AOSP code for 5.1.1 right now. I know that on CM12.1, we had to wait until mid-august to have all vulnerabilities fully patched.
I should've googled it before, there's a way to patch it and it's on XDA Forum here. Only problem is that, again I don't have enough knowledge to create a custom ROM of our Moto firmware using this patch. Meanwhile, you can use Google Messenger app. It has been updated to avoid downloading automatically video from MMS.
MMS is just an example vector of attack. Stagefright exploits can be used in media played/showed anywhere in the system (email, website, etc.). Having MMS auto download disabled helps a bit, but it's far from being a real solution.
Related
In a previous thread I posted a question about Voice Search which was eventually resolved once I updated to the latest version. Going thru the apps on my Phone I found the following stock to be older than what is available on the market:
1) Google Maps
2) Facebook
3) Voice Search.
and
AT&T Code Scanner (But the update fails with a message about invalid package sign).
I have auto sync on and background data as well but the update was never shown as available and had to got thru most stock apps and verify I have the latest; have you guys seen something like this? If you haven't, check and update the above apps.
Having same issue
I haven't seen a single app update for last 7~8 days.
I used to have a rooted Evo and it was typical to have 1~2 apps that had updates on a daily basis.
Does AT&T have power to restrict updates?
knarfl1 said:
I haven't seen a single app update for last 7~8 days.
I used to have a rooted Evo and it was typical to have 1~2 apps that had updates on a daily basis.
Does AT&T have power to restrict updates?
Click to expand...
Click to collapse
I got an update to Floating Image today. I think it's just that the popular apps in the Android Market are becoming more mature and stable and don't need as many updates as they used to.
Found the same apps had updates available from Market on my Inspire within the first few days after upgrading (picked up on Feb 13th at local AT&T Store). I figured it was the situation of these apps being installed in the factory, then boxed and shipped to stores before updates were available.
Source
Google is rolling out is Android 2.3.6 update for its Nexus S, but you may want to think twice about applying it. According to user reports, the tethering capability has been killed.
The benefits of the update include upgrades for Android's voice search feature as well as security updates. Google did not provide a detailed list of changes and we are still waiting for an update on the Google Mobile blog.
There is a considerable number of users who report that the update may break Wi-Fi and USB tethering, while also not fixing the voice bug. The removal of the feature has not been confirmed by Google, but it appears that users who depend on tethering may want to hold off updating their phones until it is clear whether it is just a bug or if the feature has been removed. It is not a secret that both T-Mobile and AT&T are not crazy about this feature and would rather sell customers a separate tethering package.
Click to expand...
Click to collapse
Android has a very flexible and dynamic software model but it has one critical flaw.
It is very very common for app updates to break applications and once an app is broken by an update there is no recourse. It has happened to me at least 6 times in the last 2 years.
Here is a typical scenario:
1) You have a great app that works perfectly
2) You get a notification that there is an update to this app ..... you install it
3) The app is now broken after the update either it crashes or it fails to do what it supposed to do.
4) At this point you have absolutely no recourse except email the developer or look for an apk
5) Live without the app you bought sometimes for months
This is not an acceptable situation. The Play Store and developer rules need to be changed so that users can revert to the previous version for at least one month after an update. This is a major flaw and why many people are very afraid to update any app.
The worst example is with HTC phones and Google Navigation. Many HTC One S phones have been unable to run Google Navigation after the 4.1.1 update. This problem has been unresolved for almost 8 months .... that's 8 months without the Navigation app and that's a major function of the phone. If you can revert to a version that works this is not a big issue, but that isn't possible. In the end it was easier to get a new phone than address this issue.
I bought a Huawei MediapadM2 8 LTE in December 2015, it never received any Android updates and so is stuck on Lollipop 5.1.1. Given that Google actually releases regular security patches now, is this old version of Android inherently not secure and are there things I should avoid doing with it. The tab itself is great for playing games and media consumption but I have stopped using it for anything where I would need to enter financial information.
https://forum.xda-developers.com/attachment.php?attachmentid=4575649&stc=1&d=1534662898
damole said:
I bought a Huawei MediapadM2 8 LTE in December 2015, it never received any Android updates and so is stuck on Lollipop 5.1.1. Given that Google actually releases regular security patches now, is this old version of Android inherently not secure and are there things I should avoid doing with it. The tab itself is great for playing games and media consumption but I have stopped using it for anything where I would need to enter financial information.
