Related
Came across this article today claiming most Android devices are at major risk of being hacked does anyone anyone know what this flaw is and how serious it actually is.
Admittedly this news sure is sensationalist.
http://www.news.com.au/technology/hackers-can-control-almost-all-android-phones/story-e6frfro0-1226674770520
Some security company or other has been saying that for a long time - Android is a security risk... If the problem was a real danger then Thank you BlueBox security for telling all those people so inclined about the exploit... Good job....
They mention 1 Android device that has been fixed but don't say which one.
Considering this is from a "mobile security company" I'm sure they'll release a fix you can pay for in due course, if you're so inclined...
ultramag69 said:
Some security company or other has been saying that for a long time - Android is a security risk... If the problem was a real danger then Thank you BlueBox security for telling all those people so inclined about the exploit... Good job....
They mention 1 Android device that has been fixed but don't say which one.
Considering this is from a "mobile security company" I'm sure they'll release a fix you can pay for in due course, if you're so inclined...
Click to expand...
Click to collapse
S4 is the device..
Anyway, in a theory is something else than in a practice. They didnt either mention that you dont get it from Google Play or apps in Google Play. They are just fishing headlines, imho.
What i understood, you need to allow an app installation from unkown sources and go there to get a package to install. How many of us do that? The real problem is in Asia/East and among users who use unofficial 3rd party market places for example...
I could also write a headline "100% of users having smart devices are in risk to get a trojan, virus etc." and it's even true! Of course Blueboxs news is abit different but still.. But it is good, anyway, that people find vulnerabilities, especially before criminals find them. Bluebox is doing right but the announcement was a bit odd, i quess..
enigma_x said:
What i understood, you need to allow an app installation from unknown sources and go there to get a package to install. How many of us do that?
Click to expand...
Click to collapse
I'd guess that more than a few folks side load the latest Adobe Flash Player version and may download apps from Amazon and/or ROMs from Sammobile. Pretty sure these sites would get classified as Unknown Sources.
Hi there.
Just in case you missed it...Good news for everyone.
Since HackingTeam was hacked (and their source code was leaked) we all can root our devices like they used to do with their spy tool (they were able to root all devices included those with sepolicy enabled)
The exploits are publicly available (with the source code) hey devs, take a look.
https://github.com/hackedteam/core-android-native
Systems affected:
http://www.cvedetails.com/cve/2014-3153
http://www.cvedetails.com/cve/CVE-2013-6282
it's just a matter of time and a new wave of "rooting tools" will come out....
meanwhile do not update your systems 'cause the patches will roll out very quickly, I suppose.:laugh::laugh::laugh:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
Yeah, I guess not seeing the years 2013/2014 in the links wasn't obvious enough...someone just wants views/thanks..
tabp0le said:
If I'm not mistaken, towelroot already covered those CVEs didn't it?
Click to expand...
Click to collapse
towelroot was only one of the three exploits (+1 for the selinux injection).
The futex and put_user ones are brand new. moreover, in the code, you can see more hacks targeted at samsung devices AND knox.
Will Huawei mate 9 support which android oreo's feature project treble?
Sent from my MHA-L29 using Tapatalk
Don't count on it. They already removed the stock ROM images from the official downloads page. Seems Huawei is moving towards more closed source, and I don't think they care about updates.
arminbih said:
Don't count on it. They already removed the stock ROM images from the official downloads page. Seems Huawei is moving towards more closed source, and I don't think they care about updates.
Click to expand...
Click to collapse
thats horrible bs on huaweis part. huawei is legally obligated to release all sources since they use android. google should really enforce the gpl on all oems. project treble would fix huaweis **** software problem.
sadly it seems that everyone who owns a huawei device is either brainwashed or a shill because they seem to be okay with using old outdated software without the possibility of having an update.
i hope huawei does grow here in the US. it might lead to some kind of legal action against them for not releasing sources. if anything it could result in some kind of small payday for not complying.
btw, doesnt anyone care about longevity? many phones are being released with 6GBs of RAM and very fast processors nowadays. these can last years with proper software updates. why upgrade hardware when all that is needed is newer software?
droidbot1337 said:
thats horrible bs on huaweis part. huawei is legally obligated to release all sources since they use android. google should really enforce the gpl on all oems. project treble would fix huaweis **** software problem.
sadly it seems that everyone who owns a huawei device is either brainwashed or a shill because they seem to be okay with using old outdated software without the possibility of having an update.
i hope huawei does grow here in the US. it might lead to some kind of legal action against them for not releasing sources. if anything it could result in some kind of small payday for not complying.
btw, doesnt anyone care about longevity? many phones are being released with 6GBs of RAM and very fast processors nowadays. these can last years with proper software updates. why upgrade hardware when all that is needed is newer software?
