Hi everyone,
I apologize if if this is not the appropriate place to post this info, but I thought it would be of interest to some people here. You may have seen stories in the news recently about the privacy-monitoring extension for Android called TaintDroid that was developed by researchers at Penn State, Intel Labs, and Duke University. An excellent summary can be found on Ars Technica.
The reason I'm posting to this forum is that we are proud to have made our source code available last night. If you want to play around with the code, you can find it at the TaintDroid website (search "taintdroid appanalysis"). Along with links to the source code, you will find instructions for getting the code up and running on a Nexus One. We have also set up a Google Group for users who want to discuss anything related to the project.
Our only caveats are that we are merely researchers so 1) you use the code at your own risk, and 2) we do not have the resources to offer proper support. We hope that by releasing the code to the public a self-sustaining community of interested users will form.
We hope that you find our code interesting and useful. Happy hacking!
-landon
Thanks for releasing the code. Look forward to using it on an incredible rom soon.
http://appanalysis.org/tdro1d.html
I'm assuming that's the link. Couple of questions.
1.I see it's on 2.1 rom, does it work with 2.2? Especially as it uses the 2.6.32 kernel.
2.Since the Desire is basically a Nexus One with sense, has it been tested on that platform or with sense?
Thanks for releasing the source and instructions!
This is what Android needs, as Google is not taking good care of the privacy of it's users.
It's impossible to install apps now, because most of them want really wide rights, but you have no idea what they do with those rights.
TaintDroid at least gives a possibility to peek into what is being leaked.
Soon some of the app makers will start to encrypt their calls to try and and mask what they are leaking. If/when this happens, it should be a warning sign to users about that particular app.
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Bash bug
Hello, I just read this article on The Verge: http://www.theverge.com/2014/9/24/6...odays-bash-bug-could-be-breaking-security-for
What could be the implications for Android users?
For example, my phone appears to be vulnerable, according to the test from the article.
I'm using a Samsung Galaxy Express GT-I8730 running latest CyanogenMod 11 (September 21) from http://forum.xda-developers.com/showthread.php?p=53616202#post53616202
Hope this one transcends the conspiracy level as I've not done any background research. Just wanted to share as it seems legitimate. Somewhat older but I guess still valid. Shouldn't all developers move to Replicant or at least close the backdoor mentioned in this article?
https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor
Would it be okay to cross-post an "I'm a dumbass, what do I do now" question here from http://forum.xda-developers.com/htc-one-m8/help/oops-potential-malware-root-privs-s-t2927813 ?
tl;dr- I ran something as root that smells of malware, how do I recover from this? (Good news is that only my system and recovery were unlocked, not the other firmware parts.)
jcase said:
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Click to expand...
Click to collapse
What about Security News related to Android?, Can we share here?
Is asking about security protocols allowed. Xfinity tv will not allow me to mirror to my tv through the app. Security protocols prevent it for some reason. Is there a way around this ? If not it's no big deal
jcase said:
In light of the seriousness of security, I want to keep this forum as clean as possible. I will be working harder in the future to do so.
What belongs:
Discussions of
~ of vulnerabilities & potential vulnerabilities, with detail.
~ of vulnerability research
~ of exploit development
~ of reverse engineering
~ of application security
~ of physical device security
~ of theoretical attacks/vulnerabilities, with detail.
~ any serious security matter
detailed guides on security matters
etc
What does NOT belong:
Copy pasted articles, with no linked source or citation
promotion of apps
promotion of services
simple how to guides (like how to use a VPN on Android)
Questions on how to unlock a device
etc
Absolutely no FUD, nor conspiracy theory posts will be allowed. Please include citations, or strong evidence when making a post that may appear to be FUD or a conspiracy theory type post.
If you have questions as to if a post is appropriate, please either ask in reply to this post, or PM me.
Click to expand...
Click to collapse
Hi jcase,
Could you please tell me if questions about unlocking bootloader are appropriate ?
With my SAMSUNG Galaxy A5 2016 smartphone it's easy to unlock bootloader. I have to click on the appropriate choice in the developper options menu. And you can do that without rooting your device.
With others devices it seems to be less easy. My question in this case is : do we have to root the device to unlock bootloader ?
I hope this question is appropriate in this forum and if not, feel free to clear my post.
Thanks.
iwanttoknow said:
Hi jcase,
Could you please tell me if questions about unlocking bootloader are appropriate ?
With my SAMSUNG Galaxy A5 2016 smartphone it's easy to unlock bootloader. I have to click on the appropriate choice in the developper options menu. And you can do that without rooting your device.
With others devices it seems to be less easy. My question in this case is : do we have to root the device to unlock bootloader ?
I hope this question is appropriate in this forum and if not, feel free to clear my post.
Thanks.
Click to expand...
Click to collapse
Yes they are appropriate, but the answer depends on the device, and firmware
Give it's clearly a fingerprinting issue... can I ask my GSFID questions here?
I have managed to change my supposedly permanent GSF ID (Google services framework ID) without needing to be rooted, specifically so that my phone is less vulnerable to malicious fingerprinting.
