[LOTK]Android Terms,Slang,Definitions & Laiman Terms Android Guides UPDATED! 07/26/13
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
1 OF 12 PAGES...
Watch these informative videos and start reading....
Contents:
Page 1:Terms,Slang & Definitions
Page 2:Governors Explained
Page 3:Android Versions
Page 4:Laiman Terms Android Guides
Page 5:Laiman Terms Android Guides Continued...
Page 6:Terms,Slang & Definitions Continued...
Page 7:Android Permissions & Security Explained...
Page 8:Android Permissions & Security Explained Continued...
Page 9:Android Permissions & Security Explained Continued...
Page 10:Laiman Terms Android Guides Continued...
Page 11:Terms,Slang & Definitions Continued...
Page 12:Laiman Terms Android Guides Continued...
Page 13:Laiman Terms Android Guides Continued...
Author Comments:
I figured i would post this thread to help all of the new members and experienced alike,understand the Android slang,there are actually a few i did'nt know the meaning of until i made this thread.I have compiled most of the terms,definitions and slang i could dig up,if theres anything i missed,let me know and i will add it to the thread,otherwise i will update this thread as new slang,terms and definitions are presented to me.
If you would like to learn more about this and other great Android learning,go over to XDA-University and learn how to set-up and use the android environment.
Apps2SD:A method of storing applications and cache on the device's microSD card.
ADB:Android Debug Bridge (adb) is a versatile command line tool that lets you communicate with an emulator instance or connected Android-powered device. It is a client-server program that includes three components:
•A client, which runs on your development machine. You can invoke a client from a shell by issuing an adb command. Other Android tools such as the ADT plugin and DDMS also create adb clients.
•A server, which runs as a background process on your development machine. The server manages communication between the client and the adb daemon running on an emulator or device.
•A daemon, which runs as a background process on each emulator or device instance.
Android:A Linux-based operating system for mobile devices such as HTC EVO.Versions are alphabetically codenamed after snacks: Donut, Eclair, Froyo, Gingerbread, Honeycomb, Ice Cream Sandwich, Jelly Donut.
AMOLED:Active Matrix Organic Light Emitting Diode. Basically, a very colorful, bright, display found in some smartphones.
APK:Android application package file. Each Android application is compiled and packaged in a single file that includes all of the application's code (.dex files), resources, assets, and manifest file. The application package file can have any name but must use the .apk extension. For example: myExampleAppname.apk. For convenience, an application package file is often referred to as an ".apk".
Alpha:The alpha phase of the release life cycle is the first phase to begin software testing (alpha is the first letter of the Greek alphabet, used as the number 1). In this phase, developers generally test the software using white box techniques. Additional validation is then performed using black box or gray box techniques, by another testing team. Moving to black box testing inside the organization is known as alpha release.[1]
Alpha software can be unstable and could cause crashes or data loss. The exception to this is when the alpha is available publicly (such as a pre-order bonus), in which developers normally push for stability so that their testers can test properly. External availability of alpha software is uncommon in proprietary software. However, open source software, in particular, often have publicly available alpha versions, often distributed as the raw source code of the software.
The alpha phase usually ends with a feature freeze, indicating that no more features will be added to the software. At this time, the software is said to be a feature complete.
Boot Animation:Boot animation is a term for a graphical representation of the boot process of the operating system.
Boot animation can be a simple visualisation of the scrolling boot messages in the console, but it can also present graphics or some combinations of both.
Unlike splash screens, boot screen or boot animation is not necessarily designed for marketing purposes, but can be to enhance the experience of the user as eye candy, or provide the user with messages (with an added advantage of color coding facility) to diagnose the state of the system.
Bootloader:This small program's only job is to load other data and programs which are then executed from RAM.Often, multiple-stage boot loaders are used, during which several programs of increasing complexity load one after the other in a process of chain loading.
Bootloop:When your system recycles over and over without entering the main OS.
Beta: is the software development phase following alpha. It generally begins when the software is feature complete. Software in the beta phase will generally have many more bugs in it than completed software, as well as speed/performance issues. The focus of beta testing is reducing impacts to users, often incorporating usability testing. The process of delivering a beta version to the users is called beta release and this is typically the first time that the software is available outside of the organization that developed it.
The users of a beta version are called beta testers. They are usually customers or prospective customers of the organization that develops the software, willing to test the software without charge, often receiving the final software free of charge or for a reduced price.
Beta version software is often useful for demonstrations and previews within an organization and to prospective customers. Some developers refer to this stage as a preview, prototype, technical preview (TP), or early access.
Some software is kept in perpetual beta—where new features and functionality is continually added to the software without establishing a firm "final" release.
CPU:It stands for Central Processing Unit and handles all the complex mathematical formulas necessary to do everyday things like surfing the Internet.
Custom:Independent developers who like to customize their devices beyond the standard options provided often tend to release the fruits of their labor for the rest to enjoy, in form of custom ROMs.
Cache:A component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. If requested data is contained in the cache (cache hit), this request can be served by simply reading the cache, which is comparatively faster. Otherwise (cache miss), the data has to be recomputed or fetched from its original storage location, which is comparatively slower. Hence, the greater the number of requests that can be served from the cache, the faster the overall system performance becomes.
CDMA:Mobile phone standards called cdmaOne, CDMA2000 (the 3G evolution of cdmaOne) and WCDMA (the 3G standard used by GSM carriers), which are often referred to as simply CDMA, and use CDMA as an underlying channel access method.
CIQ:Carrier IQ. A piece of preinstalled software that runs with elevated access in the background of portable devices by default and records everything. Potentially can be exploited to steal information.
Dual Core:A dual core processor is a central processing unit (CPU) that has two separate cores on the same die, each with its own cache. It essentially is two microprocessors in one. This type of CPU is widely available from many manufacturers. Other types of multi-core processors also have been developed, including quad-core processors with four cores each, hexa-core processors with six, octa-core processors with eight and many-core processors with an even larger number of cores.
Dalvik:The Android platform's virtual machine. The Dalvik VM is an interpreter-only virtual machine that executes files in the Dalvik Executable (.dex) format, a format that is optimized for efficient storage and memory-mappable execution.
Dalvik Cache:Writable cache that contains the optimized bytecode of all apk files (apps) on your Android device. Having the information in it's own cache makes applications load faster and perform better.
EXT.(Extended File System):The extended file system, or ext, was implemented in 1992 as the first file system created specifically for the Linux kernel. It has metadata structure inspired by the traditional Unix File System and was designed by Rémy Card. It was the first implementation that used the virtual file system and it could handle file systems up to 2 gigabytes in size.
The ext2, ext3 and ext4 file systems were all derived from this one. Most ext discussions center around ext3 and ext4 in the Android world.
ext3 is a journaled file system that is commonly used by the Linux kernel. Its main advantage over ext2 is journaling, which improves reliability and eliminates the need to check the file system after an unclean shutdown. Generally, ext3 is slower than competing Linux filesystems, such as ext4, JFS, ReiserFS and XFS, but it has a significant advantage in that it allows in-place upgrades from ext2 without having to back up and restore data. Benchmarks suggest that ext3 also uses less CPU power than ReiserFS and XFS. It is also considered safer than the other Linux file systems, due to its relative simplicity and wider testing base. ext3 does not do checksumming when writing to the journal and if the hardware is doing out-of-order write caching, you run the risk of severe filesystem corruption during a crash.
ext4 was created as a series of backward compatible extensions to ext3. In January 2010, Google announced that it would upgrade its storage infrastructure from ext2 to ext4. In December 2010, they also announced they would use ext4, instead of YAFFS, on Android. The ext4 advantages include large file system support, extents, persistent pre-allocation and journal checksumming.
FC/FC's:Short for "force close," meaning an app that has crashed.
Fastboot:A diagnostic protocol used primarily to modify the flash filesystem in Android smartphones from another computer over a USB connection. It is part of the Android Debug Bridge library.
Utilizing the Fastboot protocol requires that the device be started in a boot loader or Second Program Loader mode in which only the most basic hardware initialization is performed. After enabling the protocol on the device itself it will accept any command sent to it over USB via a command line. Some of most commonly used fastboot commands include:
•flash - Overwrites a partition in flash with a binary image stored on the host computer.
•erase - Erases a partition in flash.
•reboot - Reboots the device into the either the main operating system or the system recovery partition.
•devices - Displays a list of all devices (with Serial #) connected to the host computer.
Flashing:The ROM memory used in smartphones and tablets etc. is often same as flash memory found in SD cards and USB flash drives, simply optimized for better speed and performance while running the operating system.
Hotspot:A spot that offers Internet access over a wireless local area network through the use of a router connected to a link to an Internet service provider. Hotspots typically use Wi-Fi technology.You can connect wifi campatible devices to it.
HDMI:High-Definition Multimedia Interface) is a compact audio/video interface for transmitting encrypted uncompressed digital data.It is a digital alternative to consumer analog standards, such as radio frequency (RF) coaxial cable, composite video, S-Video, SCART, component video, D-Terminal, or VGA (also called D-sub or DE-15F). HDMI connects digital audio/video sources (such as set-top boxes, DVD players, HD DVD players, Blu-ray Disc players, AVCHD camcorders, personal computers (PCs), video game consoles (such as the PlayStation 3 and Xbox 360), AV receivers, tablet computers, and mobile phones) to compatible digital audio devices, computer monitors, video projectors, and digital televisions.
Hboot:It’s mainly responsible for checking and initializing the hardware and starting the phone’s software. It can also be used for flashing official software releases, as well as a few other things. HBoot can be compared to the BIOS on a computer.
HAVS:a control system that dynamically adjusts the voltage based on CPU load. This has proven to be a battery saver, but it can actually have the opposite effect when multiple control systems are operating (like setCPU).
JIT:The Just-in-Time Compiler. Released with Android 2.2, it's a method of greatly speeding up apps in Android on the software side.
Kang:Someone writes a code,someone else modifies the code to make their own release,its concidered a kang release.
Kernel:A kernel is a layer of code that allows the OS and applications to interface with your phone's hardware. The degree in which you can access your phone's hardware features depends on the quality of code in the kernel. The homebrew (rooting) community for HTC has made several kernel code improvements that give us additional features from our hardware that the stock kernel does not. When you flash a custom ROM, you automatically get a kernel. But you can also flash a standalone kernel ROM on top of the existing one, effectively overwriting it. These days, the difference in custom kernels is less about new features and more about alternate configurations. Choosing a custom kernel is basically choosing one that works best with your ROM.
Launcher:Collectively, the part of the Android user interface on home screens that lets you launch apps, make phone calls, etc. Is built in to Android, or can be purchased in the Android Market.
LCD Density:Pixel density is a measurement of the resolution of devices in various contexts; typically computer displays, image scanners, and digital camera image sensors.
First of all you need to understand that the Android User Interface uses something called a "display independent pixel" or a "dip" (yes, it's confusing because the density settings are in "dots per inch" or "dpi" which are considered the same as "ppi" or "pixels per inch" as well).
The default LCD Density setting on Android is 160 dpi. As far as the operating system is concerned 1 dip @ 160 dpi = 1 screen pixel. It doesn't mean that's actually true, but you've gotta start somewhere. In my opinion it would have been a lot nicer if they'd chosen 100 dpi because then it would be an easy percentage thing, but they didn't so we're stuck with this formula.
Mod:The act of modifying a piece of hardware or software or anything else for that matter, to perform a function not originally conceived or intended by the designer.
NILFS:(New Implementation of a Log-structured File System) is a log-structured file system for Linux. It is being developed by Nippon Telegraph and Telephone Corporation (NTT) CyberSpace Laboratories. It uses a copy-on-write technique known as "nothing in life is free", NILFS records all data in a continuous log-like format that is only appended to, never overwritten, a design intended to reduce seek times, as well as minimize the kind of data loss that occurs after a crash with conventional file systems. For example, data loss occurs on ext3 file systems when the system crashes during a write operation. When the system reboots, the journal notes that the write did not complete, and any partial data writes are lost. NILFS also includes fast write and recovery times, minimal damage to file data and system consistency on hardware failure, 32-bit checksums, etc.
Android kernels do not routinely include NILFS although mods to make it available can be found.
Nandroid:Nandroid is used to backup or restore backups from Recovery. You can chose to either do a regular backup (Phone only) or a backup + sd-ext (Phone + Apps2sd ext.)Both will backup your whole system, the second will include apps saved on your sdcard’s sd-ext.
Nightly:A build that is performed at the end of each day of development. If you use a continuous integration server, it will generally be configured to build the code and run the unit tests on every check in. At the end of each day you may want to run more extensive tests, regression test and integration tests for example, which take too long to run on each check in and these would be triggered after the nightly build. If you have a full continuously delivery pipeline the nightly build may also be used to deploy the built code to environments for user testing.
OpenGL ES:Android provides OpenGL ES libraries that you can use for fast, complex 3D images. It is harder to use than a Canvas object, but better for 3D objects. The android.opengl and javax.microedition.khronos.opengles packages expose OpenGL ES functionality.
Open & Closed Beta:Developers release either a closed beta or an open beta; closed beta versions are released to a select group of individuals for a user test and are invitation only, while open betas are from a larger group to the general public and anyone interested. The testers report any bugs that they find, and sometimes suggest additional features they think should be available in the final version.
Overclock:To increase the speed of your CPU.
Partition:The phone's internal memory (not the SD card) is solid-state (flash) memory, AKA NAND. It can be partitioned much like a normal hard drive can be partitioned. The bootloader exists in its own partition. Recovery is another partition; radio, system, cache, etc are all partitions.
Here are the standard partitions on an Android phone:
/misc - not sure what this is for.
/boot - bootloader, kernel
/recovery - holds the recovery program (either clockworkmod or RA recovery for a rooted Evo)
/system - operating system goes here: Android, Sense, boot animation, Sprint crapware, busybox, etc
/cache - cached data from OS usage
/data - user applications, data, settings, etc.
The below partitions are not android-specific. They are tied to the hardware of the phone, but the kernel may have code allowing Android to interact with said hardware.
/radio - the phone's radio firmware, controls cellular, data, GPS, bluetooth.
/wimax - firmware for Sprint's flavor of 4G, WiMax.
PRL:The Preferred Roaming List, basically a way of telling your phone which towers to connect to first.
RUU:a complete software package released by HTC, it can contain many things they are trying to update. Radio, ROM, bootloader, etc... Installing an ruu is like installing an image on a hard drive it wipes the phone and installs the image. It will wipe everything data and all so if you install one be prepared.
Recovery:The recovery partition is a boot-mode for your phone that allows you to wipe your settings from the Data partition of the phone (a hard wipe), or perform an update using an update.zip file on the root of the microSD card. It is common (although not necessary) to flash a patched Recovery image, such as TWRP or ClockworkMod Recovery. This allows you to run Nandroid backup from the device, and flash modifications, such as files to the device, essentially becoming a means to install software to the device. Recovery mode is separate from ‘normal’ mode, and can be entered by holding down home whilst turning the phone on.
Rom/Firmware:Read-Only Memory and technically speaking, it refers to the internal storage of a device, which is supposed to contain the operating system instructions that needn’t be modified at all during the device’s normal operation.
Radios:On the HTC side of things,the radios persist of:
•WiFi, which operates at 2.4-5ghz depending on what channel it's running
•Cellular/3G, which carries voice and data
•4G/WiMAX, which only carries data
•GPS, which is receive-only
•Bluetooth, which talks to WiiMotes and headsets
Flashing a radio means updating the code that controls the phones way of sending and recieving a signal.
Ram:(Random Access Memory) A group of memory chips, typically of the dynamic RAM (DRAM) type, which function as the computer's primary workspace. When personal computers first came on the market in the late 1970s, 64KB (64 kilobytes) of RAM was the upper limit. Today, 64MB (64 megabytes) of SDRAM is entry level for a desktop computer, a thousand times as much (see SDRAM).
The "random" in RAM means that the contents of each byte of storage in the chip can be directly accessed without regard to the bytes before or after it. This is also true of other types of memory chips, including ROMs and PROMs. However, unlike ROMs and PROMs, RAM chips require power to maintain their content, which is why you must save your data onto disk before you turn the computer off. To learn about the types of RAM chips and how to upgrade your memory, see memory module. To learn how memory is used to process data, see computer or memory. See also dynamic RAM and static RAM.
Root:The first level of a folder.
Rooting:A process allowing users of mobile phones, tablet PCs, and other devices running the Android operating system to attain privileged control (known as "root access") within Android's subsystem. Rooting is often performed with the goal of overcoming limitations that carriers and hardware manufacturers put on some devices, resulting in the ability to alter or replace system applications and settings, run specialized apps that require administrator-level permissions, or perform other operations that are otherwise inaccessible to a normal Android user. Rooting is analogous to jailbreaking devices running the Apple iOS operating system or the Sony PlayStation 3. On Android, rooting can also facilitate the complete removal and replacement of the device's operating system.
SBC:(the ability to charge your battery beyond the default safe limit). The concept is similar to overclocking a processor: you're overriding the safety limits established to achieve additional performance. The benefit here is that you may gain more use of your battery per charge. The drawback is that you can damage the battery and significantly reduce its longevity. Some kernels claim they are using a safe technique to prevent battery damage. Just be aware of the potential risks.
Sideloading:It means installing applications without using the official Android Market.
Splash Screen:A splash screen is an image that appears while android is loading.Splash screens cover the entire screen or simply a rectangle near the center of the screen. The splash screens of operating systems and some applications that expect to be run full-screen usually cover the entire screen.
Superuser/SU:On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor.
Normal work on such a system is done using ordinary user accounts, and because these do not have the ability to make system-wide changes any viruses and other malware - or simple user errors - do not have the ability to adversly affect a whole system. In organizations, administrative privileges are often reserved for authorized experienced individuals.
Script:The Scripting Layer for Android (abridged as SL4A, and previously named Android Scripting Environment or ASE) is a library that allows the creation and running of scripts written in various scripting languages directly on Android devices. SL4A is designed for developers and is still alpha quality software.
These scripts have access to many of the APIs available to normal Java Android applications, but with a simplified interface. Scripts can be run interactively in a terminal, in the background, or via Locale.
SDK:(SDK or "devkit") is typically a set of software development tools that allows for the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar platform.
Stock:This is the operating system in its default form, without any modifications made to it except for any device-specific support required to run it on the particular device.
S-On:Security on,means no acces to the phones operating system.
S-Off:Security was exploited,now have access to the operating system.
Tethering:Means sharing the Internet connection of an Internet-capable mobile phone with other devices. This sharing can be offered over a wireless LAN (Wi-Fi), Bluetooth, or by physical connection using a cable. In the case of tethering over wireless LAN, the feature may be branded as a mobile hotspot.The Internet-connected mobile phone acts as a portable router when providing tethering services to others.
Userspace(Governor):This governor, exceptionally rare for the world of mobile devices, allows any program executed by the user to set the CPU's operating frequency. This governor is more common amongst servers or desktop PCs where an application (like a power profile app) needs privileges to set the CPU clockspeed.
Underclock:To reduce the speed of your CPU.
Undervolt:Undervolting means taking some of the voltage from the CPU which in return gives a longer battery life and lower temperature during intensive use of the CPU.
USB:Stands for Universal Serial Bus. Is a method of connecting devices to a computer. Most smartphones now use microUSB cables to charge and sync.
Updater Script:When Android devices install updates via 'update.zip' files using recovery mode they have to perform a wide range of functions on files and permissions. Instead of using a minimal shell such as {b,d,c}sh the Android designers decided to create a small functional language that can be extended by device manufacturers if necessary. Since the Android "Donut" release (v1.6) the scripting language is called Edify and is defined primarily in the bootable/recovery/{edify,edifyscripting,updater} directories of the Android source-code tree.
Wireless N:Wireless N technology increases wireless internet connection. Wireless 'N' routers also work with Wireless 'G' and 'B' wireless adapters.
WiiMax:(Worldwide Interoperability for Microwave Access) is a communication technology for wirelessly delivering high-speed Internet service to large geographical areas.
CONTINUED ON PAGE 2...
Page 3:Android Versions
CONTINUED FROM PAGE 2
3 OF 10 PAGES...
1.0:Android 1.0, the first commercial version of the software, was released on 23 September 2008.The first Android device, the HTC Dream (G1), incorporated the following Android 1.0 features:
•Android Market application download and updates through the Market app
•Web browser to show, zoom and pan full HTML and XHTML web pages – multiple pages show as windows ("cards")
•Camera support – however this version lacked the option to change the camera's resolution, white balance, quality, etc.
•Folders allowing the grouping of a number of app icons into a single folder icon on the Home screen.
•Access to web email servers, supporting POP3, IMAP4, and SMTP.
•Gmail synchronization with the Gmail app
•Google Contacts synchronization with the People app
•Google Calendar synchronization with the Calendar app
•Google Maps with Latitude and Street View to view maps and satellite imagery, as well as find local business and obtain driving directions using GPS
•Google Sync, allowing management of over-the-air synchronization of Gmail, People, and Calendar
•Google Search, allowing users to search the Internet and phone apps, contacts, calendar, etc
•Google Talk instant messaging
•Instant messaging, text messaging, and MMS
•Media Player, enabling management, importing, and playback of media files – however, this version lacked video and stereo Bluetooth support
•Notifications appear in the Status bar, with options to set ringtone, LED or vibration alerts
•Voice Dialer allows dialing and placing of phone calls without typing a name or number
•Wallpaper allows the user to set the background image or photo behind the Home screen icons and widgets
•YouTube video player
•Other apps include: Alarm Clock, Calculator, Dialer (Phone), Home screen (launcher), Pictures (Gallery), and Settings.
•Wi-Fi and Bluetooth support
1.1:On 9 February 2009, the Android 1.1 update was released, initially for the T-Mobile G1 only. The update resolved bugs, changed the API and added a number of other features:
•Details and reviews available when a user searches for businesses on Maps
•Longer in-call screen timeout default when using the speakerphone, plus ability to show/hide dialpad
•Ability to save attachments in messages
•Support added for marquee in system layouts
Cupcake:On 30 April 2009, the Android 1.5 update, dubbed Cupcake, was released, based on Linux kernel 2.6.27.The update included several new features and UI amendments:
•Support for third-party virtual keyboards with text prediction and user dictionary for custom words
•Support for Widgets - miniature application views that can be embedded in other applications (such as the Home screen) and receive periodic updates
•Video recording and playback in MPEG-4 and 3GP formats
•Auto-pairing and stereo support for Bluetooth added (A2DP and AVRCP profiles)
•Copy and paste features added to web browser
•User pictures shown for Favorites in Contacts
•Specific date/time stamp shown for events in call log, and one-touch access to a contact card from call log event
•Animated screen transitions
•Ability to upload videos to YouTube
•Ability to upload photos to Picasa
Donut:On 15 September 2009, the Android 1.6 SDK – dubbed Donut – was released, based on Linux kernel 2.6.29.Included in the update were numerous new features:
•Voice and text entry search enhanced to include bookmark history, contacts, and the web
•Ability for developers to include their content in search results
•Multi-lingual speech synthesis engine to allow any Android application to "speak" a string of text
•Easier searching and ability to view app screenshots in Android Market
•Gallery, camera and camcorder more fully integrated, with faster camera access
•Ability for users to select multiple photos for deletion
•Updated technology support for CDMA/EVDO, 802.1x, VPNs, and a text-to-speech engine
•Support for WVGA screen resolutions
•Speed improvements in searching and camera applications
•Expanded Gesture framework and new GestureBuilder development tool
Eclair:On 26 October 2009, the Android 2.0 SDK – codenamed Eclair – was released, based on Linux kernel 2.6.29.Changes included:
•Expanded Account sync, allowing users to add multiple accounts to a device for email- and contact-synchronization
•Exchange email support, with combined inbox to browse email from multiple accounts in one page
•Bluetooth 2.1 support
•Ability to tap a Contacts photo and select to call, SMS, or email the person
•Ability to search all saved SMS and MMS messages, with delete oldest messages in a conversation automatically deleted when a defined limit is reached
•Numerous new camera features, including flash support, digital zoom, scene mode, white balance, color effect and macro focus
•Improved typing speed on virtual keyboard, with smarter dictionary that learns from word usage and includes contact names as suggestions
•Refreshed browser UI with bookmark thumbnails, double-tap zoom and support for HTML5
•Calendar agenda view enhanced, showing attending status for each invitee, and ability to invite new guests to events
•Optimized hardware speed and revamped UI
•Support for more screen sizes and resolutions, with better contrast ratio
•Improved Google Maps 3.1.2
•MotionEvent class enhanced to track multi-touch events
•Addition of live wallpapers, allowing the animation of home-screen background images to show movement
2.0.1:The Android 2.0.1 SDK was released on 3 December 2009.It was a minor platform release deployable to Android-powered handsets, including minor API changes, bug fixes and framework behavioral changes
2.1:The 2.1 SDK was released on 12 January 2010.It was a minor platform release deployable to Android-powered handsets, including minor amendments to the API and bug fixes.