Click to expand...
Click to collapse
Not all. They just need to release the kernel source. Which they have (though it breaks the stock camera app...).
The firmware/updates are up to them.
And for your question, I'm just speculating here, but they'd not make any money at all if they release one phone then keep updating it for a few years.
Custom roms is the reason many old devices are still being used. That and some people are cheap and don't care about security. Or they just can't afford a new phone every year.
They've publicly made a commitment to prompt OS and monthly security updates going forward within the last month. They've pledged Oreo in December.
They have made a commitment to be one of the first manufacturers to adopt Project treble. Project Treble is confirmed, and they have promised it for all devices going forward.
I realize this is an old thread now, but this still I suppose could be of use for someone so I'll leave it up.
Project Treble
bunt1691 said:
They've publicly made a commitment to prompt OS and monthly security updates going forward within the last month. They've pledged Oreo in December.
They have made a commitment to be one of the first manufacturers to adopt Project treble. Project Treble is confirmed, and they have promised it for all devices going forward.
I realize this is an old thread now, but this still I suppose could be of use for someone so I'll leave it up.
Click to expand...
Click to collapse
Project Treble is mandatory from Android 8 on according to Google (for devices shipping with Oreo), and from the manifest.xml in the Huawei Oreo update it is fully enabled in the upcoming Oreo releases. This is going to make updates and custom roms a lot easier as long as they don't rely on custom kernels and low level libraries. Treble will insulate the Android framework from the low level stuff. They have already built booting AOSP Android from Google ASOP sources (using the Huawei Oreo kernel). According to Google, implementing treble will enable phone manufacturers to update Android without having to update kernels and low level SoC stuff it will be a while before there are any AOSP based custom ROMs, but with project treble it sure will be a bunch easier
Sources
droidbot1337 said:
thats horrible bs on huaweis part. huawei is legally obligated to release all sources since they use android. google should really enforce the gpl on all oems. project treble would fix huaweis **** software problem.
sadly it seems that everyone who owns a huawei device is either brainwashed or a shill because they seem to be okay with using old outdated software without the possibility of having an update.
i hope huawei does grow here in the US. it might lead to some kind of legal action against them for not releasing sources. if anything it could result in some kind of small payday for not complying.
btw, doesnt anyone care about longevity? many phones are being released with 6GBs of RAM and very fast processors nowadays. these can last years with proper software updates. why upgrade hardware when all that is needed is newer software?
Click to expand...
Click to collapse
First off, the only source that Huawei is "legally" obligated to provide is there source for Android itself, which is and always has been freely available, they are not obligated to release source for any of their libraries or drivers. Anything having to do with the hardware is closed source and will probably remain that way. Old outdated software? On a phone that has only been out a year you must be kidding, there are phones or there that are still shipping with Android 6 (KitKat). At least Huawei will be one of the quicker phone manufacturers at rolling out Oreo to their devices, even on some of their older devices, I've had the other major manufacturers phones and they are not any better at updates than Huawei, worse on major updates actually as their updates have to get bounced back and forth between carrier and manufacturer before finally getting pushed to the user. If you're so unhappy with your device and it's **** software as you put it, sell the damn thing and buy a Samsung or LG.
https://www.xda-developers.com/stock-android-oreo-huawei-mate-9-project-treble/
hi,
I would really appreciate if someone could help answer these two questions for me :
1. I have to revert back to marshmallow from nougat, to use xprivacy with better compatibility. But the security patch of custom roms are not latest, mostly '16.
Is it something to look out for, security wise?
2. Are open source apps actually secure as compared to closed source ones? Yes their code is open but I heard they are more vulnerable to attacks. Please enlighten me.
Thanks.
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
juniecho said:
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
Click to expand...
Click to collapse
Thanks pal.
juniecho said:
1. newer version of os is better prepared against attacks, but marshmallow is good enough for NOW. in the future marshmallow will become not good enough.
2. it depends how well the app/code is maintained. open source means revealing more attack vectors to an malicious attacker, however it also means broader chance for the good guys to review code and find security holes and patch them before bad guys uses the security holes. more developer involved = better security generally. same principle goes to closed source code; more developers paid by the company who is responsible for the code generally means better security. thus it is not a matter of source being open or closed; it is a matter of how many active people are involved in maintaining the code and how much effort is made in keeping the code secure.