Click to expand...
Click to collapse
The earlier versions of Android are very insecure especially Lollipop with no updates. Even without storing and using the tablet for sensitive information it can still track your media preferences and if infected can record your voice/data or even be used as a gateway to hack other machines (with wifi network or with tethering). Not to worry though you can find a rom for your device or try developing one by yourself this will be a more recent version without all the security holes and has recent updates.
The forum for your device is here
Hi,
First sorry for this vague post. I am on Android since 2012. During 2012-2014 I used to try out lots of custom ROMs as I was in college and I had mobile like Samsung Galaxy S3 and then later Nexus and the OEM abandoned the updates after a while. After that I started working and since then have been on multiple Google line of devices, first Nexus and now my latest is Pixel3. I am generally happy with the phone. However, my Pixel3 stopped receiving updates I started thinking why I should dump this and buy a new one when it's perfectly working fine for my need.
I just came to this site after like ages to see what is the current status of custom ROMs. It seems overwhelmingly new now. I remember back then we had some sharp edges and something or other didn't work. Since then I am more into google ecosystem now. I use google Fi for phone. I like and use most of the google feature. So just wondering what will I lose by moving to custom ROM and am I ready to live without those features or should I just accept that I will not have any updates and if I need the updates I will have to buy a new phone.
I am not much interested into rooting and gaining advanced controls or doing anything extra nerdy. I will be perfectly happy with just getting the security patches and whatever feature is there if they keep working.
1. what are some good custom ROMs popular these days?
2. What are the things I'd lose moving to custom ROM?
3. Does all hardware for ex: Finger print, NFC work?
4. What about google apps, I mostly like all google app like camera, google pay, phone, play store
5. I like the google specific features like call screening and google assistance, google feed. I guess I will lose those.
6. I also use google Fi, can I still use that seamlessly or is there any gotchas I need to be aware of?
7. Is there any other way to keep my phone Googlized and receive security updates. It is totally acceptable if I can get security patches after some delay and not via OTP but have to sideload manually.
r0b0 said:
Hi,
First sorry for this vague post. I am on Android since 2012. During 2012-2014 I used to try out lots of custom ROMs as I was in college and I had mobile like Samsung Galaxy S3 and then later Nexus and the OEM abandoned the updates after a while. After that I started working and since then have been on multiple Google line of devices, first Nexus and now my latest is Pixel3. I am generally happy with the phone. However, my Pixel3 stopped receiving updates I started thinking why I should dump this and buy a new one when it's perfectly working fine for my need.
I just came to this site after like ages to see what is the current status of custom ROMs. It seems overwhelmingly new now. I remember back then we had some sharp edges and something or other didn't work. Since then I am more into google ecosystem now. I use google Fi for phone. I like and use most of the google feature. So just wondering what will I lose by moving to custom ROM and am I ready to live without those features or should I just accept that I will not have any updates and if I need the updates I will have to buy a new phone.
I am not much interested into rooting and gaining advanced controls or doing anything extra nerdy. I will be perfectly happy with just getting the security patches and whatever feature is there if they keep working.
1. what are some good custom ROMs popular these days?
2. What are the things I'd lose moving to custom ROM?
3. Does all hardware for ex: Finger print, NFC work?
4. What about google apps, I mostly like all google app like camera, google pay, phone, play store
5. I like the google specific features like call screening and google assistance, google feed. I guess I will lose those.
6. I also use google Fi, can I still use that seamlessly or is there any gotchas I need to be aware of?
7. Is there any other way to keep my phone Googlized and receive security updates. It is totally acceptable if I can get security patches after some delay and not via OTP but have to sideload manually.
Click to expand...
Click to collapse
1. LineageOS
2. I have not found anything lost.
3. Yes
4. You can download the Google Camera app from the play store. Probably the phone app also, but I have not tried it. Google Pay will require rooting and Universal SafetyNet Fix module.
5. Don't know, as I don't use them.
6. I don't use Fi, but would expect it to work.
7. I'm not aware of any other way, but have not looked. Lineage does everything I need.