Froyo:On 20 May 2010, the Android 2.2 (Froyo) SDK was released, based on Linux kernel 2.6.32.Its features included:
•Speed, memory, and performance optimizations
•Additional application speed improvements, implemented through JIT compilation
•Integration of Chrome's V8 JavaScript engine into the Browser application
•Support for the Android Cloud to Device Messaging (C2DM) service, enabling push notifications
•Improved Microsoft Exchange support, including security policies, auto-discovery, GAL look-up, calendar synchronization and remote wipe
•Improved application launcher with shortcuts to Phone and Browser applications
•USB tethering and Wi-Fi hotspot functionality
•Added an option to disable data access over mobile network
•Updated Market application with batch and automatic update features
•Quick switching between multiple keyboard languages and their dictionaries
•Voice dialing and contact sharing over Bluetooth
•Support for Bluetooth-enabled car and desk docks
•Support for numeric and alphanumeric passwords
•Support for file upload fields in the Browser application
•Support for installing applications to the expandable memory
•Adobe Flash support
•Support for extra-high-PPI screens (320 ppi), such as 4" 720p
•Gallery allows users to view picture stacks using a zoom gesture
2.2.1:The Android 2.2.1 update was released on 18 January 2011, and included a number of bug fixes, security updates, and performance improvements.
2.2.2:The Android 2.2.2 update was released on 22 January 2011, and fixed minor bugs, including SMS routing issues that affected the Nexus One.
2.2.3:The Android 2.2.3 update was released on 21 November 2011, and consisted of two security patches.
Gingerbread:On 6 December 2010, the Android 2.3 (Gingerbread) SDK was released, based on Linux kernel 2.6.35.Changes included:
•Updated user interface design with increased simplicity and speed
•Support for extra-large screen sizes and resolutions (WXGA and higher)
•Native support for SIP VoIP internet telephony
•Faster, more intuitive text input in virtual keyboard, with improved accuracy,better suggested text and voice input mode
•Enhanced copy/paste functionality, allowing users to select a word by press-hold, copy, and paste
•Support for Near Field Communication (NFC), allowing the user to read an NFC tag embedded in a poster, sticker, or advertisement
•New audio effects such as reverb, equalization, headphone virtualization, and bass boost
•New Download Manager, giving users easy access to any file downloaded from the browser, email, or another application
•Support for multiple cameras on the device, including a front-facing camera, if available
•Support for WebM/VP8 video playback, and AAC audio encoding
•Improved power management with a more active role in managing apps that are keeping the device awake for too long
•Enhanced support for native code development
•Switched from YAFFS to ext4 on newer devices
•Audio, graphical, and input enhancements for game developers
•Concurrent garbage collection for increased performance
•Native support for more sensors (such as gyroscopes and barometers)
2.2.3:Released on 9 February 2011, Android 2.3.3 included several improvements and API fixes
2.3.4:Version 2.3.4 introduced support for voice or video chat using Google Talk.
2.3.5:Released on 25 July 2011, Android 2.3.5 included a number of system enhancements:
•Improved network performance for the Nexus S 4G, among other fixes and improvements
•Fixed Bluetooth bug on Samsung Galaxy S
•Improved Gmail application
•Shadow animations for list scrolling
•Camera software enhancements
•Improved battery efficiency
2.3.6:Released on 2 September 2011, this version fixed a voice search bug. The 2.3.6 update had the side-effect of impairing the Wi-Fi hotspot functionality of many Canadian Nexus S phones. Google acknowledged this problem and fixed it in late September.
2.3.7:Android 2.3.7 introduced Google Wallet support for the Nexus S 4G.
Honeycomb:On 22 February 2011, the Android 3.0 (Honeycomb) SDK – the first tablet-only Android update – was released, based on Linux kernel 2.6.36.The first device featuring this version, the Motorola Xoom tablet, was released on 24 February 2011.Changes included:
•Optimized tablet support with a new virtual and “holographic” user interface
•Added System Bar, featuring quick access to notifications, status, and soft navigation buttons, available at the bottom of the screen
•Added Action Bar, giving access to contextual options, navigation, widgets, or other types of content at the top of the screen
•Simplified multitasking – tapping Recent Apps in the System Bar allows users to see snapshots of the tasks underway and quickly jump from one app to another
•Redesigned keyboard, making typing fast, efficient and accurate on larger screen sizes
•Simplified, more intuitive copy/paste interface
•Multiple browser tabs replacing browser windows, plus form auto-fill and a new “incognito” mode allowing anonymous browsing
•Quick access to camera exposure, focus, flash, zoom, front-facing camera, time-lapse, and more
•Ability to view albums and other collections in full-screen mode in Gallery, with easy access to thumbnails for other photos
•New two-pane Contacts UI and Fast Scroll to let users easily organize and locate contacts
•New two-pane Email UI to make viewing and organizing messages more efficient, allowing users to select one or more messages
•Support for video chat using Google Talk
•Hardware acceleration
•Support for multi-core processors
•Ability to encrypt all user data
3.1:The 3.1 SDK was released on 10 May 2011.Changes included:
•UI refinements
•Connectivity for USB accessories
•Expanded Recent Apps list
•Resizable Home screen widgets
•Support for external keyboards and pointing devices
•Support for joysticks and gamepads
•Support for FLAC audio playback
•High-performance Wi-Fi lock, maintaining high-performance Wi-Fi connections when device screen is off
•Support for HTTP proxy for each connected Wi-Fi access point
3.2:The 3.2 SDK was released on 15 July 2011,first appearing on Huawei's MediaPad tablet.Changes included:
•Improved hardware support, including optimizations for a wider range of tablets
•Increased ability of apps to access files on the SD card, e.g. for synchronization
•Compatibility display mode for apps that have not been optimized for tablet screen resolutions
•New display support functions, giving developers more control over display appearance on different Android devices
3.2.1:The Android 3.2.1 update was released on 20 September 2011, and included a number of amendments:
•Bug fixes and minor security, stability and Wi-Fi improvements
•Update to Android Market with automatic updates and easier-to-read Terms and Condition text
•Update to Google Books
•Improved Adobe Flash support in browser
•Improved Chinese handwriting prediction
3.2.2:The 3.2.2 update was released on 30 August 2011, and included bug fixes and other minor improvements for the Motorola Xoom 4G.
Ice Cream Sandwhich:Android 4.0 – codenamed Ice Cream Sandwich, and based on Linux kernel 3.0.1– was previewed at the May 2011 Google I/O event,and officially launched at the Galaxy Nexus and Ice Cream Sandwich release event on 19 October 2011.
•Enhanced speed and performance
•Virtual buttons in the UI, in place of capacitive or physical buttons
•Separation of widgets in a new tab, listed in a similar manner to apps
•Easier-to-create folders, with a drag-and-drop style
•A customizable launcher
•Improved visual voicemail with the ability to speed up or slow down voicemail messages
•Pinch-to-zoom functionality in the calendar
•Offline search, a two-line preview, and new action bar at the bottom of the Gmail app
•Ability to swipe left or right to switch between Gmail conversations
•Integrated screenshot capture (accomplished by holding down the Power and Volume-Down buttons)
•Improved error correction on the keyboard
•Ability to access apps directly from lock screen (similar to HTC Sense 3.x)
•Improved copy and paste functionality
•Better voice integration and continuous, real-time speech to text dictation
•Face Unlock, a feature that allows users to unlock handsets using facial recognition software
•New tabbed web browser, allowing up to 16 tabs
•Automatic syncing of browser with users' Chrome bookmarks
•A new typeface family for the UI, Roboto
•Data Usage section in settings that lets users set warnings when they approach a certain usage limit, and disable data use when the limit is exceeded
•Ability to shut down apps that are using data in the background
•Improved camera app with zero shutter lag, time lapse settings, panorama mode, and the ability to zoom while recording
•Built-in photo editor
•New gallery layout, organized by location and person
•Refreshed "People" app with social network integration, status updates and hi-res images
•Android Beam, a near-field communication feature allowing the rapid short-range exchange of web bookmarks, contact info, directions, YouTube videos and other data
•Hardware acceleration of the UI
•Resizeable widgets – already part of Android 3.1 for tablets, but new for cellphones
•Wi-Fi Direct
•1080p video recording for stock Android devices
4.0.2:The Android 4.0.2 update was released on 28 November 2011,and fixed minor bugs on the Verizon Galaxy Nexus,the US launch of which was later delayed until December 2011.
4.0.3:The Android 4.0.3 update was first released on 16 December 2011.It included a number of bug fixes and optimizations, and offered improvements to graphics, databases, spell-checking and Bluetooth functionality,along with new APIs for developers,including a social stream API in the Contacts provider. Other features included Calendar provider enhancements, new camera apps enhancing video stabilization and QVGA resolution, and accessibility refinements such as improved content access for screen readers.
4.1 Jelly Bean:The report also mentions some interesting features that originally planned in the presence of ice Cream Sandwich is likely to be postponed and will be displayed on the jelly bean.
Reportedly,this is because these features are not ready until it came time to release the ice cream sandwiches.Google itself has not confirmed anything regarding this information.
Android 4.1, Jelly Bean, is the fastest and smoothest version of Android yet. Jelly Bean improves on the simplicity and beauty of Android 4.0, and introduces a new Google search experience on Android.
Jelly Bean features improved performance throughout the system, including faster orientation changes, faster responses when switching between recent apps, and smoother and more consistent rendering across the system through vsync and triple buffering.
Jelly Bean has more reactive and uniform touch responses, and makes your device even more responsive by boosting your device's CPU instantly when you touch the screen, and turns it down when you don't need it to improve battery life.
MIUI
(pronounced "Me You I", a play on the common abbreviation of the words user interface as UI),developed by Xiaomi Tech, is an aftermarket firmware for cell phones based on the open-source Android operating system. It features a heavily-modified user interface that does away with the Android app drawer and has drawn comparisons with Apple's iOS.It includes additional functionality not found in stock Android, including toggles on the notification pull-down, new music, gallery, and camera apps, and an altered phone dialer that displays matching contacts as a user enters a number.
MIUI is based on Android 2.3.7 and CyanogenMod 7.1 sources, and was initially developed in the Chinese language by Chinese startup Xiaomi.Xiaomi added a number of apps to enhance the basic framework; those include MITalk (a Blackberry Messenger clone),MINotes,MIBackup,MIMusic,and MIGallery.MIUI is made up of two parts, MI and UI, where UI stands for User Interface and MI, as stated by Xiaomi CEO Lei Jun, stands for Mobile Internet and Mission Impossible.
The modified operating system has been criticized for being similar to iOS.Due to the fact that MIUI is developed in China, some features that are not relevant to the Chinese market, such as WiMax support, are unavailable on MIUI, and without access to the source code, it is not possible for 3rd parties to easily add this support.
AOSP
The Android Open Source Project (AOSP) is led by Google, and is tasked with the maintenance and development of Android.According to the project "The goal of the Android Open Source Project is to create a successful real-world product that improves the mobile experience for end users."AOSP also maintains the Android Compatibility Program, defining an "Android compatible" device "as one that can run any application written by third-party developers using the Android SDK and NDK", to prevent incompatible Android implementations.The compatibility program is also optional and free of charge, with the Compatibility Test Suite also free and open-source.
Sense
HTC Sense is a graphical user interface developed by HTC Corporation for mobile devices running Android, Brew and Windows Mobile.Based on the TouchFLO 3D design,HTC has referred to HTC Sense as both a user interface in itself and also as a user experience layer on top of TouchFLO 3D.Announced June 24, 2009, the first phone running Android to feature HTC Sense was the HTC Hero,and the first Windows Phone to feature HTC Sense (an updated TouchFLO) was the HTC HD2,announced October 6, 2009.
At the Mobile World Congress 2010, HTC showed their new updated HTC Sense UI to debut on the HTC Desire and HTC Legend, with an upgrade available for the Hero and Magic. The new version is based upon Android 2.1 and has new interface features such as the Friend Stream widget (which aggregates all Twitter, Facebook and Flickr information) and Leap, which allows access to all the home screens at once.
Smartphones including the HTC EVO 3D and the HTC Sensation feature HTC Sense 3.0, which has major visual and functional changes to HTC Sense, including a new lock screen which allows users to access their favorite applications directly. Only HTC Sensation and later devices will run HTC Sense 3.0, but older devices will still get some of the new features from HTC Sense 3.0 via an over-the-air update.[citation needed]
While the Windows Mobile version of Sense is the successor to TouchFLO 3D, with information featured on separate tabs, the Android version presents information through Android desktop widgets and applications, and includes launcher, app drawer, and lock screen replacements.
Cyanogenmod:is an open source replacement firmware for smart phones and tablet computers based on the Android mobile operating system. It offers features and options not found in the official firmware distributed by vendors of these devices.
Features supported by CyanogenMod include native theming support, FLAC audio codec support, a large Access Point Name list, an OpenVPN client, an enhanced reboot menu, support for Wi-Fi, Bluetooth, and USB tethering, CPU overclocking and other performance enhancements, soft buttons and other "tablet tweaks", toggles in the notification pull-down (such as Wi-Fi, Bluetooth and GPS), app permissions management, as well as other interface enhancements. According to its developers, CyanogenMod does not contain spyware or bloatware.CyanogenMod is also stated to increase performance and reliability compared with official firmware releases.
CyanogenMod is developed as free and open source software based on the official releases of Android by Google, with added original and third-party code.
Although only a subset of total CyanogenMod users elect to report their use of the firmware, as of 24 August 2012, CyanogenMod has recorded over 3.1 million installs on a multitude of devices.
AOKP:AOKP stands for Android Open Kang Project. It is a custom ROM distribution for many Android devices. The name is a play on the word “kang” and AOSP (Android Open Source Project). The name was sort of a joke, but it just stuck, just like our infatuation with unicorns.
AOKP Versions
We have two different kinds of releases — Builds and Milestones. Builds are considered “nightlies” — they are released usually every week or two (sometimes even sooner, if there are any major bugs to fix). We have no set release schedule, we release Builds and Milestones as we feel they are ready.
Milestones: Most stable releases.
Builds: Newest releases with bleeding edge features and code.
Pacman:Paranoid + Aokp + Cyanogen = PACman
ROMs are compiled from source for Xperia Ray which is a msm7x30 device and is ported to Doubleshot [Mytouch 4g Slide] . This is a minimal port but with a lot of work done. It is still based on AOSP+CM source codes. The ROM packs all the tweaks from the three super ROMs into one.
4.2:Google was expected to announce Jelly Bean 4.2 at an event in New York City on 29 October 2012, but the event was cancelled due to Hurricane Sandy.Instead of rescheduling the live event, Google announced the new version with a press release, under the slogan "A new flavor of Jelly Bean". The first devices to run Android 4.2 were LG's Nexus 4 and Samsung's Nexus 10, which were released on 13 November 2012.
Android 4.2 takes the speed and simplicity of Jelly Bean to a different level – a completely new camera experience that’s beyond smart, a new form of typing that helps you power through your messages, and much more.
CONTINUED ON PAGE 4...
Page 2:Terms,Slang & Definitions(Governors Explained)
CONTINUED FROM PAGE 1
2 OF 10 PAGES...
Baseband: is an adjective that describes signals and systems whose range of frequencies is measured from close to 0 hertz to a cut-off frequency, a maximum bandwidth or highest signal frequency; it is sometimes used as a noun for a band of frequencies starting close to zero. Baseband can often be considered a synonym to lowpass or non-modulated, and antonym to passband, bandpass, carrier-modulated or radio frequency (RF).
Brazilianwax(Governor):Similar to smartassV2. More aggressive ramping, so more performance, less battery
BFS:Brain Fxck Scheduler for Linux was created by veteran kernel programmer Con Kolivas and has been reported to improve responsiveness on light-NUMA (non-uniform memory access) Linux mobile devices and desktop computers with fewer than 16 cores.
Conservative(Governor):This biases the phone to prefer the lowest possible clockspeed as often as possible. In other words, a larger and more persistent load must be placed on the CPU before the conservative governor will be prompted to raise the CPU clockspeed. Depending on how the developer has implemented this governor, and the minimum clockspeed chosen by the user, the conservative governor can introduce choppy performance. On the other hand, it can be good for battery life.
The Conservative Governor is also frequently described as a "slow OnDemand," if that helps to give you a more complete picture of its functionality.
Governor:It controls the speed of the CPU.
Hotplug(Governor):The Hotplug governor performs very similarly to the OnDemand governor, with the added benefit of being more precise about how it steps down through the kernel's frequency table as the governor measures the user's CPU load. However, the Hotplug governor's defining feature is its ability to turn unused CPU cores off during periods of low CPU utilization. This is known as "hotplugging."
Intellidemand(Governor):Intellidemand aka Intelligent Ondemand from Faux is yet another governor that's based on ondemand. Unlike what some users believe, this governor is not the replacement for OC Daemon (Having different governors for sleep and awake). The original intellidemand behaves differently according to GPU usage. When GPU is really busy (gaming, maps, benchmarking, etc) intellidemand behaves like ondemand. When GPU is 'idling' (or moderately busy), intellidemand limits max frequency to a step depending on frequencies available in your device/kernel for saving battery. This is called browsing mode. We can see some 'traces' of interactive governor here. Frequency scale-up decision is made based on idling time of CPU. Lower idling time (<20%) causes CPU to scale-up from current frequency. Frequency scale-down happens at steps=5% of max frequency. (This parameter is tunable only in conservative, among the popular governors)
To sum up, this is an intelligent ondemand that enters browsing mode to limit max frequency when GPU is idling, and (exits browsing mode) behaves like ondemand when GPU is busy; to deliver performance for gaming and such. Intellidemand does not jump to highest frequency when screen is off.
Interactive(Governor):Much like the OnDemand governor, the Interactive governor dynamically scales CPU clockspeed in response to the workload placed on the CPU by the user. This is where the similarities end. Interactive is significantly more responsive than OnDemand, because it's faster at scaling to maximum frequency.
Unlike OnDemand, which you'll recall scales clockspeed in the context of a work queue, Interactive scales the clockspeed over the course of a timer set arbitrarily by the kernel developer. In other words, if an application demands a ramp to maximum clockspeed (by placing 100% load on the CPU), a user can execute another task before the governor starts reducing CPU frequency. This can eliminate the frequency bouncing discussed in the OnDemand section. Because of this timer, Interactive is also better prepared to utilize intermediate clockspeeds that fall between the minimum and maximum CPU frequencies. This is another pro-battery life benefit of Interactive.
However, because Interactive is permitted to spend more time at maximum frequency than OnDemand (for device performance reasons), the battery-saving benefits discussed above are effectively negated. Long story short, Interactive offers better performance than OnDemand (some say the best performance of any governor) and negligibly different battery life.
Interactive also makes the assumption that a user turning the screen on will shortly be followed by the user interacting with some application on their device. Because of this, screen on triggers a ramp to maximum clockspeed, followed by the timer behavior described above.
InteractiveX(Governor):Created by kernel developer "Imoseyon," the InteractiveX governor is based heavily on the Interactive governor, enhanced with tuned timer parameters to better balance battery vs. performance. The InteractiveX governor's defining feature, however, is that it locks the CPU frequency to the user's lowest defined speed when the screen is off.
Lionheart(Governor):Lionheart is a conservative-based governor which is based on samsung's update3 source.
The tunables (such as the thresholds and sampling rate) were changed so the governor behaves more like the performance one, at the cost of battery as the scaling is very aggressive.
LionheartX(Governor):LionheartX is based on Lionheart but has a few changes on the tunables and features a suspend profile based on Smartass governor.
Lazy(Governor):This governor from Ezekeel is basically an ondemand with an additional parameter min_time_state to specify the minimum time CPU stays on a frequency before scaling up/down. The Idea here is to eliminate any instabilities caused by fast frequency switching by ondemand. Lazy governor polls more often than ondemand, but changes frequency only after completing min_time_state on a step overriding sampling interval. Lazy also has a screenoff_maxfreq parameter which when enabled will cause the governor to always select the maximum frequency while the screen is off.
Lagfree(Governor):Lagfree is similar to ondemand. Main difference is it's optimization to become more battery friendly. Frequency is gracefully decreased and increased, unlike ondemand which jumps to 100% too often. Lagfree does not skip any frequency step while scaling up or down. Remember that if there's a requirement for sudden burst of power, lagfree can not satisfy that since it has to raise cpu through each higher frequency step from current. Some users report that video playback using lagfree stutters a little.
Min Max(Governor Speeds):Well this governor makes use of only min & maximum frequency based on workload... no intermediate frequencies are used.
OnDemand(Governor):This governor has a hair trigger for boosting clockspeed to the maximum speed set by the user. If the CPU load placed by the user abates, the OnDemand governor will slowly step back down through the kernel's frequency steppings until it settles at the lowest possible frequency, or the user executes another task to demand a ramp.OnDemand has excellent interface fluidity because of its high-frequency bias, but it can also have a relatively negative effect on battery life versus other governors. OnDemand is commonly chosen by smartphone manufacturers because it is well-tested, reliable, and virtually guarantees the smoothest possible performance for the phone. This is so because users are vastly more likely to ***** about performance than they are the few hours of extra battery life another governor could have granted them.
This final fact is important to know before you read about the Interactive governor: OnDemand scales its clockspeed in a work queue context. In other words, once the task that triggered the clockspeed ramp is finished, OnDemand will attempt to move the clockspeed back to minimum. If the user executes another task that triggers OnDemand's ramp, the clockspeed will bounce from minimum to maximum. This can happen especially frequently if the user is multi-tasking. This, too, has negative implications for battery life.
OndemandX(Governor):Basically an ondemand with suspend/wake profiles. This governor is supposed to be a battery friendly ondemand. When screen is off, max frequency is capped at 500 mhz. Even though ondemand is the default governor in many kernel and is considered safe/stable, the support for ondemand/ondemandX depends on CPU capability to do fast frequency switching which are very low latency frequency transitions. I have read somewhere that the performance of ondemand/ondemandx were significantly varying for different i/o schedulers. This is not true for most of the other governors. I personally feel ondemand/ondemandx goes best with SIO I/O scheduler.