Click to expand...
Click to collapse
shadowbone said:
Thanks pal.
Click to expand...
Click to collapse
Just be careful of what u doing and always be update your latest security patch and android.
Sent from my Pixel 2 XL using Tapatalk
JohnMichaelCost said:
Just be careful of what u doing and always be update your latest security patch and android.
Click to expand...
Click to collapse
Thank you for your advice But thing is cm13 for my device has its last security patch from dec 2016. And lineage OS 14.1 has latest security patch, but lacks xposed stability, especially for xprivacy, the one I need the most( because I am on No Gapps). So, that's the confusion I have.
And I completely go along with your words of being careful with what I do with my device.
After moving into a NoGapps environment I mostly use open source apps except for 2 or 3 apps whose functionality are not found in any apps on FOSS. Yet those apps from play store themselves have google analytics and measurement services in them. For a privacy freak like me, it is intimidating, I guess.
To be honest open source apps are just as secure as closed Sourced apps. The reason being is very few people are looking at either for security exploits. As for the security updates that is a personal choice. I don't put much worth to them as they are exploits that have been around since the beginning and Google is just pushing patches so they appear to be worried about security. Kinda funny coming from a company that makes its money from collecting and using personal data
zelendel said:
To be honest open source apps are just as secure as closed Sourced apps. The reason being is very few people are looking at either for security exploits. As for the security updates that is a personal choice. I don't put much worth to them as they are exploits that have been around since the beginning and Google is just pushing patches so they appear to be worried about security. Kinda funny coming from a company that makes its money from collecting and using personal data
Click to expand...
Click to collapse
Ooo.... Interesting. I didn't look at it in that perspective (regarding google and its patches). :laugh:
shadowbone said:
Ooo.... Interesting. I didn't look at it in that perspective (regarding google and its patches). :laugh:
Click to expand...
Click to collapse
Sounds familiar "android vs ios" sorry i mean open vs closed sources, the cloesd sources is very hard part for security longntime to hacked & hard finding the source "pay developer just like Apple"
Android other hand is open source is very cool unlike "cloesd sources" is updated everyday and developer are fighting against hackers to does not hacked the source
I will not to worried. Look my screen shot.
JohnMichaelCost said:
Sounds familiar "android vs ios" sorry i mean open vs closed sources, the cloesd sources is very hard part for security longntime to hacked & hard finding the source "pay developer just like Apple"
Android other hand is open source is very cool unlike "cloesd sources" is updated everyday and developer are fighting against hackers to does not hacked the source
I will not to worried. Look my screen shot.
Click to expand...
Click to collapse
Um not its not. Android isnt open source. Only AOSP is open source and that comes preloaded on 0 devices. Everything else is closed sourced. Even Google uses closed sourced files for their devices.
Also no one is looking at open source apps. Developers dont care about open source apps. As there is no money to be made from open source apps.
As for your screen shots. They mean nothing really as any hack would bypass it as it would happen when you are using the device. A perfect example is a built in screen recorder that then loads the videos up into a server when the device is asleep (Xiaomi is known for doing this)
Mobile security really is a myth. If someone wants your info (they really dont. They couldnt care less as your personal info is worth less then nothing) they can get it from social media sites easy enough.
zelendel said:
Um not its not. Android isnt open source. Only AOSP is open source and that comes preloaded on 0 devices. Everything else is closed sourced. Even Google uses closed sourced files for their devices.
Also no one is looking at open source apps. Developers dont care about open source apps. As there is no money to be made from open source apps.
As for your screen shots. They mean nothing really as any hack would bypass it as it would happen when you are using the device. A perfect example is a built in screen recorder that then loads the videos up into a server when the device is asleep (Xiaomi is known for doing this)
Mobile security really is a myth. If someone wants your info (they really dont. They couldnt care less as your personal info is worth less then nothing) they can get it from social media sites easy enough.
Click to expand...
Click to collapse
you're right. Android security So really is nothing special in fact.
May i ask you about Xiaomi why they are doing this ? And google vs AOSP ?
JohnMichaelCost said:
you're right. Android security So really is nothing special in fact.
May i ask you about Xiaomi why they are doing this ? And google vs AOSP ?
Click to expand...