Given I realize almost nobody knows how to change the GSF-ID (it took me hours to figure it out but only minutes to perform), I can't really ask this in a general forum (as it's a deep-down security question for people who actually know how Android works and how apps work inside of Android with respect to tracking the user).
Specifically what I don't know is why this unique ID (which uniquely identifies your phone!) isn't supposed to be changed, nor do I know what apps are doing with it - but I do know that it's super freaking important to Android (I can give gory details what happens if/when you change it for example).
It seems only "some" apps (those linked with GSF API's perhaps?) use this supposedly permanent personal tracking ID to watch your activities; but maybe they all do for all I know (I'm not a developer).
I'd like to ask for MORE INFORMATION about how the GSF ID (and perhaps the Android ID too) are used by Android & by apps, but there's almost nothing out there on the Internet about them (ask me how I know this).
Give it's clearly a fingerprinting issue... can I ask my GSF_ID questions here?
I'm confused as I haven't seen an answer and I gave the query above almost a month, so I posted the question here, hoping it will both edify others in security issues (fingerprinting specifically) and help me get the answers.
Hey all. Newb developer alert here. I'm just getting started with app creation using Android Studio on Mac (10.9.5). I would've rather asked this in the appropriate forum, but apparently there's rules against posting for those of us that lurk (less than 10 posts). Just wondering for those that are building apps, are you using a hardware profile for our phone to test with? I'm not seeing anything match when searching for virtual devices to add. Or perhaps you're just using the default Nexus 5 device that ships with the studio software? Does a hardware profile exist anywhere that I could import just so I can see what the app preview looks like before production?
report .php problem on all Samsung android devices. We have a web site for a large senior community and members are not able to open .pdf files that are proceeded with .php in the same link, on Samsung devices. wateroakresidents.com/modules.php? Error message “can not display PDF (modules.php is of invalid format)”. These files open fine on other platforms. Our web host does not have an answer. Because we are a senior community of over 2000 and we would like to make it as easy as possible to open these pdfs.
I don’t know if the Android system could be corrected or you can offer a solution for us that doesn’t require our residents to have to download and load each file.
It is happening on all android Samsung phones and tablets and is not a
problem with other platforms. My Tablet is SM-T530NU, android version
5.0.2, Kernel version [email protected] #1. My samsung phone is
model # SM-S920L. with android version 5.0.2. Other members are having the
same problem with android products.
I use google chrome Version 52.0.2743.116 m (64-bit)
The site producing the error is Water Oak Country Club Estates .>residents
only >WOHOA > board of directors ( or any of the selections) I will supply my user name and password in a private email for testing if needed.
I had originally sent this to code.google.com/p/android/issues, Issue # 221351 in August and just relieved the response below on 12/04/2016:
Sorry, but this website is for developer issues with the AOSP Android source code and the developer toolset. We can't provide help or support for issues with Samsung devices as Samsung has a proprietary version of Android on all their devices - we have no visibility of it. If this is not a problem on other device, then please contact Samsung as they are the only people who can provide support for their devices. Thanks.
Can you please help me get this to the developers that can help me.
Ron Auger
Hi there and welcome to XDA.
I didn't find any info related to your problem, sorry. Try searching about that on Google.
You'll have to create an account to post in the main forums if you have any other questions.
Good luck
Hi everyone!
Just wanted everyone to know that
Team_Astr4y4L Is looking for Beta Testers for several ongoing development projects, including a project aimed at providing a remote FRP bypass service for LG devices !
UPDATE:
the team is having trouble with the dmvarity on the newer builds of android...
Confirmed working for zone3 K4-k121
Believed working for all lollipop roms that are not encrypted,
more testing is needed, and a better means of bypasing or disabling dm-varity with out modifying /boot
FOR NOW WE ARE LOOKING FOR MORE LOLLIPOP DEVICES TO TEST thanks,
The service is hosted at Team_Astr4y4L's website and we are working to extend the service to encompass a larger selection of devices.
For that Purpose We are offering people a chance to be a beta-tester and be one of the first to use the service for Thair particular device.
As I said there are several other projects going into Beta-Test also so if your interested check it out.
A lot of these projects will cost money once the devices and service are considered Proven Stable and working
As a beta tester you get in absolutely free of charge
To Participate you must fill out the beta test request form at our website and if your device isn't supported yet, you're almost guaranteed to get a spot on the crew.
This Thread will be kind of a Support thread for the FRP beta testers and a place to ask questions about the project
here's the link to become a beta tester,
MOD Edit :- Links Removed
I hope this will be mutually helpful for the project and also the Users out there that have run out of options with their FRP locked device
Thanks,
Astr4y4L
Team_Astr4y4L
Hello. I have an LG Aristo (ms210) with September 2017 Security. Is there anyway to bypass frp on it? It is MetroPC with Tmobile but it doesnt running Tmobile anymore, I think.
Thread closed as offsite invitation and there is no beta program available on the link shared as of now.
Thanks
XDA Staff.