Performance(Governor):This locks the phone's CPU at maximum frequency. While this may sound like an ugly idea, there is growing evidence to suggest that running a phone at its maximum frequency at all times will allow a faster race-to-idle. Race-to-idle is the process by which a phone completes a given task, such as syncing email, and returns the CPU to the extremely efficient low-power state. This still requires extensive testing, and a kernel that properly implements a given CPU's C-states (low power states).
Powersave(Governor):The opposite of the Performance governor, the Powersave governor locks the CPU frequency at the lowest frequency set by the user.
Smoothass(Governor):The same as the Smartass “governor” But MUCH more aggressive & across the board this one has a better battery life that is about a third better than stock KERNEL
SavagedZen(Governor):Another smartassV2 based governor. Achieves good balance between performance & battery as compared to brazilianwax.
Smartass(Governor):Its based on the concept of the interactive governor.
I have always agreed that in theory the way interactive works – by taking over the idle loop – is very attractive. I have never managed to tweak it so it would behave decently in real life. Smartass is a complete rewrite of the code plus more. I think its a success. Performance is on par with the “old” minmax and I think smartass is a bit more responsive. Battery life is hard to quantify precisely but it does spend much more time at the lower frequencies.
Smartass will also cap the max frequency when sleeping to 352Mhz (or if your min frequency is higher than 352 – why?! – it will cap it to your min frequency). Lets take for example the 528/176 kernel, it will sleep at 352/176. No need for sleep profiles any more!"
SmartassV2(Governor):Version 2 of the original smartass governor from Erasmux. Another favorite for many a people. The governor aim for an "ideal frequency", and ramp up more aggressively towards this freq and less aggressive after. It uses different ideal frequencies for screen on and screen off, namely awake_ideal_freq and sleep_ideal_freq. This governor scales down CPU very fast (to hit sleep_ideal_freq soon) while screen is off and scales up rapidly to awake_ideal_freq (500 mhz for GS2 by default) when screen is on. There's no upper limit for frequency while screen is off (unlike Smartass). So the entire frequency range is available for the governor to use during screen-on and screen-off state. The motto of this governor is a balance between performance and battery.
Scary(Governor):A new governor wrote based on conservative with some smartass features, it scales accordingly to conservatives laws. So it will start from the bottom, take a load sample, if it's above the upthreshold, ramp up only one speed at a time, and ramp down one at a time. It will automatically cap the off screen speeds to 245Mhz, and if your min freq is higher than 245mhz, it will reset the min to 120mhz while screen is off and restore it upon screen awakening, and still scale accordingly to conservatives laws. So it spends most of its time at lower frequencies. The goal of this is to get the best battery life with decent performance. It will give the same performance as conservative right now, it will get tweaked over time.
Continued On Page 3...
Page 4:Laymen Terms Android Guides
Continued From Page 3
Page 4 Of 10
Step 1: Get Eclipse
For this tutorial, I’m going to use Eclipse, because frankly it’s the easiest and most hassle-free development tool for Android right now. If you’re a NetBeans programmer, be my guest; but we'll use Eclipse.
Download Eclipse IDE for Java Developers (PC or Mac, 92MB)
Note: This is a .zip file; when you unzip it you will be able to run it wherever you unpacked it – there is no installer. I’d recommend that you put this in “C:\Program Files\” unless you plan on making it a portable application on a USB drive.
Step 2: Download The Java JDK
If you don’t have it already, you need to download the Java JDK 6. If you currently have the JDK 5, you should be okay, but there’s really no reason not to update. Just install it by downloading and then running through the setup to get things going. I’d recommend that you just hit next–>next–>finish, rather than doing anything fancy.
Step 3: Download The Android SDK Tools
Next, you’ll need to get the Android SDK Tools straight from Google. Unpack and install this to a directory you’ll remember – you need to reference this in the next few steps.
Step 4: Configure Eclipse For Your Android
Start Eclipse, and head to ‘Help>Install New Software‘. Hit “Add…” and for the name, type “Android” and set the link to “https://dl-ssl.google.com/android/eclipse/” (if this doesn’t work, try it with http:// instead of https:// ). Click “OK” and the following should appear.
Select both of the resulting packages, and hit next – this will download the Android ADT (Android Development Tools). Go ahead and start the download to obtain these two packages. Restart Eclipse (it should prompt you to on completion of the downloads). We’re almost ready to start coding.
Step 5: Configure The Android SDK
Navigate to the folder you downloaded/unpacked the Android SDK to. In there, you’ll find a file named “SDK Setup.exe.” Start that file – the following dialogue should appear.
Don’t feel obligated to download every single thing. Could it hurt? Not really. For me, however, I only really want to program for Android 2.1 and 2.01, so those are the only API packages I bothered to get (someday I may pay for my folly, but not today). Either way, get what you want (and you do need to pick one) and hit install. The SDK manager will install it for a little while.
Step 6: Set Up Your Android Virtual Device (AVD)
Now that you’ve finished, click over to “virtual devices” (still in the SDK Manager). We’re going to create an Android device that will test run your programs for you. Hit “New” to create a new Android device, and put in the specifications that you want it to have. In the screenshot below, you’ll see the options I wanted.
Click “Create AVD” to–well–create your AVD. Select your AVD from the list, and hit “Start” to make sure that you do indeed have a working emulation of an Android phone. After a pretty lengthy start-up wait, it should look something like this.
Fool around with it and explore for a bit if you want, then close it up so we can get back to work.
Step 7: Configure Eclipse Again
Remember that Android SDK we got earlier? We didn’t do anything with it. Now, it’s time to tell Eclipse where it is so Eclipse can use it as a resource. To do this, open Eclipse and navigate to Window>Preferences (or on Mac, Eclipse>Preferences) and select the Android tab. As shown below, browse to the location of your Android SDK and hit “Apply“.
Everything check out so far? Hit “OK” to save everything and let’s go program.
Step 8: Create A New Project
It’s finally time to code some. Navigate to ‘File>New>Other…>Android>Android Project‘, and input a project name, as well as some other details. If you want, copy from my screenshot below. Some of the fields need explaining that simply doesn’t belong here, so if you want to know more specifically, please let me know and maybe I’ll write an article about it.
Hit “Finish” and the project will be created.
Step 9: Input Your Code
In the tree on the left, navigate to the “src” folder and expand everything. Go to the file with the name of your “Activity” (created in step 8, mine was HelloWorld) and double click it to see the contents. Presently, your code has all of the content in black (with some minor modifications depending on your settings). To make a working “Hello world” program, you need to add the text that is in bold red. Note that there are two bold red “blocks” of code, and you need to add both to make things work.
//==========Start Code============
package com.android.helloandroid;
import android.app.Activity;
import android.os.Bundle;
import android.widget.TextView;
public class HelloAndroid extends Activity {
/** Called when the activity is first created. */
@override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
TextView tv = new TextView(this);
tv.setText("Hello, Android");
setContentView(tv);
}
}
//==========End Code============
The point of this tutorial is to get your feet off the ground. I know some or most of this is confusing; but it’s just how things are wired.
Step 10: Run Your Program
Above your code, you’ll see a little green “Play” button (or navigate to ‘Run>Run‘). Click it.When a popup box asks you how to run the application, you’re going to tell it to run as an “Android Application”. It will prompt you to save changes; hit yes.
Now you get to wait an eternity while your virtual device boots up. I’d recommend that you leave it open for the duration of your programming sprees, otherwise you’re going to spend more time watching the Android logo spin than you will watching your program freeze up. Just saying. Efficiency.
After everything’s done loading, your application should upload and start automatically. Which means that right after you “unlock” the device, you’ll be greeted with your first Android program.I only captured the top half of the screen because the rest of it is black.
Source: Coding project
Android 4.0(ICS): The Ultimate Guide
Home screen and system navigation
As with past versions of Android, the heart of Ice Cream Sandwich lies in its home screen; it's the main way you'll get around and get things done. If you've used Android before, the first thing you'll notice is how different the home screen looks in the 4.0-level release: With Ice Cream Sandwich, Google phased in a completely new graphic design, revolving around a blue-and-gray "holographic" interface and a custom font called Roboto.
Appearances aside, some things work a little differently in ICS than they have in the past. Follow along for a guided tour of the Android 4.0 home screen.
Status/Notification bar: The status bar always sits along the top of your phone's screen. On its right, you'll see the current time along with your battery level and data connection status; on its left, you'll see alerts and notifications, which have gotten a serious boost in Android 4.0.
Search bar: Android 4.0 features a Google search bar at the top of every home screen panel. You can tap here and begin typing a search term, or tap the Voice Actions icon on the right to initiate a voice search or perform other voice commands.
Home screen: You can fill this area with any combination of app shortcuts, folders and live, dynamic widgets (more on those in a bit). Android 4.0 gives you five home screen panels; just swipe left or right to move to the next or previous panel and access whatever you've stored there.
Favorites tray: The Favorites tray is like a dock for your home screen: The shortcuts or folders placed there stay present as you swipe from one panel to the next. By default, the tray includes commonly used items such as your Phone app, People app, Messaging app and Browser, with an icon for launching your app drawer in the center -- but you can customize it to include any items you want.
Navigation buttons: Instead of relying on a phone's physical buttons as in previous versions of Android, ICS has three main navigation buttons built into the interface at the bottom of the screen:
The Back button, which looks like a left-facing arrow, takes you back one step from wherever you are.
The Home button, which looks vaguely like a house, returns you to your home screen.
The Recent Apps button -- a new addition to Android 4.0 -- allows you to multitask and switch among recently used applications. You can tap the button from anywhere in the system to get a list of recently used apps, then tap on any app to jump directly to that program. You can also swipe left or right on any app to dismiss it and remove it from the list.
If you've used Android before, you might be wondering what happened to the Menu button. As of Android 4.0, the Menu button is a thing of the past: All options and commands now appear on-screen instead of being hidden away like they were with previous-generation devices.
If an application has more options than can fit on the screen, you'll see an icon that looks like three vertical dots; tapping that icon will bring up a list of additional functions relevant to your current activity.
(Curiously enough, the location of the vertical-dots icon is not always consistent, which was one of my criticisms of ICS in my initial review of the software.)
If your phone has hardware buttons: It's worth noting that while Google's Android 4.0 design guidelines call for virtual on-screen buttons, some phones still use hardware buttons instead -- either because they're older devices that have been upgraded or newer phones whose manufacturers have opted to stick with the older-style setup. If you're using an Android device that has physical buttons, those buttons should more or less correspond with the same functions described above.
A couple of exceptions: If your phone has a physical Menu button, some options in applications will remain hidden behind that button, as they have in the past. You can press the Menu button in various applications to see what additional options are available to you.
If your phone has a physical Home button but no Recent Apps button, meanwhile, you can access the app-switching function by pressing the Home button and holding it down for a few seconds.
Android 4.0 notifications
Notifications have always been a strength of Android, and with Android 4.0, they become more powerful than ever. Notifications appear on the left side of the status bar at the top of your phone's screen. The icons you see here indicate everything from new email and text messages to missed calls and calendar appointments.
To view your notifications in detail, touch your finger to the Notification bar and swipe downward. A panel will pull down over your screen showing you all of your pending notifications; you can tap on any notification to view more information about it or swipe your finger left or right on it to dismiss it from the list. You can also tap the "X" at the top-right of the notification area to dismiss and remove all of your pending notifications.
The type of notifications you get depends on what apps and accounts you have configured on your phone. With any app that's capable of sending notifications, you can customize what events trigger notifications or even disable notifications altogether; just look in the settings of each individual app to find those options.
The type of notifications you get depends on what apps and accounts you have configured on your phone. With any app that's capable of sending notifications, you can customize what events trigger notifications or even disable notifications altogether; just look in the settings of each individual app to find those options.
You can customize or disable notifications within the settings of individual apps. Click to view larger image.
In Gmail, for example, you can tap on the vertical-dots icon at the bottom of the screen (or press the Menu button, if you're on an older phone) to access the app's settings.
Within the Settings menu, tap on the line representing your Gmail account -- if you have more than one Gmail account configured, you can control notifications separately for each one -- and then check or uncheck "Email notifications" to enable or disable notifications for that account. You can also configure whether a sound and/or vibration will accompany each new mail notification.
Similar controls exist in other notification-capable apps, including the Messaging app (for text messages), Google Voice, Google+, Facebook and most Twitter clients.
In addition to basic activity-based alerts, the notifications area can display active controls for certain types of apps, such as the Android Play Music app; when you're playing a song in that app, pulling down the notification panel will reveal a set of interactive playback controls that allow you to pause, play or stop the music, or navigate through the album's tracks.
Apps in Android 4.0
If the home screen is the heart of Android, the apps are the blood that pump through its veins. Much of the Android experience revolves around applications, whether they're basic system apps like the Phone and Browser apps or third-party apps like Dropbox, Flipboard and Google Reader.
If you've used an earlier version of Android, you'll find that installing apps works the same way in ICS, so you can skip directly to "Accessing and organizing apps" below.
Finding and installing apps
You can access the Google Play Store directly from your phone or from any PC. Click to view larger image.
Android allows you to install apps from any source you wish. That said, most people use the Google Play Store to get new applications; it's the official Android market for apps (formerly known as the Android Market, fittingly enough) and the simplest and most direct way to get new programs onto your phone.
You can access the Google Play Store directly from your phone, via the Play Store icon (it looks like a shopping bag); you can also access it online from any PC by going to play.google.com. Whichever interface you use, just follow the tab for Android apps to browse through categories of popular and recommended applications. You can also use the Play Store's search function if you're looking for a particular title or type of application.
When you find an app you want, touch the Download or Install button to put it onto your phone. If you're using the Play Store website, the app will be sent wirelessly to your device. If you have multiple Android devices connected to your Google account -- a phone and a tablet, for example -- the website will prompt you to select the device you want to use via a drop-down menu.
If you see a price in place of the Download or Install button, that means the app isn't free; tap the button with the price if you want to buy it, and the cost will be charged to whatever credit card you have connected to your Google account. (The Play Store prompts you to set up a payment method the first time you connect or attempt to purchase an application.)
Accessing and organizing apps
The Android 4.0 app drawer houses all of your phone's apps and widgets. Click to view larger image.
You can always access all of your applications by tapping your phone's Apps icon -- the circled cluster of dots located in your Favorites tray at the bottom-center of your home screen.
This opens up your All Apps area, commonly called the app drawer, which contains a complete list of apps installed on your phone; swipe left or right to scroll through the list, and touch any app to open it.
If you want easy access to an app, you can add it as a shortcut on your home screen. Just press and hold the icon in your app drawer, then use your finger to drag it around until it's in a place you like. You can move the shortcut between home screen panels by sliding your finger to the very left- or rightmost edge of the current panel -- and if you decide you want to move a shortcut somewhere else later, all you have to do is press and hold the icon on your home screen to pick it up and relocate it. To remove a shortcut from your home screen, press and hold it, then drag it to the Remove icon that appears at the top of the screen.
Want to completely uninstall an app from your phone? Easy: All you have to do is press and hold it in the app drawer, then drag it to the Uninstall icon that shows up at the top of the screen. You'll also see an App Info icon; dragging the app there will allow you to view detailed info about the program's usage and permissions as well as clear its cache or data storage.
Android 4.0 makes it easy for you to create folders on your home screen that contain apps, in case you want to group similar items together to save on space or make things more tidy. While previous versions of Android had folders, they're easier to manage in 4.0, and their appearance has a sleek new look as well.
To create a folder in ICS, all you do is drop one icon on top of another on your home screen. You can add more items into the folder the same way.
Once a folder's been created, you can tap the folder to open it and show all the apps within; you can remove any item from the folder by touching it and dragging it out. You can name the folder, too: Just touch your finger to the text that says "Unnamed Folder" and type in any name you want.
Finally, you can place any items you want in the Favorites tray below the home-screen panels so they'll always be handy: Just touch and hold any icon that's already in the tray to move it out, and touch and drag any other icon in to replace it. You can even create folders within the tray, if you're so inclined.
Working with widgets
We can't talk about Android apps without talking about widgets. Widgets are one of the most powerful features Android provides; they essentially give you live, functioning programs right on your phone's home screen. Widgets let you do things like scroll through your inbox or your calendar, flip through current forecasts for multiple cities, and adjust your phone's basic settings without ever having to open a program or leave the home screen.
Widgets are frequently included as components of applications. For example, if you download the Pandora app, you'll also get the Pandora widget, which you can put on your home screen (or not) as you like. Some developers also offer standalone widget downloads, like the popular Beautiful Widgets and HD Widgets collections.
You can see a list of widgets on your device by touching the Widgets tab at the top of the app drawer and swiping left or right through the list. Placing a widget on your home screen is no different than placing an app shortcut: You press and hold the widget you want, then drag it wherever you wish on your home screen.
With Android 4.0, many widgets can be resized, too: Just press and hold any widget on your home screen, and if it's resizable, you'll see a blue box appear around it. Drag an edge of the box up, down, left or right to make the widget larger or smaller.
Want more widgets? Head to the Google Play Store; there's an entire section there devoted to apps with widgets, and you can always try searching, too.
Android 4.0 settings
Almost everything in Android can be customized, and Android 4.0 introduces a completely revamped settings area with a streamlined interface and numerous new options.
The simplest way to get to your phone's settings is to pull down the notification panel and then touch the icon directly next to the date (it looks like a series of sliding controls). Alternatively, you can find the Settings app within your app drawer; you can even put the shortcut directly on your home screen if you want.
Many of the items in the Android 4.0 settings area are self-explanatory. A few things are worth pointing out, though:
The Data Usage feature is a new and noteworthy addition to Android 4.0. It allows you to view your mobile data usage and see exactly how many bytes each application and process is utilizing.
It also lets you set a monthly mobile data limit; once set, the system will cut off all non-Wi-Fi data transfers above the limit to ensure you don't exceed your carrier's monthly data cap. You can set limits on background data transfers for specific apps, too, if you want to restrict activity for particularly data-hungry programs.
The Battery feature is another Android 4.0 addition that's well worth exploring. It allows you to get a grasp on your phone's power usage by seeing exactly how much of your battery charge is being consumed by each app and process during the day.
The Apps section of the settings shows you a complete list of all apps on your phone, including those you have installed and any that came preloaded on the device (touch the All tab to view preloaded applications). You can opt to disable any preinstalled app from here, which effectively hides it from the system and gets it out of your way.
This is useful for carrier-installed bloatware, which is often baked into the phone and impossible to uninstall. Just be careful in deciding what to disable, as disabling an important system process could have unintended consequences. As a general rule, if you aren't sure what something is, it's probably best to leave it alone.
The Accounts & Sync section shows you every account connected to your phone -- Google accounts, third-party email accounts and service-based accounts for apps like Dropbox or Facebook -- and allows you to change the autosync settings for each account as well. You can add new accounts and delete old ones from this area, too, which can be useful if you change email providers at some point or decide to add another inbox into the mix.
The Security section is an area you'll definitely want to visit. It houses the commands to set up a PIN, password or pattern lock for your phone. (Android 4.0 has a face-recognition unlock feature, too, but -- while incredibly novel -- it's far less secure than the more traditional methods.) The section also enables you to encrypt your phone's data and require a PIN or password to decrypt it every time the device is powered on.
As far as your data goes, Google can automatically back up your basic phone settings as well as your installed applications; if you should ever move to a new device, your settings and applications can then automatically be restored. Just make sure you have the "Back up my data" and "Automatic restore" options checked in the Backup & Reset section of your phone's settings if you want this feature to work.
Continued On Page 5...
Android Permissions & Security Explained
Continued From Page 6
Page 7 Of 10
Android Permissions & Security Explained
This guide aims to provide the basic info most people want to know about the security of their phones, and when to download, and when not to download applications from the Android Market.
It's my hope that this will help people make more informed decisions and be safe about their application usage, privacy, and data. It is my firm belief that Android is a fundamentally safe platform. With some common sense, diligence, and the right knowledge of the potential threats, users can rest assured and enjoy their devices more thoroughly.
While most of these tips will apply to any of the new app stores and markets now available for Android, this guide is written specifically for Google's original Android Market.
Also, while this guide attempts to be as comprehensive as possible, there may be errors or misjudgments, or just opinions that are subjective. Please read it with the idea in mind that it's just a part of the information you may want to consider when downloading your apps.
Deciding what to download is ultimately up to you, and that's the most important thing you'll need to remember.
Background about Android
The first thing when understanding the security of your phone is to know a little bit about what makes it tick. Android is a 'lite' version of Linux with most applications that you download from the market written in Java.
This is important to know because it means Android is very unlikely to ever get a 'virus' in the traditional sense. Part of the reason is because Linux is a fairly secure operating system that protects various parts of itself from other parts. This is similar to how Windows has admin accounts and limited user accounts. Because of this protection, applications downloaded from the market do not have access to anything by default. You must grant them permission for each activity they want to perform when they are installed. This is a very important point which we will address a bit later. Also due to some bad choices by Google, there are a few exceptions to this rule that we'll talk about in the permissions section.
Nevertheless, while Android is very unlikely to get a 'virus', that does not mean you are completely safe from 'malware', 'spyware', or other harmful types of programs.
Anti-virus
The efficacy of anti-virus apps on Android is a controversial subject on even the best of days. Needless to say, there are some very differing opinions on the necessity of having anti-virus software protecting your phone. Both sides of this debate have some credible and respectable reasons for their choice, so I will try and present both sides as objectively as I can. In full disclosure though, I personally do not use anti-virus on my phone. That's a personal choice I made. Plenty of security experts whom I respect do chose to use anti-virus on their phones. So ultimately this will be a choice that is yours alone to make and not something where you should take cues from other people. That said, here are the pros and cons of each side as best as I know them.
One thing to remember though, is that each side may have some irrational or sensational arguments. These stem from either a sense of emotional justification or a vested interest in selling software. Put simply, neither side of the debate is above bad arguments and unintentional or intentional faulty logic.
Benefits
- Will protect you from all past threats
- May protect you from a future threat
- Often can have additional features for privacy and data protection
- May have features to protect your phone if it is lost or stolen
Drawbacks
- May waste system resources like battery and memory
- It's hard to protect from future/unknown threats
- Can potentially cause serious harm to the OS (very rare but not unheard of)
- May provide a false sense of security and encourage risky behavior
Types of Dangerous Programs
The most common threats from Android applications are:
1) When the app tricks the user into giving it permissions it does not need to do its job.
2) When the app hides malicious code behind legitimate permissions.
3) When the app tricks the user into entering in personal information or sensitive data (such as a credit card number).
There are various ways malicious developers (also known as hackers or crackers) accomplish this. We'll briefly define each kind just to have a common understanding of the terms.
Malware
Malware generally is an all-encompassing term used to describe any harmful program. This includes spyware, viruses, and phishing scams. Sometimes the older term 'virus' is used in this context, but malware is now considered more accurate.
Spyware
Spyware is used to describe software or applications that read your information and data without you actually knowing it and reporting it back to some unknown third party for nefarious purposes. Oftentimes this includes keystroke loggers to steal passwords or credit card information. Some people include certain types of Advertising tracking in this category (sometimes called Adware, see below). However that's a much larger debate we wont cover here.