Click to collapse
They are required to by the Chinese government. I take it you don't know much about how they do things. Here is a fast run down. China requires all data from its citizens to be monitored and recorded. This is part of the reason for China's great firewall. When people buy devices made for China this is something that happens.
As for Google vs aosp. Think about it this way. Why would you buy a pixel device is you can get all the same features from aosp? No money to be made there so not good business. Yes Google pushes a lot to aosp. But it is getting less and less. Heck even the base aosp apps have not gotten any real updates in years. Google wants you to use their closed Sourced apps. Allo, duo, Gmail, contacts, phone etc. If it wasn't for 3rd party developers like the ones here aosp apps would still be bare bones.
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
shadowbone said:
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
Click to expand...
Click to collapse
Just not to be worried about hacking our phone. Developer of app/google/aosp/etc. here to save us from hackers in fact maybe.....
But as for root,CFW,etc they doesn't hooked even you have gapp.
But hacking WiFi WAP so... i don't worries, just i said earlier "be careful what you doing" remember that.
If you need very privacy like "donald trump" [emoji13] so vpn your phone install x private and cover with your camera, encryption your phone and always be updated your apps/security patch and android of course.
Sent from my Pixel XL using XDA-Developers Legacy app
shadowbone said:
I second your view zelendel. Although, I have to ask, not that I don't understand your valuable thoughts you posted before, but..
Now that more and more vulnerabilities are brought to light these days like the blueborne or KRACK, and google or devs here, for that matter, pushes security patches to fend against these vulnerabilities. Would you say extending privacy capabilities using root and xposed tools and some common sense while using apps , should suffice against threats of these sorts?
Edit : nvm. Got hold of the desired ROM with latest patch. Thanks for your input guys.
Click to expand...
Click to collapse
To be honest if I was really worried about security then root would be out of the question as it opens up doors that can be exploited. An example is a root binary that was found to work so it auto granted root to every app and removed the logs of it doing so.
The KRACK vulnerability is a whole other thing as patching a device is pointless if the router you are connecting to is not patched.
Just use common sense really. As long as Android pushes a lot of code open source there will always be issues like this that pop up. (its soo much easier to find exploits when you have access to all the code. And before you say it, no not as many people are looking for security threats as people think)
Thanks you guys for your valuable advice's. I'll make sure to keep a watch out. :good:
(might be this is off topic but i need your help guys)
Hi guys i need your help with my Old nexus 5 (stock never did ctf or rooted) and mtk phone as a same problem.
In google camera when I video mode it crash even open it please help me.
Nexus 5 and mtk phone are running both android 6.0 stock.
Any idea what happened ?
JohnMichaelCost said:
(might be this is off topic but i need your help guys)
Hi guys i need your help with my Old nexus 5 (stock never did ctf or rooted) and mtk phone as a same problem.
In google camera when I video mode it crash even open it please help me.
Nexus 5 and mtk phone are running both android 6.0 stock.
Any idea what happened ?
Click to expand...
Click to collapse
Have a take a look.
JohnMichaelCost said:
Have a take a look.
Click to expand...
Click to collapse
I'm not sure. Are you using official/stock build or some ported apk?
shadowbone said:
I'm not sure. Are you using official/inbuilt build or some ported apk?
Click to expand...
Click to collapse
Ok.. but thanks anyway is working again.....
i am officially build.
Sent from my Pixel XL using XDA-Developers Legacy app
JohnMichaelCost said:
Ok.. but thanks anyway is working again.....
i am officially build.
Sent from my Pixel XL using XDA-Developers Legacy app
Click to expand...
Click to collapse
You are Gonna have to run a logcat to find out. Chances are if you are not rooted or been messing around then it will be hard are.
Hello,
today morning I saw this on Reddit: https://www.reddit.com/r/Xiaomi/com...e_to/?utm_medium=android_app&utm_source=share
I don't know if it's true or not, but I wanted to share it ?
I posted this also in the Global Telegram group, but I got banned I don't know why, but it doesn't matter ?
Edt: Here's the direct link to MiCommunity: https://c.mi.com/thread-2830599-1-0.html?utm_source=share&utm_medium=twitter
The phone launched with Oreo (and it's an Android one phone)
They must update to Android 10 like the A2 (must get at least 3 years of security updates) the A2 lite launched the same day as the A2
U can be calm about it and don't believe the chat support?
I personally dont care what call center says. But if its true Xiaomi will lose our and Google's respect. That means they will join Huawei ban caravan. Another reason for Xiaomi ban. Xiaomi doesnt want ban, arent you Xiaomi?