Phishing
Phishing and spyware are closely related. They work on a similar principle: tricking the user and sending user information to a 3rd party to steal it. The difference with phishing however, is that the application (or website) will pretend to be from a trusted source to try and 'trick' you into entering in your details. Contrastingly, spyware would try to hide itself from being known to the user. One way to think about the difference is that phishing is masquerading while spyware is hiding, but the end goal of stealing your data is the same.
An example of this would be an app or website pretending to be affiliated with your bank or Paypal or your email provider (Gmail, Hotmail, Yahoo). However it can, and does, include any service where someone might want to steal your identity or password.
There have been known successful phishing attacks related to at least one bank on Android.
Virus
The definition of virus used to be more all-encompassing. These days that term has been replaced by malware. Virus is more typically used to describe a specific type of software that takes control of your operating system and either damages it, or uses it for its own purposes. An example might be when a virus sends emails to everyone in your email address book. Again this is the type of program least likely to be a problem for Android.
Trojan Horse
A trojan horse is really just a specific type of virus. It merely refers to the idea that the app pretends to be something useful or helpful or fun for the user while actually causing harm or stealing data. This term is often used to describe spyware and phishing attacks as well.
Adware
Adware is typically a bit of a grey area. Sometimes this is also called nuisance-ware. This type of application will often show the users an excessive amount of advertising in return for providing a service of dubious quality to the user. However, this type of program can often be confused with legitimate ad-supported software, which shows a mild to moderate amount of advertising while providing a useful service that the user wants. Because it can be hard to tell the difference, there exists a grey area from most anti-virus companies as to how to handle adware.
How to check Permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read. Permissions can give you an idea if an application is asking for more than it needs to function properly. While some legitimate apps often ask for more permissions than they need, it should at least raise an eyebrow. Again this is just part of what you should consider when deciding if an application is safe and good quality.
How to Protect Yourself
There are no full-proof ways to avoid all bad situations in the world.But, any sane person with a reasonable head on their shoulders knowsthat a few good habits can keep you safe for a long, long time inwhatever you do. Here are a few tips I have learned from many years as aprofessional software developer and from reading many Android forumsthat have many people smarter and more knowledgeable than I aboutAndroid.
Read the comments in the Market
This should go without saying. Before you download any applications, besure to read the comments. Don't just read the first three either, clickthrough and see what people are saying. This can also help youunderstand how well an app works on your particular phone (and yourparticular version of Android). Comments should also be read EVERY timeyou update an app.
It's also important to note that bad apps can sometimes"game" the comments and ratings. There are some unsavoryservices that provide thousands of fake comments for apps and they areprobably more common than you think. See the section on TheCommunity for more on identifying these types of fake comments.
Check the Rating
Any app that fails to maintain above 2.5 stars is likely not worth yourtime. If you are brave enough to be one of the first few to download anapp, this does not apply to you. Nevertheless, almost all good apps havebetween 3 and 5 stars. To me, this is just a general rule to helpfind quality apps.
Check the permissions
There are many things an app can do to, and for, your phone. Butanything an app can do is told to you when you download and install it.Before you download and install an app, you will be shown a list ofpermissions the application is requesting. Read them. Try yourbest to understand them in terms of what the application is supposed todo for you. For example, if you download a game of checkers, and theMarket warns you that it wants to be able to read your contacts, youshould think twice and probably not download it. There is no sanereason a game of checkers needs to know your friend's phone numbers.
In the Permissions section you can read a list of some of the mostcommonly used permissions. The list explains how important they are,what they do, and notes some examples of apps that might legitimatelyneed the permission. This should help you get a basic understanding ofwhat to allow, and when to skip, an app.
Check the developer's website
Make sure the developer has a website and not just some blog. This isoften a good indication of quality as well as safety. If the developercares about their app they will likely have a relatively nice lookingwebsite (or, if they are open source, a site on Google Code or somethingsimilar). Note: sites on Google code are NOT verified or approved byGoogle. However, open source is usually (but not always) morelikely to indicate a safe application.
NOTE: This is not a definitive indicator if a developer is good or bad,just one more piece of information you can use. There are a lot ofexceptions to this particular rule, as a lot of good developers mightnot have anything more than a blog, and a lot of bad developers couldjust point to a nice looking site they have no affiliation with.However, the developer's website can be helpful just as an extra pieceof information you can use in making your decision about the developeror app.
Updating applications is the same as installing them fresh
Each time you update an application on your phone, you should use thesame diligence as if you were installing it for the first time. Rereadthe permissions to see that it is only asking for what it needs and nomore. Reread the comments to see if anything has changed in the opinionsof the users and to see if it still works for your phone. If you seethat an application says Update (manual) next to it, that means thedeveloper has changed the permissions that they are requesting. This isnot necessarily a bad thing -- but it should indicate that you shouldpay a bit closer attention to the permissions and re-evaluate them asneeded.
Privacy
Wi-Fi
One of the things to remember when trying to keep yourself safe is to be very careful with public Wi-Fi. Whenever you connect to the internet through a public Wi-Fi, you should never use any website that requires a password to sign into. The danger here is because you have no idea who is connecting you to the website. A good analogy would be like trying to mail a letter to your friend by giving it to a stranger in the street. For more info read: Man-in-the-middle attack(Wikipedia). There is also a risk that applications may be transmitting data in the background over that Wi-Fi connection about you without encrypting it. This is also true of any applications over any internet connection however. And while there are some good ways to secure your phone, I personally don't use any public Wi-Fi at all. This may be seen as extreme in some circles, but I believe it to be safest route (although somewhat limiting).
SD Cards
There isn't much to say about SD cards except that all users should remember that they are not a safe place to store personal information. This can be something as simple as a backup/export of your contacts.
The reason the SD card is not safe is that nearly all applications can read any file they want from the SD card. Most personal info such as contacts is stored internally in protected databases however, so this shouldn't be a huge concern for most people, but it's helpful to keep in mind.
GPS and Network Location
There is a lot of information online and in various books about why letting yourself be tracked has potential consequences. However, there are a lot of useful features that apps can provide with location tracking information. You should treat location tracking with care and be sure to give it only to parties your trust. Google Maps would be a great example of this.
Advertising and location tracking
There is a trade-off that some people will consider making with regards to location tracking. Some advertisers would like to have location information on you in order to show you local advertisements and coupons. In exchange, you get free use of an app such as a game. This is a decision you will need to make for yourself. I personally would not make this trade off, but some people very knowledgeable about security are very comfortable making it.
permissions
When you install an application the Market will tell you all of the permissions it needs to function. These are important to read as it can give you an idea if the application is asking for permission to do more than it needs. While some legitimate apps often ask for more permission than they need, it should at least raise an eyebrow when deciding if an application is safe and of good quality.
Continued On Page 8
Page:5 Laymens Terms Guides Continued...
Continued From Page 4...
Page 5 Of 10
Android 4.0 (Ice Cream Sandwich):The Ultimate Guide Continued...
Android 4.0 search and voice control
Google is famous for search, so not surprisingly, search is a core part of the Android 4.0 experience. The basic search functionality in ICS is the same as in past Android releases, but there's a new, more convenient way to access it: via a persistent Google search bar at the top of every home screen panel. (Some manufacturer-modified versions of ICS may put the bar in a different location or make it an optional element you can choose to include.)
To search for anything -- whether on your phone or on the Web -- touch your finger to the Google search bar. This will pull up a box that you can type any term into; your phone will start displaying relevant results for items on your phone and on the Web as you type, much like Google does with its Google Instant search feature online.
By default, the Android search function will look through a lot of different types of content, including apps you have installed, contacts you have stored, bookmarks and recently visited Web pages, and music files in your personal collection. You can customize exactly what types of content are and aren't included by tapping the Menu icon at the top-right of the search screen and selecting Settings and then "Searchable items."
In addition to standard search, Android includes a robust voice search system. Simply tap the microphone icon in the Google search bar and begin to speak; your phone will transcribe and then search for whatever words you say. Like regular search, the voice search will include items both on your phone and on the Web.
The microphone icon also gives you access to Google's Voice Actions technology. Voice Actions lets you complete numerous functions on your phone just by speaking (yes, kind of like Apple's Siri -- only this has been around since 2010). Try pressing the microphone and saying some of these commands:
send text to [contact] [message]
call [business name and city]
call [contact]
send email to [contact] [message]
go to [website]
note to self [note]
navigate to [location/business name]
directions to [location/business name]
map of [location]
listen to [artist/song/album]
Android 4.0 text input
Android 4.0 has a virtual keyboard that pops up anytime you're able to enter text. The 4.0-level keyboard is dramatically improved over the one in past Android releases; even when you type sloppily and miss a lot of characters, it can usually figure out what you're trying to say. The keyboard also has built-in word suggestion and spell-check capabilities.
In addition to the regular tap-style input, you can use Android's voice recognition technology to enter text anywhere in the system. Just tap the microphone icon on the keyboard and begin to speak; the system will transcribe text on the fly and show your words on-screen as you talk.
One nice thing about Android compared to other mobile platforms is that you aren't limited to using only the default system keyboard; you can opt to replace or supplement it with a third-party alternative if you'd like. Several popular third-party options exist, including SwiftKey -- which is known for its impressive text-predicting technology -- and Swype, which lets you type by sliding your finger from key to key without ever lifting it up.
Android devices can support a wide range of USB input devices, too, including mice, keyboards and game controllers; you can also wirelessly connect a Bluetooth keyboard to your phone if you really want to get down to business.
Android 4.0 file management and sharing
Unlike other mobile platforms, Android gives you complete control over the files stored on your phone. You can browse your Android device like a computer, moving and copying files or opening and sharing documents at will.
Android 4.0 has a built-in Downloads app that lets you access files you've downloaded from the Web, but the key to truly unlocking your phone's file management potential is installing a good file management app. I like Astro File Manager, which is available for free in the Google Play Store. (The free version of the app has ads; a $3.99 "pro" key will give you an ad-free experience.)
When you open Astro -- or any other comparable file management utility -- you'll see a list of folders and files in your phone's storage. You can navigate through the folders just like you would on your PC's hard drive; pressing and holding any item will give you a list of options like copying, moving, renaming or deleting. It'll also give you an option to send the file to any other compatible application -- if you want to share a document with someone via email, for example, or send it to your Dropbox or Google Drive account.
Android devices can interface with PCs just like portable hard drives, too: Connect your phone to an open USB port on a Windows computer, and it'll automatically show up as a media device (using the MTP protocol). You can then open the device on your computer, click through folders, and copy or move data back and forth as needed.
Mac OS X doesn't natively support the MTP protocol that Android utilizes, so you'll need to install an Android File Transfer application before you can connect your phone to an Apple computer.
Android 4.0 includes full support for near-field communication (NFC), which opens the door for some interesting contact-free device-to-device file sharing. You can pass along a contact, Web page, YouTube video or application from one NFC-enabled Android 4.x device to another simply by touching the two phones together back-to-back; once the connection is established, the system will prompt you to "beam" whatever content is currently loaded on your screen.
With its Galaxy S III phone, Samsung expanded on Android's NFC beaming functionality to allow for contact-free sharing of images, video files and music files; that expanded functionality, however, works only between two Galaxy S III phones and is consequently rather limited in practicality.
Android 4.0 Cheat Sheet
Get up to speed fast with Android 4.0: The charts below show how to perform an array of tasks in ICS, from navigating the interface to locking down your device to managing your apps.
System navigation and home screens
Go back one step:Tap the Back button at the bottom of the screen.
Return to your home screen:Tap the Home button at the bottom of the screen.
Multitask (switch to another recently used app):Tap the Recent Apps button at the bottom of the screen (or long-press the Home button if your phone lacks a Recent Apps button).
Remove an app from the multitasking list:After tapping the Recent Apps button, swipe your finger left or right on the app's thumbnail.
Move among home screen panels:Swipe left or right to move forward or backward through the panels.
Search your phone or the Web:Touch the Google search bar at the top of your home screen.
Search by voice:Touch the microphone icon in the Google search bar at the top of your home screen and speak your search term.
Issue a voice command:Touch the microphone in the Google search bar at the top of your home screen and speak a Voice Actions command.
Browse through the apps on your phone:Tap the circular Apps button at the bottom-center of your home screen to open your app drawer, then swipe left or right to move through the apps.
Add an app shortcut to your home screen:Tap the Apps button, find the app you want, then press and hold its icon and drag it to any position you want on any home screen panel.
Add a widget to your home screen:Tap the Apps button, select the Widgets tab, then press and hold any widget and drag it to any position on any home screen panel.
Move an app or widget already on your own home screen:Press and hold the item you want to move, then drag it to its new location. To move an item from one home screen panel to another, simply drag it to the left- or rightmost edge of the current panel and wait for it to slide across.
Remove an app shortcut from your home screen:Press and hold the icon, then drag it to the Remove icon that appears at the top of the display.
Resize a widget:Press and hold a widget until a blue box appears around it. Then drag an edge of the box up, down, left or right to make the widget larger or smaller.(Note: Some widgets may not be resizable.)
Change the apps in your phone's Favorites tray:Press and hold an app in the tray, then drag it out of the tray. Then press, hold and drag any other app into the open space.
Create a folder on your home screen:Press, hold and drag an app on top of any other app on your home screen; repeat the process to add additional apps into the folder.
Name a home screen folder:Tap the folder to open it, then touch the "Unnamed Folder" text and type your own title in its place.
View notifications:Touch the bar at the top of your screen and pull it down with your finger, then tap any active notification to open it.
Dismiss notifications:Swipe your finger left or right on any notification in the list, or tap the "X" at the top-right to dismiss all notifications at once.
Browse and manipulate your phone's files:Download a file management app such as Astro File Manager, then open it to browse your phone as if it were a PC.
Browse your phone from a computer:Connect your phone to the computer's USB port. With Windows systems, the phone will automatically show up and be available to you as a media device; with Mac OS systems, you'll need to install an Android File Transfer application in order for the phone to be recognized.
Access your phone's bookmarks and open tabs from your computer's browser:Download Google's Chrome for Android beta application. On the new tab screen, tap the star icon to view any synced bookmarks. (You can also access your bookmarks via the browser's drop-down menu.) Tap the open tabs icon -- the box with two arrows -- to view tabs recently open on other Chrome-connected devices.
Overall device configuration Function
Access your device settings:Touch the bar at the top of your screen and pull down the notification panel, then touch the Settings icon next to the date.
Customize ringtones, notification sounds and volume levels:Go to your phone's settings as noted above, then tap Sound and select the appropriate option.
Add new ringtones to your phone:Connect your phone to a computer and move any compatible sound file into the Ringtones folder under Internal Storage. Then go into your phone's settings, tap Sound and select the file.
Add new notification sounds to your phone:Connect your phone to a computer and move any compatible sound file into the Notifications folder under Internal Storage. Then go into your phone's settings, tap Sound and select the file.
Set your phone to silent or vibrate-only:Press and hold the phone's power button, then select one of the volume options that appears on-screen.
Adjust your phone's brightness settings:Go to your phone's settings as noted above, then select Display --> Brightness. Use your finger to move the slider to your desired brightness level, or select "Auto brightness" to have your phone automatically adjust its brightness based on current lighting conditions.
Change how long it takes for your phone's screen to time out:Go to your phone's settings, then select Display --> Sleep and adjust the time. (Remember that the longer the screen stays on, the more battery power will be used.)
Change your phone's wallpaper:Long-press on a blank space on your home screen, then follow the prompts to select a wallpaper from the source you prefer. (Many additional wallpapers, including "live" animated wallpapers, can be found in the Google Play Store.)
View detailed info about storage use on your phone:Go to your phone's settings, then select Storage. You'll see a breakdown of storage use by content type; tapping on any individual type of content will provide you with a more specific breakdown.
View detailed info about your phone's battery usage:Go to your phone's settings, then select Battery. You'll see a chart showing precisely how much of your battery charge each app and process has consumed; tapping on any individual item will provide you with more specific details about that app's activity.
Change your system keyboard:Go to your phone's settings, then select "Language & input." Under "Keyboard & input methods," you'll see a list of keyboards installed on the device. Make sure the keyboard you want to use has a check next to it, then tap Default and select it from the list. (Many additional keyboards can be found in the Google Play Store.)
Perform a factory reset and erase all data on the phone:Go to your phone's settings, then select "Factory data reset" and follow the prompts. Note that this will permanently erase all data and account settings and restore your device to its factory condition.
Browse and activate accessibility options:Go to your phone's settings, then select Accessibility.
App management
Download a new application:Visit the Google Play Store by tapping the Play Store app on your phone or navigating to play.google.com from a computer-based Web browser.
Find additional options in an app:Inside the app, look for an icon with three vertical dots; touch it to view additional options (or press your phone's physical Menu button if you're using a phone that still has such a button).
Change or remove notifications for a specific app:Open the app (Gmail, Email, Messaging, Facebook, etc.) and find its Settings menu, which may be under the vertical dots icon shown just above. Look there for a Notifications option and adjust or disable it as desired. (If an app doesn't have such an option available, it likely doesn't utilize notifications.)
Share content from an app:Inside the app, look for the Share icon. Tap it to bring up a menu of programs that can be used for sharing -- things like Gmail, Facebook, Google Drive, Dropbox, Evernote and so forth.
Uninstall an app:Open your app drawer (via the All Apps button in the Favorites tray). Press and hold the app you wish to uninstall, then drag it to the Uninstall icon that appears on-screen.
Get detailed information about an app:Open your app drawer. Press and hold the app you want to know about, then drag it to the App Info icon that appears on-screen.
Disable a preinstalled system app:Open your app drawer. Press and hold the app you wish to disable, then drag it to the App Info icon that appears on-screen and select the Disable option. (Note that disabling a system app can have unintended consequences; if you aren't sure what something is, it's generally best to leave it alone.)
Android 4.1 (Jelly Bean):The Ultimate Guide
Jelly Bean keeps the basic look and feel established in Android 4.0 but fine-tunes a lot of details. The notification pulldown has a new look, with larger text and more gray and white in place of blue. (It also has some new functionality -- more on that in a bit.)
Lots of new effects and transitions are sprinkled throughout the system, too. When you move your finger over the lock screen, for example, a circle of tiny dots follows your touch. And when you open an app from your home screen, the app opens by zooming up from the space you touched. These types of subtle improvements all add up to make the Android interface more polished and impressive than it's ever been before.
Jelly Bean introduces a new system "share" menu, too, along with an improved "open with" box (you know, the dialog that appears when you tap on a link or file that more than one program could handle). The search box at the top of the home screen has a new frosted type of look. And the initial phone setup/sign-in process gets a major makeover; with Jelly Bean, the process is far more simple and user-friendly than what we've seen in the past.
What about performance? Is Jelly Bean really faster than ICS?
Google calls its Android 4.1 performance push "Project Butter" because it's meant to make everything run much more smoothly (either that or because it's salty and delicious -- but I'm assuming the former).
The difference in speed from Android 4.0 to 4.1 is immediately noticeable. With Jelly Bean, the phone rotates far more quickly than it did in past Android releases. Transitions, especially between the home screen and app drawer, are significantly faster. And the "recent apps" list loads instantly when you tap the button -- the slight delay present in ICS is a thing of the past. I tested two Galaxy Nexus phones side by side, one with Android 4.0 and the other with 4.1, and the improvements were obvious.
Google increased the speed of the Android OS by improving the system frame-rate and display refresh signal and also developing a new touch input system that anticipates where your fingers will land and then gives the CPU an extra shot of power when you touch the screen.
JB's Search And Voice Control
Android 4.1 gets a whole new search system, and boy, is it cool. Instead of simply showing you Web results for whatever term you enter, the Jelly Bean search setup gives you informational cards with detailed answers about what you really want to know. (You can still find standard search results beneath the quick info cards.)
Search is also now more thoroughly integrated into the Android system: In addition to the Google search bar at the top of the home screen, you can get to the Android search tool from the lock screen -- by swiping upward on the slide lock -- or from anywhere in the OS by swiping up from the virtual home button.
The most impressive new thing in Jelly Bean search, without a doubt, is the revamped voice search system. While Google's Voice Actions have allowed you to issue specific voice commands for years, the new 4.1-level setup allows for more natural types of queries as well.
Once in the search tool, you simply say "Google" to activate the new voice command system. Then, you can ask all sorts of questions and Google will show -- and tell -- you the answers.
If you ask "How tall is Scarlett Johansson," for example, the system returns a card with the actress's face (nothing wrong with that) and her height; it also speaks aloud and tells you the information. If you ask "How hot is it gonna be tomorrow" or "Is it supposed to rain this week?" -- or pretty much any other weather-related question -- Google delivers the answer in a similar graphic-plus-audio form.
The options go on and on. You can ask for good Chinese restaurants near you, tell Google to navigate you to a specific location by car or by foot, or ask for any type of Web-accessible information, ranging from when your favorite sports team plays next to when your friend's flight is scheduled to arrive. The existing command-style prompts still work, too, if you want to send yourself a note, compose and send a text, or start listening to a particular band or song.
Google Now
Google Now is another new part of the Android 4.1 search tool. In a nutshell, it uses a combination of your location, search history, calendar, and other habits to automatically deliver relevant information to you throughout the day.
(And if you're worried about privacy, yes, it's optional; Google Now works only if you choose to opt in.)
The concept seems very cool, though it'll take some time to see how useful it actually ends up being. So what kinds of things can Google Now do? Some examples: It can tell you the weather at the start of the day, show you how much traffic to expect as you head out the door to work, show you your favorite sports team's score when the game's underway, and show you when the next train is scheduled to arrive as you step onto the platform.
If you have an upcoming calendar appointment, Google Now can look at the appointment's address and at your current location, then estimate travel time based on current traffic conditions and let you know when you need to leave in order to arrive on time. If you're in a new area, Google Now can recommend nearby restaurants and other places of interest. Cards that are particularly timely appear as notifications on your phone; all other Google Now cards are always available in the Jelly Bean search tool.
4.1 Notifications
Everything! Jelly Bean notifications are a whole new game compared to past Android releases. Visual differences aside, notifications in Android 4.1 are both expandable and action-oriented.
What that means is that you can drag down on notifications, using two fingers, to expand them and get additional information and options. When you expand a missed call alert, for example, you get options to call the person back or text them right from your notifications panel. With new email, you can expand to see details about multiple new messages in your inbox. And with a captured screenshot, you can expand to get an option to share the image right then and there.
Homescreen Jelly Bean
Jelly Bean makes it much easier to add and arrange widgets and shortcuts on your home screen. When you slide in a new widget, the system automatically moves other items in the area to make room for it. If there still isn't enough space, it'll resize the widget for you to make it fit (as much as possible).
The same thing happens with regular app shortcuts: You can slide an icon next to another icon to bump it over and open the space.
Android 4.1 also has a handful of new integrated system widgets, including a bunch of Google Play-related items (to see your purchased/rented multimedia, recommendations for app or multimedia downloads, and so forth) as well as a new Sound Search widget that's basically the same thing as Shazam or SoundHound: You tap the widget while a song is playing, and after "listening" for a few seconds, it tells you the name of the song and the artist who performs it.
Heres a few other things you can find in Jelly Bean
An updated Camera app that lets you swipe on the viewfinder to jump directly into your Gallery of images for easy photo viewing and sharing.
An updated system keyboard with better dictionaries, improved text-to-speech functionality, offline text-to-speech support, and intelligent word prediction (a la SwiftKey).
Added support for contact-free NFC sharing of photos and videos.
"Smart app updates" that let you download only the changed portions of updated applications instead of having to download the entire app every time an update rolls in.
An improved face-unlock security mode that requires you to blink before your phone will unlock.
A slew of new gesture-based navigation commands for visually impaired users; also added support for Braille input and output devices.
CDMA vs GSM
Two basic technologies in mobile phones, CDMA and GSM represent a gap you can't cross. They're the reason you can't use AT&T phones on Verizon's network and vice versa.CDMA (Code Division Multiple Access) and GSM (Global System for Mobiles) are shorthand for the two major radio systems used in cell phones. Both acronyms tend to group together a bunch of technologies run by the same entities. In this story, I'll try to explain who uses which technology and what the real differences are.
Which Carries are CDMA? Which are GSM?
Five of the top seven carriers in the U.S. use CDMA: Verizon Wireless, Sprint, MetroPCS, Cricket, and U.S. Cellular. AT&T and T-Mobile use GSM.
That means we're mostly a CDMA country. It also means we're not part of the norm, because most of the world is GSM. The global spread of GSM came about because in 1987, Europe mandated the technology by law, and because GSM comes from an industry consortium. What we call CDMA, by and large, is owned by chipmaker Qualcomm. This made it less expensive for third parties to build GSM equipment.
There are several variants and options carriers can choose, like toppings on their technological ice cream. In this story we'll be talking about U.S. networks.
For call quality, the technology you use is much less important than the way your carrier has built its network. There are good and bad CDMA and GSM networks, but there are key differences between the technologies. Here's what you, as a consumer, need to know.
It's much easier to swap phones on GSM networks, because GSM carriers put customer information on a removable SIM card. Take the card out, put it in a different phone, and the new phone now has your number. What's more, to be considered GSM, a carrier must accept any GSM-compliant phone. So the GSM carriers don't have total control of the phone you're using.
That's not the case with CDMA. In the U.S., CDMA carriers use network-based white lists to verify their subscribers. That means you can only switch phones with your carrier's permission, and a carrier doesn't have to accept any particular phone onto its network. It could, but typically, U.S. carriers choose not to.
In other words, you can take an unlocked AT&T phone over to T-Mobile (although its 3G may not work well because the frequency bands are different). You can't take a Verizon phone over to Sprint, because Sprint's network rejects non-Sprint phones.
3G CDMA networks (known as "EV-DO" or "Evolution Data Optimized") also, generally, can't make voice calls and transmit data at the same time. Once more, that's an available option (known as "SV-DO" for "Simultaneous Voice and Data Optimization"), but one that U.S. carriers haven't adopted for their networks and phones.
On the other hand, all 3G GSM networks have simultaneous voice and data, because it's a required part of the spec. (3G GSM is also actually a type of CDMA. I'll explain that later.)
So why did so many U.S. carriers go with CDMA? Timing. When Verizon's predecessors and Sprint switched from analog to digital in 1995 and 1996, CDMA was the newest, hottest, fastest technology. It offered more capacity, better call quality and more potential than the GSM of the day. GSM caught up, but by then those carriers' paths were set.
It's possible to switch from CDMA to GSM. Two carriers in Canada have done it, to get access to the wider variety of off-the-shelf GSM phones. But Verizon and Sprint are big enough that they can get custom phones built for them, so they don't see the need to waste money switching 3G technologies when they could be building out their 4G networks.
Continued On Page 6...
Page:6 Android Terms,Slang & Definitions Continued...
Continued From page 5
Page 6 Of 10
Screen size:Actual physical size, measured as the screen's diagonal.
For simplicity, Android groups all actual screen sizes into four generalized sizes: small, normal, large, and extra large.
Screen density
The quantity of pixels within a physical area of the screen; usually referred to as dpi (dots per inch). For example, a "low" density screen has fewer pixels within a given physical area, compared to a "normal" or "high" density screen.
For simplicity, Android groups all actual screen densities into four generalized densities: low, medium, high, and extra high.
Orientation:The orientation of the screen from the user's point of view. This is either landscape or portrait, meaning that the screen's aspect ratio is either wide or tall, respectively. Be aware that not only do different devices operate in different orientations by default, but the orientation can change at runtime when the user rotates the device.
Pixel Density:is a measurement of the resolution of devices in various contexts: typically computer displays, image scanners, and digital camera image sensors.
Density-Independent Pixel (dp):A virtual pixel unit that you should use when defining UI layout, to express layout dimensions or position in a density-independent way.
The density-independent pixel is equivalent to one physical pixel on a 160 dpi screen, which is the baseline density assumed by the system for a "medium" density screen. At runtime, the system transparently handles any scaling of the dp units, as necessary, based on the actual density of the screen in use. The conversion of dp units to screen pixels is simple: px = dp * (dpi / 160). For example, on a 240 dpi screen, 1 dp equals 1.5 physical pixels. You should always use dp units when defining your application's UI, to ensure proper display of your UI on screens with different densities.
Android Resolution:Android runs on a variety of devices that offer different screen sizes and densities. For applications, the Android system provides a consistent development environment across devices and handles most of the work to adjust each application's user interface to the screen on which it is displayed. At the same time, the system provides APIs that allow you to control your application's UI for specific screen sizes and densities, in order to optimize your UI design for different screen configurations. For example, you might want a UI for tablets that's different from the UI for handsets.
LDPI:Resources for low-density (ldpi) screens (~120dpi).
MDPI:Resources for medium-density (mdpi) screens (~160dpi).
HDPI:Resources for high-density (hdpi) screens (~240dpi).
XHDPI:Resources for extra high-density (xhdpi) screens (~320dpi).
NODPI:Resources for all densities. These are density-independent resources. The system does not scale resources tagged with this qualifier, regardless of the current screen's density.
TVDPI:Resources for screens somewhere between mdpi and hdpi; approximately 213dpi. This is not considered a "primary" density group. It is mostly intended for televisions and most apps shouldn't need it—providing mdpi and hdpi resources is sufficient for most apps and the system will scale them as appropriate. If you find it necessary to provide tvdpi resources, you should size them at a factor of 1.33*mdpi. For example, a 100px x 100px image for mdpi screens should be 133px x 133px for tvdpi.
Dex:Dalvik Executable. Compiled Android application code file. Android programs are compiled into .dex files, which are in turn zipped into a single .apk file on the device. .dex files can be created by automatically translating compiled applications written in the Java programming language.
Action:An action is a description of something that an Intent sender wants done. An action is a string value assigned to an Intent. Action strings can be defined by Android or by a third-party developer. For example, android.intent.action.VIEW for a Web URL, or com.example.rumbler.SHAKE_PHONE for a custom application to vibrate the phone.
Activity:An activity is a single screen in an application, with supporting Java code, derived from the Activity class. Most commonly, an activity is visibly represented by a full screen window that can receive and handle UI events and perform complex tasks, because of the Window it uses to render its window. Though an Activity is typically full screen, it can also be floating or transparent.
AndroidManifest.xml:Every application must have an AndroidManifest.xml file (with precisely that name) in its root directory of the source tree. The manifest presents essential information about the application to the Android system, information the system must have before it can run any of the application’s code.
Application:From a component perspective, an Android application consists of one or more activities, services, listeners, and intent receivers. From a source file perspective, an Android application consists of code, resources, assets, and a single manifest. During compilation, these files are packaged in a single file called an application package file (.apk).
Broadcast Receiver:An application class that listens for Intents that are broadcast, rather than being sent to a single target application/activity. The system delivers a broadcast Intent to all interested broadcast receivers, which handle the Intent sequentially.
Canvas:A drawing surface that handles compositing of the actual bits against a Bitmap or Surface object. It has methods for standard computer drawing of bitmaps, lines, circles, rectangles, text, and so on, and is bound to a Bitmap or Surface. Canvas is the simplest, easiest way to draw 2D objects on the screen. However, it does not support hardware acceleration, as OpenGL ES does. The base class is Canvas.
Content Provider:A data-abstraction layer that you can use to safely expose your application’s data to other applications. A content provider is built on the ContentProvider class, which handles content query strings of a specific format to return data in a specific format.
Cachesd:Moves Dalvik cache files to the ext2/ext3/ext4 partition on your secure digital card. Creates Dalvik Cache to SD flag.
Cachesdreset:Performs the same function as cachesd, plus erases the contents of Dalvik-Cache, forcing a rebuild on reboot.
Cachepart:Moves Dalvik cache files to the /cache partition in your phone. Creates Dalvik Cache to Cache Partition flag.
Cachepartreset:Performs the same function as cachepart, plus erases the contents of Dalvik-Cache, forcing a rebuild on reboot.
Convert-ext3:Converts an EXT2 partition to an EXT3 partition.
Note: Boot process will take longer due to the conversion.
Convert-ext4:Converts an EXT3 partition to an EXT4 partition.
Note:You must execute a2sd convert-ext3 first if you are trying to convert from EXT2 to EXT4. Boot process will take longer due to the conversion.
Data:The data partition on the device contains the user-related data, such as installed applications and settings for those apps, as well as your SQLite database containing Android settings and messages. Normally, the directory /data/app is off-limits through the ‘adb shell’ command, as well as other terminal applications that can run on the device, since this directory contains the apk files for apps. On a rooted phone, using the ‘su’ command will allow full access to this partition. This partition can be flashed using Fastboot or Nandroid.
DDMS:Dalvik Debug Monitor Service, a GUI debugging application included with the SDK. It provides screen capture, log dump, and process examination capabilities. If you are developing in Eclipse using the ADT Plugin, DDMS is integrated into your development environment.
Dialog:A floating window that that acts as a lightweight form. A dialog can have button controls only and is intended to perform a simple action (such as button choice) and perhaps return a value. A dialog is not intended to persist in the history stack, contain complex layout, or perform complex actions. Android provides a default simple dialog for you with optional buttons, though you can define your own dialog layout. The base class for dialogs is Dialog.
Drawable:A compiled visual resource that can be used as a background, title, or other part of the screen. A drawable is typically loaded into another UI element, for example as a background image. A drawable is not able to receive events, but does assign various other properties such as “state” and scheduling, to enable subclasses such as animation objects or image libraries. Many drawable objects are loaded from drawable resource files — xml or bitmap files that describe the image. Drawable resources are compiled into subclasses of android.graphics.drawable.
Datasd:Moves /data/data to the SD card.
F2FS (Flash-Friendly File System) was created by Kim Jaegeuk at Samsung for the Linux operating system kernel. The motivation for it was to build a file system that from the start takes into account the characteristics of NAND flash memory-based storage devices, which have been widely used in computer systems ranging from mobile devices to servers. Samsung chose a log-structured file system approach, which it adapted to newer forms of storage. F2FS also remedies some known issues of the older log structured file systems, such as the snowball effect of wandering trees and high cleaning overhead. Because a NAND-based storage device shows different characteristics according to its internal geometry or flash memory management scheme (such as the Flash Translation Layer), Samsung also added various parameters not only for configuring on-disk layout, but also for selecting allocation and cleaning algorithms. Introduced in the second half of 2012 this new file system shows promise but is not yet generally available in any Kernels that I have seen. Samsung has submitted these patches for integration into the Linux kernel, which means it’s likely to appear on Android releases in the future.
Flash Memory:Flash memory, also known as NAND memory, is nonvolatile – keeping information even when the device is off. Flash memory in the device is equivalent to the hard drive in a computer. This is where the device’s operating system (sometimes called firmware) and applications are stored. Flash memory is slower than RAM, but is (almost always) faster than SD cards.
Fixapk:Fixes permissions on programs.
Forcecheck:Forces Darktremor Apps2SD to force check the EXT partition on the SD card when phone is rebooted.
Heapsizexx:Sets Dalvik Heap Size to xx, or heapsize0 resets heap size to default settings.
Logcat:While in adb (see ADB), type in “adb logcat > logcat.txt”. This will help you when resolving issues and bugs. There are also tools in the market you can use for this, one of which is called aLogcat. It can show different categories (severity of errors ect.) too, which is something adb logcat cannot do.
Playstore(Old:Market):The market on Android is a place where you can purchase or download applications for your phone. When you download through the market, the installation process is transparent (as in you don’t have to deal with the APK files yourself), and there is the facility to rate apps and post comments which are visible to other users. Frequently, the developers of apps actually take onboard the feedback in the comments (mainly the smaller apps with slightly less feedback to sift through).
When an app is installed from the market, it is copied to ‘/data/app/apkname.apk’, as the act of ‘installing’. An app can store its data in the folder ‘/data/data/apkname’. It is possible to clear the data stored by an application by using the Manage Applications feature in Settings | Applications | Manage Applications.
Intent:A message object that you can use to launch or communicate with other applications/activities asynchronously. An Intent object is an instance of Intent. It includes several criteria fields that you can supply, to determine what application/activity receives the Intent and what the receiver does when handling the Intent. Available criteria include the desired action, a category, a data string, the MIME type of the data, a handling class, and others. An application sends an Intent to the Android system, rather than sending it directly to another application/activity. The application can send the Intent to a single target application or it can send it as a broadcast, which can in turn be handled by multiple applications sequentially. The Android system is responsible for resolving the best-available receiver for each Intent, based on the criteria supplied in the Intent and the Intent Filters defined by other applications.
Intent Filter:A message object that you can use to launch or communicate with other applications/activities asynchronously. An Intent object is an instance of Intent. It includes several criteria fields that you can supply, to determine what application/activity receives the Intent and what the receiver does when handling the Intent. Available criteria include the desired action, a category, a data string, the MIME type of the data, a handling class, and others. An application sends an Intent to the Android system, rather than sending it directly to another application/activity. The application can send the Intent to a single target application or it can send it as a broadcast, which can in turn be handled by multiple applications sequentially. The Android system is responsible for resolving the best-available receiver for each Intent, based on the criteria supplied in the Intent and the Intent Filters defined by other applications.
Layout Resource:An XML file that describes the layout of an Activity screen.
Lowmem-Moderate:Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 3072 pages / 12 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 7680 pages / 30 MB
Content Provider: 8960 pages / 35 MB
Empty App: 10240 pages / 40 MB
Lowmem-Optimum:Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 2048 pages / 8 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 10240 pages / 40 MB
Content Provider: 12800 pages / 50 MB
Empty App: 15360 pages / 60 MB
Lowmem-Strict:Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 2048 pages / 8 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 15360 pages / 60 MB
Content Provider: 17920 pages / 70 MB
Empty App: 20480 pages / 80 MB
Lowmem-Aggressive:Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 3072 pages / 12 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 21000 pages / 82 MB
Content Provider: 23000 pages / 90 MB
Empty App: 25000 pages / 98 MB
Lowmem-Extreme: Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 3072 pages / 12 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 38400 pages / 150 MB
Content Provider: 40960 pages / 160 MB
Empty App: 43520 pages / 170 MB
Lowmem-Ultimate:Sets the internal memory killer to the following
settings:
Foreground Apps: 1536 pages / 6 MB
Visible Apps: 3072 pages / 12 MB
Secondary Server: 4096 pages / 16 MB
Hidden Apps: 51200 pages / 200 MB
Content Provider: 57600 pages / 225 MB
Empty App: 64000 pages / 250 MB
Lowmem-Default:Sets the internal memory killer back to phone default settings.
Manifest File:An XML file that each application must define, to describe the application’s package name, version, components (activities, intent filters, services), imported libraries, and describes the various activities, and so on.
Nocache:Moves Dalvik cache files to the internal phone storage. Removes all Dalvik Cache flags.
Nocachereset:Performs the same function as nocache, plus erases the contents of Dalvik-Cache, forcing a rebuild on reboot.
Nodata:Restores /data/data to the internal storage.
Noswap: Creates the No Swap flag. Prevents A2SD from activating the swap partition.
9-Patch:A resizeable bitmap resource that can be used for backgrounds or other images on the device.
Odex:Odex stands for “Optimized Dalvik Executable” file. The Android system, as identified above, utilizes compressed data stored in the .apk file at runtime. To speed up this process, the most critical elements of application will be placed uncompressed in an .odex file, thus enabling the Android OS to quickly interpret that important information before it continues to parse the rest of the application. Stock ROMs will come from the manufacturer as “odexed”, meaning that the application(s) will have a .apk file and an .odex file, i.e. Calendar.apk and Calendar.odex.
ROW Scheduler:The ROW scheduling algorithm will be used in mobile devices as default
+block layer IO scheduling algorithm. ROW stands for "READ Over WRITE"
+which is the main requests dispatch policy of this algorithm.
Resources:Nonprogrammatic application components that are external to the compiled application code, but which can be loaded from application code using a well-known reference format. Android supports a variety of resource types, but a typical application’s resources would consist of UI strings, UI layout components, graphics or other media files, and so on. An application uses resources to efficiently support localization and varied device profiles and states. For example, an application would include a separate set of resources for each supported local or device type, and it could include layout resources that are specific to the current screen orientation (landscape or portrait). The resources of an application are always stored in the res/* subfolders of the project.
Resetcache:Clears the dalvik cache and restarts phone.
Reswap: Removes the No Swap flag. Allows A2SD to activate the swap partition.This is used if you have already executed an a2sd noswap command. Otherwise, this part is automatically performed when Apps2SD is started.
Service:An object of class Service that runs in the background (without any UI presence) to perform various persistent actions, such as playing music or monitoring network activity.
SPL:The Secondary Program Loader is a piece of bootcode that initiates the startup of the phone, displaying the initial splash screen for the device, and loading the initial files from ROM.
It checks to see if a button combination is pressed on bootup (such as that to enter Recovery Mode or the bootloader), and loads the relevant system software. If no special instruction is given by holding keys, the bootloader loads the normal system software by initializing the boot process from the boot partition.
Flashing your SPL is risky, as the process failing will probably result in a broken, or bricked phone, since the SPL is executed very early on in the boot process, and any error here will prevent access to the recovery or bootloader features.
If you do flash the SPL though, it unlocks the Carrier-ID CID from the device, essentially allowing any RUU to be installed to the device, and allows flashing alternative or custom bootscreens.
Surface:An object of type Surface representing a block of memory that gets composited to the screen. A Surface holds a Canvas object for drawing, and provides various helper methods to draw layers and resize the surface. You should not use this class directly; use SurfaceView instead.
SurfaceView:A View object that wraps a Surface for drawing, and exposes methods to specify its size and format dynamically. A SurfaceView provides a way to draw independently of the UI thread for resource-intensive operations (such as games or camera previews), but it uses extra memory as a result. SurfaceView supports both Canvas and OpenGL ES graphics. The base class is SurfaceView.
System:The /system directory on your device is where the main operational software for the Android OS is stored. It has a number of sub-directories of which /system/apps (where application apk’s are stored) is probably the only one users would have need to access. The /system folder is read-only by default and needs remounted via ‘adb’ to allow write access.
Swappyxx:Sets swap partition swappiness value to xx.
Theme:A set of properties (text size, background color, and so on) bundled together to define various default display settings. Android provides a few standard themes, listed in R.style (starting with “Theme_”).
Update.zip:An update.zip (does not have to actually be called update.zip if you have a patched Recovery image) is a file containing some files which will be copied to the phone’s internal memory. Normally, a new system update or ROM is stored in the file, but update.zip files are commonly used to install modifications such as themes or applications that are installed on the System partition to prevent uninstallation.
To flash one of these files, which commonly would contain a custom ROM for your phone, you would boot your phone to a patched recovery image (whether using Fastboot, or the home+power method if you have a patched Recovery image flashed on your phone)
Update.zip files are cryptographically signed, and more information on how to sign your own files can be found online.
URI's:Android uses URI strings as the basis for requesting data in a content provider (such as to retrieve a list of contacts) and for requesting actions in an Intent (such as opening a Web page in a browser). The URI scheme and format is specialized according to the type of use, and an application can handle specific URI schemes and strings in any way it wants. Some URI schemes are reserved by system components. For example, requests for data from a content provider must use the content://. In an Intent, a URI using an http:// scheme will be handled by the browser.
View:An object that draws to a rectangular area on the screen and handles click, keystroke, and other interaction events. A View is a base class for most layout components of an Activity or Dialog screen (text boxes, windows, and so on). It receives calls from its parent object (see viewgroup, below)to draw itself, and informs its parent object about where and how big it would like to be (which may or may not be respected by the parent).
ViewGroup:A container object that groups a set of child Views. The viewgroup is responsible for deciding where child views are positioned and how large they can be, as well as for calling each to draw itself when appropriate. Some viewgroups are invisible and are for layout only, while others have an intrinsic UI (for instance, a scrolling list box). Viewgroups are all in the widget package, but extend ViewGroup.
Widget:One of a set of fully implemented View subclasses that render form elements and other UI components, such as a text box or popup menu. Because a widget is fully implemented, it handles measuring and drawing itself and responding to screen events. Widgets are all in the android.widget package.
Window:In an Android application, an object derived from the abstract class Window that specifies the elements of a generic window, such as the look and feel (title bar text, location and content of menus, and so on). Dialog and Activity use an implementation of this class to render a window. You do not need to implement this class or use windows in your application.
glibc: (GNU C Library)Any Unix-like operating system needs a C library: the library which defines the ``system calls'' and other basic facilities such as open, malloc, printf, exit...
The GNU C Library is used as the C library in the GNU systems and most systems with the Linux kernel.
Libhybris:a way to load Android libraries while overriding some Bionic symbols with those symbols from glibc.
Bloatware:Software or 'apps' that you don't need, but come preinstalled to a device's /system partition, meaning that you cannot remove them unless the device has been rooted. Usually, these are apps are sponsored by a company and included by a carrier for profit. For example, the Photobucket app included on the G2 by TMobile.
Compile:It translates (a android program)from a high-level language into another language, usually machine language.
Decompile:To convert executable (ready-to-run) program code (sometimes called object code ) into some form of higher-level programming language so that it can be read by a human.
Deodex:Deodexing is basically repackaging of these APKs in a certain way, such that they are reassembled into classes.dex files. By doing that, all pieces of an application package are put together back in one place, thus eliminating the worry of a modified APK conflicting with some separate odexed parts.
GNU:A recursive acronym for “GNU's Not Unix!”; it is pronounced g-noo, as one syllable with no vowel sound between the g and the n. The GNU Project was launched in 1984 to develop a complete Unix-like operating system which is free software: the GNU system. “Free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech”, not as in “free beer”.
API:An application programming interface (API) is a specification intended to be used as an interface by software components to communicate with each other. An API may include specifications for routines, data structures, object classes, and variables. An API specification can take many forms, including an International Standard such as POSIX, vendor documentation such as the Microsoft Windows API, the libraries of a programming language, e.g. Standard Template Library in C++ or Java API.
An API differs from an application binary interface (ABI) in that an API is source code based while an ABI is a binary interface. For instance POSIX is an API, while the Linux Standard Base is an ABI.
Odex:In Android file system, applications come in packages with the extension .apk. These application packages, or APKs contain certain .odex files whose supposed function is to save space. These ‘odex’ files are actually collections of parts of an application that are optimized before booting. Doing so speeds up the boot process, as it preloads part of an application. On the other hand, it also makes hacking those applications difficult because a part of the coding has already been extracted to another location before execution.
Open Source:Open-source refers to software with publicly available source code. In the context of Android, Open-source refers to the approach to the design, development, and distribution of software. This offers accessibility to a software's source code for modification, improvement, bug-fixing, and security-enhancement. CyanogenMod is based on this principle.
Port:To Take a rom or app from one phone and program it to work on a different one.