Usual clueless support staff. I'm sure we'll get the update... probably after A3, so march (...?)
If you look at the screenshot, "Xiaomi support dude" is saying that Mi A2 will get Android 10 within this week (written at 22 Jan 2020). I might be mistaken but, considering that Mi A2 got the update about two weeks ago, we can conclude that Xiaomi support dudes know nothing at all lol.
Time to go custom rom if this is true.
C'mon guys. I know we're all tired of waiting but we all should know by now that Xiaomi support has no more information than we have.
We will get the 10 update either way we don't know when
The guy is clearly clueless. Speaking to Xiaomi reps on chat is like trying to measure both position and speed of a subatomic particle: The indetermination principle forbids you from gathering all the relevant information at once .
The A2 Android 10 update got pulled out last week, since it was less than half baked, and it was causing a plethora of different issues. It should be resuming now. This obviously impacts us, since the small number of developers Xiaomi devotes to the A1 program can barely deal with the issues of cooking a ROM for one device at the time. On top of that, most of the Xiaomi guys on chat don't even have a clue of the difference between MIUI and Android One.
So let's all calm down here, and wait until they consider the A2 issues solved. I for one know I won't be Guinea pigging for Xiaomi, and will surely wait a couple of weeks after they release the A10 OTA to update my device.
00norman00 said:
Hello,
today morning I saw this on Reddit: https://www.reddit.com/r/Xiaomi/com...e_to/?utm_medium=android_app&utm_source=share
I don't know if it's true or not, but I wanted to share it ?
I posted this also in the Global Telegram group, but I got banned I don't know why, but it doesn't matter ?
Edt: Here's the direct link to MiCommunity: https://c.mi.com/thread-2830599-1-0.html?utm_source=share&utm_medium=twitter
Click to expand...
Click to collapse
It has to get Android 10 by the rules of Android one. Xiaomi can't break the rules
https://www.notebookcheck.net/Xiaom...-Lite-after-just-one-OS-upgrade.451259.0.html
xbs said:
https://www.notebookcheck.net/Xiaom...-Lite-after-just-one-OS-upgrade.451259.0.html
Click to expand...
Click to collapse
Clickbait
slimshady76 said:
Clickbait
Click to expand...
Click to collapse
No, it's actually really good that someone is writing about it. If nothing, it will get some views and might grab attention of some bigger media causing bigger impact. It's a shame that you can get Q up and running from community members that don't get anything from it and do it in their free time but the manufacturer fails to do so. Community ROMs might not be perfect, but stock is neither.
Noam5651 said:
The phone launched with Oreo (and it's an Android one phone)
They must update to Android 10 like the A2 (must get at least 3 years of security updates) the A2 lite launched the same day as the A2
U can be calm about it and don't believe the chat support
Click to expand...
Click to collapse
In theory, yes, but Google also agreed it's up to the manufacturers, so, if they behave like they did with other devices in the past, they might not bring an update to Android 10, only giving security patches.
FRibeiro1400 said:
In theory, yes, but Google also agreed it's up to the manufacturers, so, if they behave like they did with other devices in the past, they might not bring an update to Android 10, only giving security patches.
Click to expand...
Click to collapse
Not in a theory. Xiaomi signed agreement.
Xiaomi have no excuse!
The agreement is to provide monthly updates for at least 3 years.
Can't find anywhere that they are obligated to upgrade two Android versions.
xbs said:
The agreement is to provide monthly updates for at least 3 years.
Can't find anywhere that they are obligated to upgrade two Android versions.
Click to expand...
Click to collapse
Where did you look at.
perfect_ said:
Where did you look at.
Click to expand...
Click to collapse
Google Android One.
andraslate said:
Google Android One.
Click to expand...
Click to collapse
Link
"With monthly security updates** and Google Play Protect integrated, Android One phones are among the most secure."
"** Confirm exact duration of support for phones in your territory with smartphone manufacturer. Monthly security updates to be supported for at least 3 years after initial phone release."
Source: https://www.android.com/one/
xbs said:
"With monthly security updates** and Google Play Protect integrated, Android One phones are among the most secure."
"** Confirm exact duration of support for phones in your territory with smartphone manufacturer. Monthly security updates to be supported for at least 3 years after initial phone release."
Source: https://www.android.com/one/
Click to expand...
Click to collapse
There is a difference between looking and seeing.