Swap:Swap is, in short, virtual RAM. With swap, a small portion of the hard drive is set aside and used like RAM. The computer will attempt to keep as much information as possible in RAM until the RAM is full. At that point, the computer will begin moving inactive blocks of memory (called pages) to the hard disk, freeing up RAM for active processes. If one of the pages on the hard disk needs to be accessed again, it will be moved back into RAM, and a different inactive page in RAM will be moved onto the hard disk ('swapped'). The trade off is disks and SD cards are considerably slower than physical RAM, so when something needs to be swapped, there is a noticeable performance hit.
Unlike traditional swap, Android's Memory Manager kills inactive processes to free up memory. Android signals to the process, then the process will usually write out a small bit of specific information about its state (for example, Google Maps may write out the map view coordinates; Browser might write the URL of the page being viewed) and then the process exits. When you next access that application, it is restarted: the application is loaded from storage, and retrieves the state information that it saved when it last closed. In some applications, this makes it seem as if the application never closed at all. This is not much different from traditional swap, except that Android apps are specially programed to write out very specific information, making Android's Memory Manager more efficient that swap.
Continued On Page 7...
Layman Terms Android Guides Continued...
Continued From Page 9
Page 10 Of 10
Trick Apps Into Thinking They Are Using Wifi,When Using 3G.
Some Android games and application require a Wi-Fi connection due to the large amount of data that they use. If you don't have Wi-Fi available, however, you won't be able to use the apps or play the games, even if you have a fast 3G connection. You can trick your phone into believing that the Wi-Fi is connected by saving a small text file to your SD card so the phone will play games and apps as if it's on Wi-Fi when it's only connected to 3G.
Things You'll Need
PC
Data cable
Text editing app
Instructions
1) Launch a text editing program on your computer and type "FALSE" in all caps. Save the file and give it the name "qaWifiOnlyMode.txt" exactly with all the lower-case and capital letters duplicated precisely, otherwise the Android operating system won't see the file. Close the text editing program.
2) Plug your Android device into your computer and drag your finger down from the top of the screen to open the notification area. Tap "USB Connected" and then confirm that you want to mount your SD card as a drive on the computer.
3) Find the qaWifiOnlyMode.txt file on your computer and click to select it. Press "Ctrl" and "C" to copy the file. Browse to the location of your Android device's SD card on your computer. In the base directory, not in any sub-folder, press "Ctrl" and "V" to paste the text file to the card.
4) Drag down the notification area on your Android device and tap the USB connection to disconnect the device from the computer. Unplug the USB cable. Your device will now play games and apps as if it's on Wi-Fi even if it's only on 3G.
How to boot your Android phone or tablet into safe mode for troubleshooting
Android is a relatively stable mobile operating system, but every now and then, performance issues arise. Safe mode is a great tool that you can use to troubleshoot these issues. Safe mode boots your phone running only the apps that came with the phone – that means no third-party apps. Therefore, if your phone runs without an issue when you’re in safe mode, it’s a pretty good bet that the problem isn’t system related, and instead a third party app you downloaded.
Click through the break to see how you can enable safe mode to test if it’s a system problem or a third-party problem.
Unfortunately, not all phones have the same method to enter safe mode. Most Jelly Bean devices use the first method below, but some devices with older versions of Android and some newer devices (like the Galaxy S 4 and HTC One) use the alternate method further down the page.
Method 1 (most Jelly Bean devices)
1) Hold down the physical power button on your device.
2) Long-press the “Power off” option that appears.
3) A dialog box asking you if you want to reboot to safe mode may pop up. Tap OK.
(Note: If the box doesn’t appear, go on to the alternate method.)
4) When the phone reboots, you should see a “Safe Mode” watermark at the botom left of the screen, to let you know that you are in fact in safe mode.
Method 2 (some older versions of Android and some Jelly Bean phones)
1) Turn off your phone.
2) Once your phone is off, turn it on by pressing the power button.
3) As your phone is booting, hold down both the volume up and volume down buttons (yes, both) and keep them held.
4) Once your phone has booted, you should see a “Safe Mode” watermark at the botom left of the screen, to let you know that you are in fact in safe mode.
Note: If the alternate method also doesn’t work, you can try holding down menu instead of volume up and down while booting.
In safe mode, while you can’t use third party apps, you can uninstall them. So if your phone is giving you problems as bad as freezing and not letting you uninstall apps, you can uninstall the problem app/apps in safe mode. In addition, if you need to, you can backup your data or factory reset your device in safe mode .
To exit safe mode, you just restart your device as you normally would.
How To Setup Eclipse and Netbeans For Developing Google Android Apps
The Google Android platform allows the user a simple and efficient means to create applications for the mobile device. Much of the information concerning Android architecture, libraries, and source codes can be found on the Google Android web page: http://code.google.com/intl/en/android/
To develop Android applications, the user can employ Netbeans or Eclipse for assistance. Each Integrated Development Environment (IDE) is free and easy to maneuver. However, Eclipse is an older application that Netbeans.
Netbeans
Netbeans is deemed more desirable for building web applications. To begin building a web application in Netbeans, it requires one step. This step involves downloading the Netbeans IDE 5.0 application. Its competitor’s process involves 6 steps in comparison.
Netbeans contains a JSP debugger and remote debugger, a Java Enterprise Edition verifier, a choice of JSP, JSF or Struts frameworks, a deployment description editor, a HTTP monitor, multiple database connections, XML editor and validation, debug and monitor SQL commands, and no manual creation or modification of deployment descriptors required.
To develop Google Android Applications for Netbeans, the user must implement the following steps.
1) Install the Integrated Development Environment (IDE). Download the application from the website and install it.
2) Install the Android plug in for Netbeans. The plug in is named nbandroid.
Within the Netbeans Update Center, the user will find the Netbeans plug in.
First go to the Menu bar, find the Tools menu. Within the tools menu, the user will find a list of Netbeans plug ins. Select the Netbeans plug in the user desires. In this particular case, select the Android Plug in. Within the Settings options, select Add. When prompted, enter this URL: http://kenai.com/downloads/nbandroid/updates.xml
The user can begin the installation process, when this step is completed. Once the Android plug is installed, then the user should add the Android Platform to Netbeans.
Within the Menu option, select the Tools option. Once this is completed, enter Java Platforms. Then select the Add Platform button. The Google Android Platform should be in this selection. The next window will prompt the user to enter a new platform name. Enter the user name. Follow the instructions until the process is complete.
Eclipse
In order to build a web application in Eclipse, the user must Download Eclipse IDE 3.1, Apache Tomcat, Eclipse Modeling Framework (EMF), Eclipse Graphical Editing Framework (GEF), Java EMF Model (JEM) from Visual Editor Project (VEP), and Web Tools Project (WTP).
After the Software Development Kit (SDK) installation, locate and install the Android plug in for the Eclipse. The installation process is as follows:
From the Menu, select the Help feature. Within the Help feature select Software Updates. A command window will appear. Select the window, for Add site. Enter the following URL when prompted: https://dl-ssl.google.com/android/eclipse/
Next select the Updates and Add On menu. The URL will appear. When the URL appears, click on the URL. Then select the Developer Tools option and begin the installation process. Follow the steps to install the plug in.
If the user needs the Europa version, the steps are as follows. Start the Eclipse application. Within the Menu, select the Help option. Then select the Software Updates and Find and Install. Select the New Remote Site. Choose and insert a name for the plug in . Enter the location of the plug in and proceed.
https://dl-ssl.google.com/android/eclipse/
When this step is complete, the site should appear in the Add On list. Select the Android Developer Tools and the Android Editor. Follow the instructions to install the plug in. Include this URL when prompted: https://dl-ssl.google.com/android/eclipse/.
Once the Eclipse plug in is installed, then restart the IDE. Indicate the location of the Software Development Kit (SDK) within the system.
Select the Menu. Then select Preferences under the Window option. Choose the Android. Select Browse to locate the Software Development Kit (SDK) directory in the computer.
The user may now create Android applications in the Eclipse IDE.
Source
Continued On Page 11...
Android Permissions & Security Explained Continued...
Continued From Page 7
Page 8 Of 10
Official Description
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.
Details
This permission is of high importance. This could let an application call a 1-900 number and charge you money. However, this is not as common a way to cheat people in today's world as it used to be. Legitimate applications that use this include: Google Voice and Google Maps.
Another important point to note here is that any app can launch the phone screen and pre-fill a number for you. However, in order to make the call, you would need to press [Send] or [Call] yourself. The difference with this permission is that an app could make the entire process automatic and hidden.
Send SMS or MMS
Services that cost you money
[color=ery commonly used by legitimate applications. Applications that typically need this permission include (but are not limited to) camera applications, audio/video applications, document applications
[B]Official Description[/B]
Allows an application to read the user's contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Write contact data
Development tools / Your personal info
URI: android.permission.WRITE_CONTACTS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's contacts data.
Details
This permission is of high importance. Unless an app explicitly states a specific feature that it would use your contact list for, there isn't much of a reason to give an application this permission. Legitimate exceptions include typing or note taking applications, quick-dial type applications and possibly social networking apps. Some might require your contact information to help make suggestions to you as you type. Typical applications that require this permission include: social networking apps, typing/note taking apps, SMS replacement apps, contact management apps.
Read calendar data
Development tools / Your personal info
URI: android.permission.READ_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read the user's calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Write calendar data
Development tools / Your personal info
URI: android.permission.WRITE_CALENDAR
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's calendar data.
Details
This permission is of moderate to high importance. While most people would consider their calendar information slightly less important than their list of contacts and friends, this permission should still be treated with care when allowing applications access. Additionally, it's good to keep in mind that calendar events can, and often do contain contact information.
Read browser history & bookmarks
Development tools / Your personal info
URI: com.android.browser.permission.READ_HISTORY_BOOKMA RKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read (but not write) the user's browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Write browser history & bookmarks
Development tools / Your personal info
URI: com.android.browser.permission.WRITE_HISTORY_BOOKM ARKS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write (but not read) the user's browsing history and bookmarks.
Details
This permission is of medium-high importance. Browsing habits are often tracked through regular computers, but with this permission you'd be giving access to more than just browsing habits. There are also legitimate uses for this permission such as apps that sync or backup your data, and possibly certain social apps.
Read sensitive logs
Development tools / Your personal info
URI: android.permission.READ_LOGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read the low-level system log files.
Details
This permission is of high importance. This allows the application to read what any other applications have logged.
Modify global system settings
Hardware controls
URI: android.permission.WRITE_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows an application to read or write the system settings
Details
This permission is pretty important but only has the possibility of moderate impact. Global settings are pretty much anything you would find under Android's main 'settings' window. However, a lot of these settings may be perfectly reasonable for an application to change. Typical applications that use this include: volume control widgets, notification widgets, settings widgets, Wi-Fi utilities, or GPS utilities. Most apps needing this permission will fall under the "widget" or "utility" categories/types.
Read sync settings
Hardware controls
URI: android.permission.READ_SYNC_SETTINGS
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync settings
Details
This permission is of low to medium importance. It mostly allows the application to know if you have background data sync (such as for Facebook or Gmail) turned on or off.
Automatically start at boot
Hardware controls
URI: android.permission.RECEIVE_BOOT_COMPLETED
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to receive the ACTION_BOOT_COMPLETED that is broadcast after the system finishes booting.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to run the application every time you start your phone. While not a danger in and of itself, it can point to an applications intent
Restart other applications
Hardware controls
URI: android.permission.RESTART_PACKAGES
Risk: HIGH
Protection level: UNKNOWN
Official Description
This constant is deprecated. The restartPackage(String) API is no longer supported.
Details
This permission is of low to moderate impact. It will allow an application to tell Android to 'kill' the process of another application. However, any app that is killed will likely get restarted by the Android OS itself.
Retrieve running applications
Hardware controls
URI: android.permission.GET_TASKS
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
Details
This permission is of moderate importance. It will allow an application to find out what other applications are running on your phone. While not a danger in and of itself, it would be a useful tool for someone trying to steal your data. Typical legitimate applications that require this permission include: task killers and battery history widgets. Other than that however, most apps should not need this permission.
Display system-level alerts
Hardware controls
URI: android.permission.SYSTEM_ALERT_WINDOW
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to open windows using the type TYPE_SYSTEM_ALERT, shown on top of all other applications.
Details
This permission is of high importance. This permission allows an app to show a "popup" window above all other apps, even if the app is not in the foreground. A malicious developer/advertiser could use it to show very obnoxious advertising. Almost no apps should require this permission unless they are part of the Android operating system. An example of a system alert would be the alert you are shown when your phone or tablet is out of battery and is about to shut down.
Control vibrator
Development tools
URI: android.permission.VIBRATE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the vibrator
Details
This permission is of low importance. As it states, it lets an app control the vibrate function on your phone. This includes for incoming calls and other events.
Take pictures and videos
Development tools
URI: android.permission.CAMERA
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Required to be able to access the camera device.
Details
This permission is of moderate importance. As it states, it lets an app control the camera function on your phone. In theory this could be used maliciously to snap unsuspecting photos, but it would be unlikely and difficult to get a worthwhile picture or video. However, it is not impossible to make malicious use of cameras.
Access location extra commands
Network Communication
URI: android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to access extra location provider commands
Details
The specifics of the extra commands here are a bit unclear. However, the usage of this permission indicates that an app wants to know detailed information about your location, and respond accordingly. This is often used with advertising and location-based and social-network services like Four Square, Twitter, Facebook or Google Places/Google+. It is recommended that you treat this permission with the same caution as the GPS location permission and assume the same implications to privacy apply.
Access mock location
Network Communication
URI: android.permission.ACCESS_MOCK_LOCATION
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows an application to create mock location providers for testing
Details
This is a permission used for development of apps that make use of location based services. By creating "mock" (fake) locations, apps can test if their code works correctly depending on your location.This permission has no known sercurity considerations; Nor much use in a app released to the public.
Battery stats
Hardware controls
URI: android.permission.BATTERY_STATS
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to collect battery statistics
Details
This permission is of little to no importance.
Bluetooth Admin
Your accounts
URI: android.permission.BLUETOOTH_ADMIN
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to discover and pair bluetooth devices
Details
Bluetooth (Wikipedia: http://en.wikipedia.org/wiki/Bluetooth) is a technology that lets your phone communicate wirelessly over short distances. It is similar to Wi-Fi in many ways. It itself is not a danger to your phone, but it does enable a way for an application to send and receive data from other devices. Typical applications that would need bluetooth access include: sharing applications, file transfer apps, apps that connect to headset or wireless speakers.
Broadcast Sticky (Intents)
Hardware controls
URI: android.permission.BROADCAST_STICKY
Risk: LOW-MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to broadcast sticky intents. These are broadcasts whose data is held by the system after being finished, so that clients can quickly retrieve that data without having to wait for the next broadcast.
Details
The permission has to do with how applications "talk" to each other using a communication method called "Intents". While this permission is highly technical it is a relatively low importance. There are no know obvious malicious uses for this permission.
Change Configuration
Hardware controls
URI: android.permission.CHANGE_CONFIGURATION
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to modify the current configuration, such as locale.
Details
This is a permission that generally should not be granted to regular apps. Other than changing the locale (i.e. language), it is unclear what configuration changes this permission allows. As such, it should be treated with considerable caution.
Clear app cache
Hardware controls
URI: android.permission.CLEAR_APP_CACHE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to clear the caches of all installed applications on the device.
Details
This permission is of low importance. It allows an app to clear the cache of apps on the phone or tablet. The cache is a place that an app stores recently used data for faster access. Clearing the cache can sometimes (very rarely) fix bugs related to those files. Clearing these files generally presents no risk other than to slow the performance of the phone or tablet (as apps will need to re-create the caches when used).
Disable Keyguard (lock screen)
(unknown category)
URI: android.permission.DISABLE_KEYGUARD
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows applications to disable the keyguard
Details
This permission is of medium-high importance. It allows an app to disable the "lock screen" that most phones go into after going to sleep and been turned on again. This lockscreen can sometimes be a password screen, or a PIN screen, or just a "slide to unlock" screen.
Expand status bar
Hardware controls
URI: android.permission.EXPAND_STATUS_BAR
Risk: MEDIUM-HIGH
Protection level: UNKNOWN
Official Description
Allows an application to expand or collapse the status bar.
Details
This appears to be a system permission -- not for use by regular applications. If you come across this permission I would beware of any app requesting it that is not an Android system app.
Flashlight
Development tools
URI: android.permission.FLASHLIGHT
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows access to the flashlight
Details
This allows apps to turn on or off the LED "flash" light used by the camera. This is a handy tool but usually of no risk itself.
Get package size
Hardware controls
URI: android.permission.GET_PACKAGE_SIZE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Official Description
Allows an application to find out the space used by any package.
Details
This permission does not seem to have any risk associated with it.
Kill background processes
Hardware controls
URI: android.permission.KILL_BACKGROUND_PROCESSES
Risk: HIGH
Protection level: UNKNOWN
Official Description
Allows an application to call killBackgroundProcesses(String).
Details
This permission is a bit of a tricky one. Often this is used by what are called "task killers". These apps supposedly free system resources by closing apps running in the background. However the usefulness of such apps is minimal at best. They can help close an app that is misbehaving, however a user can already do that themselves through the Android settings under "Apps" or "Manage Applications". Conversely this permission has some potential to maliciously close anti-virus or other security related apps. As with anything I would treat this with caution. Few users should ever need an app with this permission. Rather, it could be an indicator of malicious intent (especially if not requested by a task killer or system performance tuning app).
Modify audio settings
Hardware controls
URI: android.permission.MODIFY_AUDIO_SETTINGS
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to modify global audio settings
Details
This permission is of low importance. Audio settings pose little to no risk to the device.
Format file systems
Your personal information
URI: android.permission.MOUNT_FORMAT_FILESYSTEMS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows formatting file systems for removable storage.
Details
The primary danger with this permission is that it could be used to erase data from an SD card or other similar storage in your phone. This is also not a permission any normal app should need.
Mount / Unmount file systems
Your personal information
URI: android.permission.MOUNT_UNMOUNT_FILESYSTEMS
Risk: MODERATE
Protection level: DANGEROUS
Official Description
Allows mounting and unmounting file systems for removable storage.
Details
This permission just allows for connecting to SD cards for reading and writing. While not a risk itself, this is also not a permission any normal app should need.
NFC (Near Field Communication)
Your accounts
URI: android.permission.NFC
Risk: MEDIUM
Protection level: DANGEROUS
Continued On Page 9
Android Permissions & Security Explained Continued...
Continued From Page 8
Page 9 Of 10
Official Description
Allows applications to perform I/O operations over NFC
Details
NFC stands for Near Field Communication. This is a technology like Bluetooth that enables short range communication between two devices or the reading of NFC "tags". The distance which NFC is able to work is only a few centimeters so that devices (or a device and a tag) must effectively be touching each other to communicate. Due to the distance, this technology is not particularly dangerous. However it does present a small risk and it is something that should used with caution.
For more info: http://en.wikipedia.org/wiki/Near_field_communication
Process outgoing calls
Your location
URI: android.permission.PROCESS_OUTGOING_CALLS
Risk: VERY-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor, modify, or abort outgoing calls.
Details
This permission is of high importance. This would allow an app to see what numbers are called and other personal info. Generally this permission should only be seen on apps for VOIP (Voice Over Internet Protocol) like Google Voice or dialer replacement type apps.
Read sync stats
Hardware controls
URI: android.permission.READ_SYNC_STATS
Risk: MODERATE
Protection level: UNKNOWN
Official Description
Allows applications to read the sync stats
Details
This permission is related to "Read sync settings" but not particularly dangerous itself. There is a minor risk that some personal information could be gleaned from the sync stats, but the information is unlikely to be valuble. Sync in this case relates to syncing of contacts and other types of media on the phone.
Record audio
Development tools
URI: android.permission.RECORD_AUDIO
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to record audio
Details
While this permission is not typically dangerous, it is a potential tool for eavesdropping. However recording audio has legitimate uses such as note taking apps or voice search apps. As a side note recording audio is typically a significant drain on the battery.
Set alarm
Hardware controls
URI: android.permission.SET_ALARM
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to broadcast an Intent to set an alarm for the user.
Details
This permission seems to be of low risk because it doesnt allow the setting of the alarm directly. Rather it allows the opening of the alarm app on the phone.
Set time zone
Hardware controls
URI: android.permission.SET_TIME_ZONE
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows applications to set the system time zone
Details
This permission poses little, if any, risk
Set wallpaper
Hardware controls
URI: android.permission.SET_WALLPAPER
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows applications to set the wallpaper
Details
This permission poses little, if any, risk
Subscribed feeds read
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_READ
Risk: MEDIUM
Protection level: UNKNOWN
Official Description
Allows an application to allow access the subscribed feeds ContentProvider.
Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.
Subscribed feeds write
Development tools / Your personal info
URI: android.permission.SUBSCRIBED_FEEDS_WRITE
Risk: LOW-MEDIUM
Protection level: DANGEROUS
Official Description
(No developer documentation is available for this permission)
Details
This would give an app access to RSS feed that you have subscribed to. If you dont subscribe to any RSS feeds, this permission is of little risk. If you do, this permission is akin to letting an app have access to your broser history. It could glean interests and preferences and other semi-personal information.
Use SIP
Your accounts
URI: android.permission.USE_SIP
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to use SIP service
Details
SIP stands for Session Initiation Protocol. It is a technology mostly used for making video and voice calls over the Internet. While not a major security risk it should be treated with almost as much caution as the standard "make phone calls" permission.
Write secure settings
Hardware controls
URI: android.permission.WRITE_SECURE_SETTINGS
Risk: VERY-HIGH
Protection level: DEVELOPMENT
Official Description
Allows an application to read or write the secure system settings.
Details
This permission should only be seen on Android system apps (and possibly wireless carriers or hardware manufacturer pre-installed apps).
Write SMS
Services that cost you money
URI: android.permission.WRITE_SMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to write SMS messages.
Details
This permission appears to be an offshoot from the "send SMS" permission. This should allow an app to write, but not send an SMS message. Users should still be cautious of this permission however. Many kinds of malware lure users into sending SMS to special for-pay numbers costing them money.
Write sync settings
Your messages
URI: android.permission.WRITE_SYNC_SETTINGS
Risk: MEDIUM
Protection level: DANGEROUS
Official Description
Allows applications to write the sync settings
Details
This permission relates to backup and sync of certain types of information like contacts. This allows an app to write settings for how that account and the data are sync and backed up. This is a common permission for social services or contact managers or any other type of app with an account associated with it. Alone, this permission doesn't allow an app access to contacts or other sensitive data. Rather, it just relates to how that data is backed up. Nevertheless, care should be taken as always.
Read profile
Development tools / Your personal info
URI: android.permission.READ_PROFILE
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Official Description
Allows an application to read the user's personal profile data.
Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.
Install Shortcut (Android Launcher)
Hardware controls
URI: com.android.launcher.permission.INSTALL_SHORTCUT
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
This is a custom permission for the default Android Laucher (the home screen). This permission would allow an app to put an icon or shortcut there. While not dangerous, this can sometimes be a sign of a potentially malicious or adware app. For more on adware, see the guides section of PocketPermissions.
Read external storage
Your personal information
URI: android.permission.READ_EXTERNAL_STORAGE
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to read from external storage.
Details
This permission is granted to all apps by default.
Read SMS
System tools
URI: android.permission.READ_SMS
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.
Write call log
Your location
URI: android.permission.WRITE_CALL_LOG
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Details
This permission is not much of a danger by itself, but rather could be used to hide other malicious behavoir. However it has a legitimate purpose for dialer replacements or voice over IP apps (like Google Voice).
Write profile
Development tools / Your personal info
URI: android.permission.WRITE_PROFILE
Risk: MODERATE-HIGH
Protection level: DANGEROUS
Details
This a new permission that relates to a special new "Me" contact you can create in your phone or tablet as your own profile.
Read social stream
Development tools / Your personal info
URI: android.permission.READ_SOCIAL_STREAM
Risk: HIGH
Protection level: DANGEROUS
Details
This permission is very important. It is a new permission introduced with Android 4.0 (Ice Cream Sandwhich). This permission would allow an app to read updates from social networking apps like Google+, Twitter, and Facebook. By granting this permission you are giving an app the ability to read not only your information, but any updates posted by people in your social circles.
Add voicemail
System tools
URI: com.android.voicemail.permission.ADD_VOICEMAIL
Risk: MEDIUM-HIGH
Protection level: DANGEROUS
Details
This seems to be a new permission related to Android's new centralized voicemail system. It would be an unusual means for an app to use this permission maliciously. However few apps should need it and, as always, it should be treated with caution.
Authenticate Accounts
Your messages
URI: android.permission.AUTHENTICATE_ACCOUNTS
Risk: VERY-HIGH
Protection level: DANGEROUS
Details
This permission is of high importance. It allows an app to authenticate credentials (such as passwords). Typical uses of this would be if an app had it's own type of account on your phone such as Google, Facebook, or Twitter.This permission is closely related to the Account Manager permission. Both are typically requested together.While this doesn't directly give an app access to your personal information or passwords, it does present a security risk for phishing (tricking the user into revealing their password). For more on phishing, see the Guides section of PocketPermissions)
Read email attachments
Development tools / Your personal info
URI: com.android.email.permission.READ_ATTACHMENT
Risk: HIGH
Protection level: DANGEROUS
Details
This is a custom permission for the default Android email app (i.e. not Gmail). This permission should be treated with great caution. Many email attachments contain highly sensitive and personal or financial information.
Read user dictionary
Development tools / Your personal info
URI: android.permission.READ_USER_DICTIONARY
Risk: LOW
Protection level: DANGEROUS
Official Description
Allows an application to read the user dictionary.
Details
This would allow an app to read words added to your custom dictionary. Oftentimes this is abbreviations like "brb" that you might add for typing text messages. Unless you save personal information in your dictionary, this permission is of almost no risk.
Write user dictionary
Hardware controls
URI: android.permission.WRITE_USER_DICTIONARY
Risk: LOW
Protection level: UNKNOWN
Official Description
Allows an application to write to the user dictionary.
Details
This alows an app to add custom words to your user dictionary. For example, the common acronym "brb" for "be right back".
Receive SMS
System tools
URI: android.permission.RECEIVE_SMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor incoming SMS messages, to record or perform processing on them.
Details
This permission is mostly a privacy concern. Any app that can read your SMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS replacment" apps (such as Handcent) and would naturally need this permission to function. Other apps sometimes use this as a way of sending a special code to you device. This can be used by a paid app by sending a code to unlock the full version of an app. Or, this can be used by security apps to listen for a special shutdown codes in case your phone is stolen.
Receive MMS
System tools
URI: android.permission.RECEIVE_MMS
Risk: HIGH
Protection level: DANGEROUS
Official Description
Allows an application to monitor incoming MMS messages, to record or perform processing on them.
Details
This permission is mostly a privacy concern. Any app that can read your MMS messages could gather a lot of information about you. However there are quite a few legitimate reasons an app may request this. Some apps are simply "SMS/MMS replacment" apps (such as Handcent) and would naturally need this permission to function.
Install DRM
Hardware controls
URI: android.permission.INSTALL_DRM
Risk: MODERATE-HIGH
Protection level: UNKNOWN
Details
DRM stands for Digital rights management. Typically this permission is not particularly dangerous itself. However, it is a permission related to controlling access to medi such as books, audio video, and more. Due to its purpose to control access, I would be especially careful installing any app requesting it.More info: http://en.wikipedia.org/wiki/Digital_rights_management
Add system service
Hardware controls
URI: android.permission.ADD_SYSTEM_SERVICE
Risk: CRITICAL
Protection level: UNKNOWN
Details
This permission should only be given to Android System apps (and possibly to wireless carrier or hardware manufacturer pre-installed apps)
Access WiMax State
Your accounts
URI: android.permission.ACCESS_WIMAX_STATE
Risk: LOW-MODERATE
Protection level: UNKNOWN
Details
WiMax is a technology developed for "4G" data and internet speeds on mobile devices. This permission allows an app to see if it is currently connected to a wireless network that uses WiMax. There is no significant risk associated with this permission.
Change WiMax state
Your accounts
URI: android.permission.CHANGE_WIMAX_STATE
Risk: MODERATE
Protection level: DANGEROUS
Details
This permission allows an app to turn on or off the WiMax radio. WiMax is a type of "4G" wireless connection like LTE. This permission essensially allows an app to turn on or off 4G.
Read instant messages (IM)
Development tools / Your personal info
URI: com.android.providers.im.permission.READ_ONLY
Risk: HIGH
Protection level: UNKNOWN
Details
This is apermission realated to reading instant messages, such as those on GooleTalk.
RECEIVE
(unknown group)
URI: com.google.android.c2dm.permission.RECEIVE
Risk: LOW
Protection level: UNKNOWN
Details
C2D stands for Cloud to Device Messaging. This is a push notification technology that is being phased out for a similar technology called GCM. (Google Cloud Messaging). This permission is of little to no risk.
In-app billing
Services that cost you money
URI: com.android.vending.BILLING
Risk: CRITICAL
Protection level: UNKNOWN
Source
Continued On Page 10
Android,Terms,Slang and Definitions Continued...
Continued From Page 10...
Page 11 Of 11
Digitizer: Device for converting analogue signals into digital signals
YAFFS:Yaffs1 is the first version of this file system and works on NAND chips that have 512 byte pages + 16 byte spare (OOB;Out-Of-Band) areas.[clarification needed] These older chips also generally allow 2 or 3 write cycles per page,which YAFFS takes advantage of - i.e. dirty pages are marked by writing to a specific spare area byte.
Newer NAND flash chips have larger pages, 2048 bytes + 64 bytes spare areas, and stricter write requirements.Each page within an erase block (128 kilobytes) must be written to in sequential order, and each page must be written only once.YAFFS2 was designed to accommodate these newer chips.YAFFS2 is based on the YAFFS1 source code,with the major difference being that internal structures are not fixed to assume 512 byte sizing,and a block sequence number is placed on each written page. In this way older pages can be logically overwritten without violating the "write once" rule.[clarification needed]
YAFFS is a robust log-structured file system that holds data integrity as a high priority.A secondary YAFFS goal is high performance.YAFFS will typically outperform most alternatives.It is also designed to be portable and has been used on Linux, WinCE, pSOS, eCos,ThreadX and various special-purpose OSes.A variant 'YAFFS/Direct' is used in situations where there is no OS, embedded OSes and bootloaders: it has the same core filesystem but simpler interfacing to the OS and NAND flash hardware.
Zipalign: An archive alignment tool introduced first time with 1.6 Android SDK (software development kit). It optimizes the way an Android application package (APK) is packaged. Doing so enables the Android operating system to interact with the application more efficiently, and hence has the potential to make the application and overall the whole system much faster. Execution time is minimized for zipaligned applications, resulting is lesser amount of RAM consumption when running the APK.
.apk: The file extension of an Android application.
Apps2SD: An unique method of storing applications on the device's microSD partition(EXT.). An official method was included in Android 2.2, mostly making this moot.
Bloat(ware): Applications/widgets -- usually unwanted -- that are preloaded onto a device.
CDMA: Short for Code-Division Multiple Access, a digital cellular technology that uses spread-spectrum techniques.
DLNA: Dynamic Living Network Alliance. A method for wirelessly streaming photos and videos from your smartphone to your TV.
GPS: Stands for Global Positioning System. Uses a constellation of satellites in space to find your location on the ground.
GSM: (Global System for Mobile Communications, originally Groupe Spécial Mobile), is a standard set developed by the European Telecommunications Standards Institute (ETSI) to describe protocols for second generation (2G) digital cellular networks used by mobile phones.
IMEI: Stands for International Mobile Equipment Identity. Basically a unique identification number assigned to every phone.
Launcher: Collectively, the part of the Android user interface on home screens that lets you launch apps, make phone calls, etc.
LTE: Stands for "Long-Term Evolution." Is considered to be one of the "true" methods of 4G data (even if it technically isn't). First rolled out by Verizon in late 2010, and then by AT&T in late 2011, and Sprint will begin using it in mid-2012.
MTP: Stands for Media Transfer Protocol. Designed by Microsoft, and used by devices that have a single, unpartitioned storage structure to transfer files to and from a computer.
NFC: Near-field communication. Short-range communication between your phone and something else -- another phone, a cash register, etc. Used by some credit cards as a method of quick payment.
OEM: Stands for Original Equipment Manufacturer. Usually a company that produces a component or entire device for another company.
Open GL: An open source 3D graphics library used in many devices, including Android devices.
Open Source: Software which is liberally licensed to grant the right of users to study, change, and improve its design through the availability of its source code.
OTA: Stands for Over the Air. The act of moving data to your phone -- downloading, really -- without having to plug it in. Most Android system updates are OTA, as are application downloads.
Pixel: An individual dot on the display. Also a way to measure the resolution of a camera (usually in millions of pixels). Pixels usually are made up of sub-pixels. The arrangement of those sub-pixels affects the way you see images and text.
PPI: Pixels per inch. How we determine a display's "pixel density." The more pixels in a display, the better graphics and text look.
PRL: The Preferred Roaming List, basically a way of telling your phone which towers to connect to first.
Project Butter: Software enhancements introduced in Android 4.1 to improve the smoothness of on-screen transitions and animations. Project Butter uses software tricks like vertical sync (vsync) and triple-buffering to display a smooth, consistent frame rate throughout the UI.
SDK: Stands for Software Development Kit. Generally, a set of tools used to create software for a certain platform following guidelines provided in the kit. For Android, the SDK provides tools to create applications that run on Android devices.
Sideload: The act of installing an app outside of the Android Market.Installing 3rd party application,using your external sd card or a type of cloud storage.
Soft Reset: A "soft" reset is by far the most common type of reset any PDA user will come across, and is often useful in solving minor problems and strange behaviour. When you perform a soft reset of a PDA, you are essentially causing the device to stop everything it is running, and restart - much like rebooting a PC.
Hard Reset: Sometimes also referred to as a "factory reset", a hard reset is an extremely serious process, because performing a hard reset will always wipe all the data from your PDA and return it to the settings it originally had when purchased.
Tethering: The act of using your smartphone's data to provide Internet access to another device, such as a laptop. Can be done wirelessly, or via a USB cable.
USB: Stands for Universal Serial Bus. Is a method of connecting devices to a computer. Most smartphones now use microUSB cables to charge and sync.
UMS: Stands for USB Mass Storage. Devices with SD cards or partitioned internal storage mount that storage as UMS when connecting to a computer. Files can then be moved to and from the device.
Continued On Page 12...
Laiman Terms Android Guides Continued...
Continued From Page 11...
Page 12 Of 12
How to backup or transfer apps/photos/videos/music/etc from your Android phone to the cloud or desktop computer
Smartphones make for great point-and-shoot camera replacements, which means many people use their phones exclusively to take all of their photos and keep up with memories. The problem with that is that phones can easily get lost or stolen, SD cards can go bad or any number of things that can cause you to lose months or years of pictures unexpectedly. In this guide, we’re going to go over how to backup your pictures, just in case you run into some data loss down the road.
Connecting your Android device to your computer with a USB cable can be annoying and almost prehistoric. Most people have WiFi networks set up in their home and anyone using a smartphone is going to have a data connection, so why not use those to transfer files to and from your computer with your device? It’s easier and you’re not chained to a USB cable when you want to move some music around. There’s several different ways to get the job down, and this guide is going to go through some of those options.
Backup to your PC
The quickest way to backup your pictures is to connect your device to your computer and copy your photos, but it can be a little confusing to find exactly where your photos are at on your device. Many Android devices have internal storage and an SD card slot, so there can be two possible locations for it, and there’s tons of folders in both locations, especially if you have tons of apps. If you know what you’re looking for, it’s not too hard to navigate, and that’s where this guide comes in.
First things first, connect your phone to one of your computer’s USB ports with your USB cable. If you’re using Windows, you’ll see a new device show up in the left pane of Windows Explorer, around where your hard drive is listed. Some models require a driver or software to be installed in order to see the internal storage. If so, just follow the prompts to install it.
If you do have a device that has both internal storage and an SD card, you’re going to see two locations listed in your device. “Card” will be the SD card inserted in the phone, obviously, and “Phone” will be the phone’s internal storage. Most people tend to store photos on the SD card so it’s easier to move photos between devices, but either option works. Open up whichever storage you use to hold your pictures, and you’ll be able to see every file and folder that’s stored in it. For this example, we’re going to use the SD card because it’s less likely to be cluttered with folders from apps, but if you’re using your phone’s internal storage to hold your photos, it’s not uncommon to see dozens of folders here. You’re going to want to find the folder labeled DCIM. (Digital Camera IMages).
Opening your DCIM folder can show a few different folders, but you’re going to want the Camera folder. Open it to make sure all of your photos and videos are in it. Now we need move you stored pictures to your computer’s hard drive for backup. The easiest way to do this is to go back to the root of the DCIM folder (where you can see the Camera folder instead of the individual photos) and right-click and copy that entire Camera folder. Then, find a suitable place to backup your photos, which could be in your Photos library or just your desktop, and right-click and paste the folder. The copy process might take a few minutes depending on how many photos you have, but after it’s done you’ll have two copies of your photos in both places.
If you primarily take photos in other apps, such as Instagram, the photos may not be stored in the DCIM/Camera folder. Most apps will store photos in a Pictures folder, so for Instagram you would look for an Instagram folder inside the Pictures folder on your device storage. Aside from that, however, the copy/paste process is identical.
Cloud Backup
Connecting your phone to your computer to backup photos is an easy way to keep your memories safe, but it’s still a hassle to connect your device to your computer and manually move everything over. It also isn’t a feasible solution for someone that uses something like a Chromebook or tablet for their primary computer. Fortunately, you can use Dropbox’s fantastic app to automatically keep your photos backed up to the cloud, no cables involved.
If you already use Dropbox to frequently store files in their cloud, setting up Dropbox to automatically sync your photos is a piece of cake. If you don’t have a Dropbox account, you can get a free account and get 2 GB of space to store your photos, which, for most people, is way more than enough storage.
First things first, if you don’t already have the Dropbox application, you can grab it off of Google Play. It’s a free app, so no worries there. You can either sign into your current account or create one. During the initial setup, Dropbox will prompt you to setup your automatic photo backups. You can choose to either upload photos on your data connection and WiFi, or only WiFi. For most people with a data cap, sticking to WiFi uploads is the best option as Dropbox uploads photos immediately after taking them. If you snap a few dozen photos, you can burn through quite a bit of data in a short time without realizing it, and this is doubly true for videos. There’s also an option to go ahead and upload your current photos and videos on your device to Dropbox. Another cool aspect of the photo backup is that your first photo upload gets you an extra 500 MB of free storage space, so you’ll come in close to 2.5 GB total space.
If you already use Dropbox but don’t have the camera upload turned on, you can find the option to turn it on in the settings menu. It walks you through setup just like a first-time user, and you’ll still get your extra 500 MB for your first upload.
All of your uploaded pictures and videos are stored in a Camera Uploads folder in your Dropbox account, which can be accessed from the Dropbox app or any web browser from any device. You can even install the Dropbox desktop application and all your photos will be automatically copied to your desktop/notebook. You will find a Dropbox folder under your username folder (PCs) which always be in sync with the Dropbox website. Once you photos are copied to Dropbox, you can delete them from your phone if you wish. You can also move photos into Dropbox’s Public folder to easily share them with your friends and family, which is a great tool for those of you that are heavily dependent on social networking sites.
The downside to using Dropbox’s Camera Upload is obviously the data usage and battery usage. It’s not a huge battery drain, but naturally the more often your device has to wakeup to upload something, the more effect it’s going to have on your battery. If you don’t mind giving up a bit of battery for the extreme convenience Dropbox offers, though, it’s a great tool to use.
Obviously, Dropbox isn’t the only cloud storage solution for backing up your pictures, but in my opinion, it is easiest to access and effective way. Google offers photo backups through Google+, but they can’t be access in Google Drive the same way Dropbox allows you to from your desktop. Any other cloud service like Box or SkyDrive could also be theoretically used to backup your photos, but they won’t be as automatic as Dropbox.
As mentioned above,cloud storage is becoming the norm for keeping files stored, and Dropbox is at the front of that revolution. But in addition to keeping files stored and synced, you can also use it as a makeshift file transfer application, with or without WiFi. File transfers aren’t quite as fast as they would be with direct WiFi transfer, but it can be a little more flexible to work with.
The first step is moving whatever file you want to transfer to your Dropbox storage space. You can do this through a web browser or you can download the Dropbox application on a PC or Mac to have easy access to it. This is definitely the slowest part, as most people don’t have speedy upload speeds for their internet. Generally, though, for a few pictures or songs, it shouldn’t take more than a few minutes. After the files are moved onto Dropbox, you can access them through the Dropbox app on your Android phone. Download speeds vary here, and if you’re using 3G or 4G, it’ll eat a bit into your data cap, but this works extremely well if you’re at a friend’s house without your USB cable and you need to save a few files off of their computer. You can also favorite any files on your Android device that you want to store for offline access, including pictures, music, and documents. It’s also great for keeping folders synced between your phone and computer.
WiFi File Transfer
There are also options for simply moving files around your WiFi network for photo backups, too. For simplicity, though, Dropbox and the direct PC connection are your two best options.
WiFi File Transfer is a popular app that works very well for moving files around your home network. It’s not flashy, but it gets the job done. The app starts up a service and produces a URL that you can type into your computer’s web browser, and as long as that service is running, you can see your device’s internal memory and SD card. From here, you can download any files to your computer, or upload files onto the phone: music, pictures, movies, word documents, etc. The transfers are very quick, and depending on your router, are even faster than a USB connection.
The free version of WiFi File Transfer is fully functional but can only upload files less than 4 MB in size. That definitely rules out any movies, and most music, too. The Pro version removes this limit, and for only $1.40, it’s worth the convenience of never needing a USB cable for file transfers again.
Samba
Samba servers are a little more complex than what we’ve covered, but they’re also more convenient, with just one caveat; if you’re running Windows on your computer, your Android device is probably going to need root. If you’ve got a rooted device, this is easily the best option to use to get your files transferred. Essentially, installing a Samba server app on your device turns it into a network drive that you can see just like a regular USB stick on your computer as long as they’re connected to the same WiFi network. From here, you can drag and drop files to and from the phone, just like you would if it was connected to your computer via USB cable.
If you’ve got your device rooted, you’re already past the first step. If not, you can check out our guide to get you started. Next, you’ll just need a Samba server app, and in this case I’d recommend this simple Samba Filesharing application just because it’s straightforward to use. In the app, it’ll ask you to set a password before you can enable the server, and you can optionally change the name of your device on the network. After that’s out of the way, you simply enable the server and check for your device on your computer’s network, and you’ll have access to your files after you put in the password you set up. Just enable the server whenever you’re on WiFi to get to your files, and turn the server off when you’re done.
As always, there’s a few different ways you can move files around on your home network. These three just happen to be the most convenient and painless.
How to boot your Android phone or tablet into safe mode for troubleshooting
Android is a relatively stable mobile operating system, but every now and then, performance issues arise. Safe mode is a great tool that you can use to troubleshoot these issues. Safe mode boots your phone running only the apps that came with the phone – that means no third-party apps. Therefore, if your phone runs without an issue when you’re in safe mode, it’s a pretty good bet that the problem isn’t system related, and instead a third party app you downloaded.
Click through the break to see how you can enable safe mode to test if it’s a system problem or a third-party problem.
Unfortunately, not all phones have the same method to enter safe mode. Most Jelly Bean devices use the first method below, but some devices with older versions of Android and some newer devices (like the Galaxy S 4 and HTC One) use the alternate method further down the page.
Method 1 (most Jelly Bean devices)
1. Hold down the physical power button on your device.
2. Long-press the “Power off” option that appears.
3. A dialog box asking you if you want to reboot to safe mode may pop up. Tap OK.
(Note: If the box doesn’t appear, go on to the alternate method.)
4. When the phone reboots, you should see a “Safe Mode” watermark at the botom left of the screen, to let you know that you are in fact in safe mode.
Alternate Method (some older versions of Android and some Jelly Bean phones)
1. Turn off your phone.
2. Once your phone is off, turn it on by pressing the power button.
3. As your phone is booting, hold down both the volume up and volume down buttons (yes, both) and keep them held.
4. Once your phone has booted, you should see a “Safe Mode” watermark at the botom left of the screen, to let you know that you are in fact in safe mode.
Note: If the alternate method also doesn’t work, you can try holding down menu instead of volume up and down while booting.
In safe mode, while you can’t use third party apps, you can uninstall them. So if your phone is giving you problems as bad as freezing and not letting you uninstall apps, you can uninstall the problem app/apps in safe mode. In addition, if you need to, you can backup your data or factory reset your device in safe mode .
To exit safe mode, you just restart your device as you normally would.
Happy troubleshooting!
How to add password protection to your Google Play Store account to prevent unintentional purchases
If you’ve ever let a child play with your smartphone, then you know how worrisome that can be. A wrong tap here, another wrong tap there and your credit card might be charged for money that you’d rather keep in your account. Fortunately, Google has a hidden setting to enable password protection and prevent accidental purchases from the Google Play Store. All you need to do is follow the steps after the break and you’re golden.
1)Open the Google Play Store app.
2)Tap your menu button, and then tap settings.
3)Under “User Controls,” you’ll see an option and checkbox for “Password.” If that’s not checked, tap that option.
4)You will be asked to confirm your password. Type in your Google account’s password, and then tap OK.
And there you go! You will now be required to type in your Google password each and every time you make a purchase through the Play Store – and that includes in-app purchases. One thing to keep in mind is that once you enter your password to purchase an app, you won’t be required to re-enter your password for the next 30 minutes. After 30 minutes or more, you will be required to enter your password again to make any purchases.
Source
Laiman Terms Android Guides Continued...
Continued From Page 12...
Page 13
Android SDK Installation Guide
First you’ll need to download the Android SDK source files: Android SDK
System Requirements
In order to first use the Android SDK code and tools for development you will of course need a suitable environment develop from.
Currently the following operating systems are supported:
Windows XP or Vista
Mac OS X 10.4.8 or later (x86 only)
Linux (tested on Linux Ubuntu Dapper Drake)
You will also need to install a suitable development environment such as Eclipse: Eclipse 4.3
Android Development Tools plugin (optional)
Other development environments or IDEs
JDK
Apache Ant 1.6.5
Installing The Android SDK
First you will need to download the Android SDK pack .zip archive, once downloaded find a suitable installation location on your machine and extract the zipped files.
Please note: This installation location will be referred to as $SDK_ROOT from now on through this tutorial
Alternatively you can add /tools to your root path which will prevent the need to specify the full path to the tools directory along with enabling you to run Android Debug Bridge (adb) along with other command line tools.
To add /tools:
1)Linux
Edit the ~/.bash_profile or ~/.bashrc files looking for a line that sets the PATH variable.
Add the full path location to your $SDK_ROOT/tools location for the PATH variable.
If no PATH line exists you can add the line by typing the following:
export PATH=${PATH}:<path to your $SDK_ROOT/tools>
2)Mac OS X
In the home directory locate the .bash_profile and locating the PATH variable add the location to your $SDK_ROOT/tools folder.
3)Windows XP / Vista
Right click on the My Computer icon and select the properties tab.
Select the Advanced tab and click the Environment Variables button.
In the new dialog box dowble-click on Path (located under System Variables) and type in the full path location to the tools directory.
The Android SDK also requires a suitable development environment to work in, here’s the installation guides for each of the supported environments.
Android Eclipse Plugin (ADT)
If you choose to use the Eclipse IDE as your Android development environment you will have the opportunity to install and run a plug-in called Android Development Tools. ADT comes with a variety of powerful tools and extensions that will make creating, running and debugging your Android applications much easier and faster.
In order to download and install ADT you will first need to configure an Eclipse remote update, this can achieved via the following steps:
1)Start Eclipse, then select Help > Software Updates > Find and Install….
2)In the dialog that appears, select Search for new features to install and press Next.
3)Press New Remote Site.
4)In the resulting dialog box, enter a name for the remote site (e.g. Android Plugin) and enter this as its URL: https://dl-ssl.google.com/android/eclipse/.
5)Press OK.
6)You should now see the new site added to the search list (and checked).
7)Press Finish.
8)In the subsequent Search Results dialog box, select the checkbox for Android Plugin > Eclipse Integration > Android Development Tools and press Next.
9)Read the license agreement and then select Accept terms of the license agreement, if appropriate.
10)Press Next.
11)Press Finish.
12)The ADT plugin is not signed; you can accept the installation anyway by pressing Install All.
13)Restart Eclipse.
14)After restart, update your Eclipse preferences to point to the SDK root directory ($SDK_ROOT):
Select Window > Preferences… to open the Preferences panel. (Mac OS X: Eclipse > Preferences)
Select Android from the left panel.
For the SDK Location in the main panel, press Browse... and find the SDK root directory.
15)Press Apply, then OK
Updating the ADT Plugin
To update the ADT plugin to the latest version, follow these steps:
1)Select Help > Software Updates > Find and Install….
2)Select Search for updates of the currently installed features and press Finish.
3)If any update for ADT is available, select and install.
Alternatively:
1)Select Help > Software Updates > Manage Configuration.
2)Navigate down the tree and select Android Development Tools <version>
3)Select Scan for Updates under Available Tasks.
Coming Soon! How-To Use Eclipse To Develop Android Applications
Source
Reserved
Reserved
Reserved
Reserved
Reserved
taat3 said:
This is gold my friend.Thank you for the time and effort .
Click to expand...
Click to collapse
Yashu1019 said:
You have one big encyclopedia on android in ur head.....thanks dude... helped very much
Click to expand...
Click to collapse
lekroz said:
Thanks
Click to expand...
Click to collapse
Cpt Streamline said:
This is a great post. I am a Noob when it comes to rooting/flashing/developing for Android and I am trying to learn as much as possible. This post will definatly help.
Sent from my GT-P7510 using xda premium
Click to expand...
Click to collapse
Rucifel said:
Thanks for this very useful post. I'm still new to android, and this post will help me a lot.
Click to expand...
Click to collapse
obagiro said:
A Bible for noobies like my poor self... (you gotta start it someday)
Sent from my GT-I9000 using XDA App
Click to expand...
Click to collapse
You're welcome guys,i'm glad it helped you,thats what its here for.
nestorx said:
Eye opener for us first time users of Android... thnks
Click to expand...
Click to collapse
I'm glad its helping you guys,i don't want to contribute something noone can use.
[SIZE="+1"]PART-1-of-2 : Display HASH/Checksum Integrity Code Of Original Files Inside 1st Post & Use HTTPS WebPages/WebSites[/SIZE]
This topic thread is containing various types of info on various matters & areas (related to computers, networks, hardware, software, operating systems, kernels, firewalls, security, protection, prevention, encryption, pgp/gpg, rules & laws, violators, data-miners, data-stealing, vulnerabilities, etc, etc) with primary focus on "PRIVACY-RIGHTS & SECURITY & SAFETY" aspect for Users/People, and their devices, and their used software inside their devices, and the remote-servers where these software are connecting & sending/receiving data with. Our primary focus is NOT how much easy/convenient/nice it is to use something, or how much faster something is, or how many features exist in something.
And we are definitely NOT IN-SUPPORT of how something can or will or should benefit (or needs to secretly benefit), a dictatorial (or harmful or FASCIST) adversary or a SECRET branch (or semi-secret branch or even an open branch) of government or a (public proxy or a private PROXY) Corporation/Company, for doing MASS-SURVEILLANCE or bulk-data-collection or BULK-DATA COLLECTION STORAGE or DATA-MINING activities, WITHOUT ACQUIRING PUBLIC-VOTE FROM MAJORITY-OF-PUBLIC for each specific (secret and not to mention all open) activities. We SUPPORT those activities (and laws, sub-laws, etc) which at-first benefits majority (or close to 100%) of all Public and upholds public (and their persons, houses, papers, and effects) safety & security & privacy & civil RIGHTS & Civil Liberties, according to the country's highest laws which Majority-of-Public of that country have PUBLICLY-VOTED-FOR. (Though not a perfect example, but for the sake of an example, we can mention this example: USA Bill-of-Rights (aka, USA-Constitution, aka, USA Amendments), ICCPR (International Covenant on Civil and Political Rights)). And we SUPPORT such activities (or laws or sub-laws or clauses, legislatures, etc) only-when those are NOT loosing or NOT violating any bits of Privacy Right (for example, USA 4th Amendment Right) or any other Civil Liberty Rights. We DO NOT SUPPORT such SUB-LAWS (aka, Referendums, clauses, legislatures, etc) which are created in a CLOSED or secret or non-open session with NON-MAJORITY of people's decision or with CORRUPTED or BRIBED leaders' (aka, Law-Makers', aka, Public-Servant) decision, and then such sub-laws are used for abusively governing majorities or minorities. We consider such sub-laws are invalid & illegal & unethical in a real healthy democratic system, and so we will not support such unethical sub-laws. But in a special-case, a single person's (and not a group of persons, and NOT at-mass-scale) very-specific personal-record can be REQUESTED-for to-be looked-upon, when+if it is (technologically or humanly) possible (without violating any RIGHTS of even a single-other person, it also means, NO-backdoors are placed or existing in device technologies which can be used to decrypt or to allow collecting or sending or storing data from multiple (or even single) person & from their devices), and when probable-cause/reason AND sufficient-proof exists, and presented to impartial+unbiased+neutral jury & judge, (where, each jury member & each judge's all public records must be available for public access), in an open PUBLIC discussion COURT, with both side present in the court or both side's representatives are present in court, and when jury or judge at-end decides to do so. And such proceeding must also uphold the Right (for example, USA 5th Amendment Right) of any person (and their any device) not-being forced or tortured or hacked, to expose or incriminate themselves, it also means, it allows a person Not-Disclose any of his/her Password or Encryption-Codes or Keys, etc, if he/she chooses or decides to do so.
We will use many acronyms, synonyms, etc, and we will try to keep conversation understandable for average general users of this forum. But, PLEASE CLICK on Acronyms, Synonyms, Links, and REFERENCES items, when you are unable to understand what we are talking about or what we are indicating to or what we are pointing at, and then attentively read further, and then please come back & please continue to the end, as different concepts & different portions of security & privacy are mentioned into different posting.
Links to significant content/post under this thread-topic:
* Post #1: (this 1st post) Info On Necessity Of Using Hash/checksum Integrity Codes, Why Hash Needs To Be Shown On HTTPS webpage How to Calculate/Find Hash codes, Known Weaknesses In Various Hash & Encryption Related Applications & Systems.
* Post #2: Part-2-of-2 for 1st/top post, References.
* Post #3: List Of Hash/Checksum Calculating Apps & TOOLS For Various Different OS & Platforms.
* Post #4: List Of File Compression+Encrypt & Decompression+Decrypt Apps/Tools, List of AppStores, List of Repositories.
* Post #5: Basics on PGP, GPG, OpenPGP Based Verification Of File's Integrity, File-Size, File's Author. How To "Securely" & Correctly Obtain Signing Key/Cert. Where To Show & Share File Signing-Key, Signature File, etc. Which File Signing-Key Or Which Own Key From Author Can Be Trusted. Which Level Of Trust Can Be Used For Signing & Setting Trust-Level, When It is Necessary (and Not-Necessary) To Set Trust-Level.
* Post #7: How To Securely Share Password & Hash Codes & Files With Destination Users, over OTR or END-TO-END ENCRYPTION Supported Secure Instant Messengers software clients.Hi,
DEVS (developers or authors) who release software or data files, should SHOW/share file's HASH/CHECKSUM tiny integrity code, like MD5 and SHA-256 etc, on the 1ST POST / 1ST MESSAGE (of a forum-topic for any category of forum-thread). Please also show/share file's full BYTE SIZE, ... Not it's MegaBytes or KiloBytes or GigaBytes, etc.
Right click on any file, and see/view its "Properties" or "Info" option, it will show you full byte-size, select that portion of text with your mouse & copy (Ctrl+C)(Command+C), and then paste (Ctrl+V)(Command+V) on your 1st post. You only have to do it only-once for each file when you release it for 1st time, and when you release a newer or updated file or version of software. See the 3rd post in below for software tool list, to find out what file-explorer or what file-management software or what tools or what shell-addons, etc you can use for your preferred choice of OS+hardware platform. (Quick-Tip: Inside Android based OS you may/can use "Total Commander" (by C. Ghisler), or, "ZArchiver" (by ZDevs), etc app/tool, to view (and copy) full byte size).
Acronyms, Synonyms:
aka = also known as. alias. alternatively known as, or, alternative similar.
cert = certificate, it is a type of public-side encryption-key. This is needed for HTTPS encrypted communication or data-transfer.
protocol = communication (or data-transfer) language, for computer & any internet connected devices.
TA = Trust Anchor. The beginning/root/source piece of a trusted certificate/key system. aka, trusted anchor, aka, trusted authority (aka, trusted third/3rd party, aka, TTP, aka, TTPA), aka, Certificate Authority (aka, CA).
TLS = Transport Layer Security (TLS). TLS is Successor (aka, Next version) of SSL (Secure Sockets Layer) certificate. It's used for encrypted data/content transport & authentication system, (like, HTTPS, SMTP+TLS, IMAPS, POP3S, etc), to prevent eavesdropping and tampering of data/content in transit. TLS/SSL cert helps to create a secure encrypted PIPE or TUNNEL or TUBE for internet data packets, it is like using a non-transparent pipe/tube or non-transparent glass-bottle for delivering liquid-material into a remote location, where the liquid-material can deteriorate (means, quality or integrity is reduced) if UV-sun-light can shine on liquid directly, example of such liquid is Citrus-oil & other edible-oil.
TLSA = aka, DANE. DANE is part of DNSSEC standard, (dnssec is the standard AND next-version for older DNS standard). TLSA DANE is used for TLS/SSL certificate authentication, via DNSSEC based system, for HTTPS & similar encrypted webpages & web-contents. See in below "REFERENCES" section in 2nd-Post, where i have shown Links-to, How to create TLSA DANE code from TLS/SSL cert, How to add TLSA DNS records in name-server, How to enable DNSSEC for a name-server, How to enable DNSSEC authentication chain with higher level domain-name registrar, etc.
And it would be better, if this entire (xda-developers, aka, xda-dev) website is shared with visitors/users over HTTPS (aka, encrypted) connection based webpages.
A fair strength SSL cert (aka, TLS cert) is now around $6/yr. There are also FREE TLS/SSL cert providers. Search for "LetsEncrypt free SSL cert" in bing/yahoo/google, also see "References" section in below, where i have shown very important links on How to obtain TLS cert, How to decide which TLS cert to use, Which tools can be used, etc.When DNSSEC verification system is applied in name/dns-servers of a website (aka, domain-name) (and also applied into related software/hardware components), then, used TLS/SSL cert can become even more or super secured (and double channel/TA authenticated) to deliver & show the content of webpage.And for this (double TA authentication of webpage content data) to work, user/visitor side also need to use (inside their own computer) a local full dnssec validation supported dns-resolver software ( like, "Unbound" by NLnet Labs https://www.unbound.net/ ) and a dnssec+tlsa validation web-browser addon ( like, "DNSSEC-TLSA-Validator" by CZ.NIC https://www.dnssec-validator.cz/ ).Those two components will display two extra icons in web-browser's url-bar. One icon will indicate if obtained "website" is DNSSEC authenticated or not, and the other icon will display indication if the displayed "webpage" has used correct & DNSSEC-TLSA verified TLS/SSL certificate or not.
HTTPS or SSH or VPN or DNSSEC etc is very secured & encrypted protocol (when higher-strength encryption is used), but HTTP or old DNS or FTP is not. HTTP or old-DNS or FTP is "open", it means its Not-Encrypted, not secured, so internal-content or internal data is not-private, and data/content can be viewed & eavesdropped very easily. For example, when we mail "postcard" to a destination user, via post-office, then such "postcard" is open & it's contents are easily visible to postman and to anyone who have access to mailbox, and also visible to anyone who lives in the destination address location, so it cannot be private or personal anymore. It is also like using a transparent-colored (or see-through) PIPE or TUBE or TUNNEL for delivering water into a tree or garden, where anyone can see the water flowing through the pipe. But using HTTPS means (for example) like this: using a NON-Transparent PIPE or TUBE or TUNNEL to deliver (or receive) liquid material into (or from) a remote or distant location, where such liquid material can deteriorate if UV-sun-light can shine on the liquid, for example, like, citrus-oil or other edible-oil, etc. So to keep the quality of oil intact, inside the pipe, we need to use a non-transparent pipe, to block harmful portions of sun-rays.
When a website or web server connection is using encrypted HTTPS protocol, then in web-browser's URL bar (where web-site address is shown), it will usually display a tiny "Lock" icon/picture, and website address will also begin with https://... not with http://...
"Encryption" is like a cloth/dress/jacket for internet data/packets, it is like using cloth/dress/jacket for a human body, and its like using an Envelope (as a wrapper) for a personal or private (or secret) Mail Message/Letter, before we post it via post-office. But mailed "postcard" (does not have envelope, so it) is open & visible to many, so "postcard" is not private, not personal (in many cases). Encryption or Cloth or wrapper or shield or jacket, protects the internal-thing (aka, internal-content, aka, payload, aka, data) & keeps it intact & unmodified, from environment / stress / abuse & unwanted prying/spying eyes (and from nosy bad people or thief, and from computers made by nosy bad people or thief), and encryption or cloth or jacket protects from harmful things (virus, bacteria, UV-rays, malware software code, data corruption & manipulation, etc) which are out there. And encryption or cloth also keeps you & your family members and your co-workers and your community & neighbors more civilized & secured, like using cloth/dress on human-body, which creates moral shields & security, and also creates security & sense of decency, and also creates barrier for abuse, and reduces chance of abuse, and reduces chance of future abuse. Breaking-seal or Tearing of any Enveloped-Mail message communication by a non-receiver (aka, non-addressed) person or system, is a USA-federal crime, and ofcourse it is also crime in almost all country in world. Breaking seal of sealed-message or tearing of enveloped-mail is treated as crime since these were invented very very long time ago. Similarly, removal of cloth/dress from human-body (aka, nudity) in front of other's kids/children or in (kids/child) school or similar ground/area, is also a USA all-states wide crime, and forcefully removing someone's cloth/dress is even much worse, and even higher level of crime (violation of multiple Human Rights). Please do not support & do not encourage those violators/thieves who forcefully remove cloth/dress or forcefully remove encryption or forcefully decrypt.
Non-Encrypted (aka, open) data packets are faster, because its easier & faster to generate & deliver. But, generation of Encrypted data packets (for different & specific destination location of users & software-clients) are comparatively more computing resource consuming, and thus more time consuming.
Showing any file's hash code (MD5/SHA1/SHA-256) etc checksum, over an un-encrypted or open or HTTP based webpage, is useless & not-secured & not-trustworthy, but slightly better than none. Because, many adversary or many entity or many group or many person or many software, can eavesdrop or alter or change UN-ENCRYPTED internet data traffic very easily. And its easy to steal/blackmail/abuse personal or private data from Un-Encrypted (aka, open) internet data.
Hash/checksum integrity-code (of a file or data), is like a PHOTO-ID of a person, which is attached on a person's passport or on a photo-id-card,
MITM = man-in-the-middle, aka "middle-man". For example: Wireless carriers, Internet connection service carriers, Online/Cloud Email service providers, Corrupted government surveillance agencies (USA based agencies are in top of this list) which are illegally (without obtaining majority of people's vote) have placed computers & routers & gateways to monitor & record & collect data in bulk & mass scale. So middle-man means, anyone (or any computer/router/component), who-ever (or which-ever) sits/exists in-between (or in-middle of) you (or your computer), and, your communication destination person (or computer).
By verifying a downloaded file's actual hash/checksum (INTEGRITY) code, against or with a developer's shared+original hash-code, which is shown in 1st-post of forum website or (in developer's own website) over HTTPS connection, ... users & visitors can figure out, if downloaded file (in their-side) is STILL AUTHENTIC, or has got MODIFIED by someone or by some-program, or got ALTERED or CHANGED by someone or by some program or by some script-codes, in transit (means, in the middle of the way), or got modified or intercepted by a "middle-man" (aka, MITM) type of script or program or person or entity or adversary.
When users or visitors can have (or can obtain) the original CHECKSUM integrity code, shown on a (ENCRYPTED HTTPS) WEBPAGE (created by original developer/author, locating in original developer's/author's own server computer), ... then, it does not matter, from whatever website the main file or data file is (or will be in future) coming-from or downloaded-from, into user's or visitor's computer. AND it also does not matter whatever NON-ENCRYPTED connection protocol or software is used, to obtain the main file. Because user or visitor has obtained the tiny hash/checksum code (or checksum code file), over a HTTPS based secure + TRUSTWORTHY + encrypted connection.
Many devs/authors or (owners or builders of) websites use a file-naming-format like this to share the checksum integrity code thru a file, i.e.: a "filename.md5" is indicating this checksum file has the MD5 checksum code for the main file "filename". Similarly, the "filename.zip.sha256" is indicating it contains the SHA256 integrity code for the main file "filename.zip". These checksum files must be delivered to users/visitors over a HTTPS encrypted connection. Then main file "filename" or "filename.zip" can be downloaded or obtained or delivered via HTTP or FTP etc any un-encrypted connection. If the author/developer/website-owner is smart, then they/he/she would also include full byte-size of main-file inside the checksum file. You may use the "DownThemAll" addon in firefox web-browser, and set addon settings to show full url (or, unselect the option "Show only filenames"), then check if the checksum-file's url has started with https://... or http://... And, a pre-obtained hash/checksum integrity code can be entered into the file download window, shown by the DownThemAll addon, before initiating the download in firefox. And then, this addon can auto check file's integrity, immediately after downloading the main file (over HTTP/FTP etc any connection). But this auto integrity check functionality is buggy & not available in all OS platforms yet. And using a separate software tool (other than what has downloaded it), to check the integrity of file, is a better security practice.Request file releaser/developer (or owner/builder of website webpages) to share the checksum integrity codes on a HTTPS webpage, or request to share the checksum integrity FILE over a HTTPS based connection. If you keep your mouse pointer icon on a checksum-file, then it should display the URL in bottom-side somewhere, and check if url has started with https://... or with http://...
Even if, an entire file or software tool is delivered to users/visitors over HTTPS based encrypted connections, the dev/author still need to display it's hash/checksum integrity codes. So that integrity code is helpful when file is (or will be in future) delivered from some (or any) 3rd party websites/web-servers, or from mirror websites, or from file-sharing websites or from different content delivery servers (even though its under the same domain-name), or when file was shared by a 2nd/3rd/4th-party person, who is not the actual (1st party) developer/author.
When a file or software is delivered to a visitor/user from the (actual or) original dev's (or original author's) own website, and when the file and the webpage (html/php/cgi) (which is showing the file's checksum info to user's/visitor's web-browser), ... when both (file & webpage), are delivered-to (or obtained-by) user/visitor from exact same physical web server computer, and over exact same type of SSL/TLS cert based HTTPS encrypted connection, and from exact same domain or from exact same sub-domain, only then, displaying the file's hash/checksum integrity code on the HTTPS webpage, is slightly-less necessary, BUT that said, it is STILL always BETTER to show the integrity code even in such case, so that user/visitor can check (now and in future) the integrity by using the shown hash/checksum code anyway, just to be 100% sure.
Why? Because, webpage & file, (are two different things), each goes to user/visitor over at-least two different SESSIONS : in 1st session, webpage could be showing one set of data using certain encryption strength, but when 2nd session is initiated for some file TRANSFER/download, then a different (LOWER/downgraded/fall-backed) STRENGTH ENCRYPTION or No-Encryption can be FORCED to be used, to intercept & deliver a manipulated data stream (or to eavesdrop). Even the session for webpage, can also be compromised & false checksum for main file can be embedded into webpage. Such exploit has happened, and many (client-side) software & web-servers are still (Dec, 2015) not completely protected from such exploits & vulnerabilities.
CDN = content delivery network. a type of (multiple) file server set. Usually a 3rd party (hosting/cloud/CDN) server (or set of servers), which has (or have) very faster internet connection, to very-quickly deliver webpages or certain files or certain components of webpages, into visitor's/user's web-browser client software.
So, displaying tiny HASH-code (aka, integrity-code) of any (software/media/data/main) file (and displaying it's full byte size) on a HTTPS based webpage, is a very essential step for secured file-sharing, with one of the lowest level of real-security, ... displaying a file's integrity code over HTTPS is very essential, that, it does not matter weather encrypted connection is used for the main file download or not, because file's data-manipulation or intercept is still possible, ... so downloaded any file must be checked after download, by comparing it with correct integrity codes, just to be 100% sure that received file is still 100% intact, ... and this, is a very BASIC SECURITY & BASIC SAFETY (COMMON) SENSE, which, everyone should have & practice, specially when files are delivered-to (or downloaded-by) users or visitors, from some 3RD-PARTY file-sharing (or mirror or cloud or hosting or CDN based) websites or web-servers, or when files are shared by (or will be shared in future by) a (2nd/3rd/4th party) person who is not the actual or not the real author/developer/creator (1st party) of the file (software/media/data).
"Best" (or, one of the "BEST" option or practice) is to publish the author's/developer's/releaser's FILE-SIGNING public-side encryption KEY (aka, public-side certificate), into DNSSEC based resource-record (RR), and also show the public-side key/cert code or file on a HTTPS based webpage (or share with user/visitor thru a HTTPS based file). Such KEY file/code MUST be shown from original author's own server from their own home or office, which must not have any-access by any-other user or group, who are not part of the software project. And original author must also own the SSL/TLS cert, used by the sub-domain or domain name of that server. Then author/developer/releaser must do a PGP or GPG or OpenPGP "sign" step/process for the main/data file, and must share the resulted "signature" file, (aka, "sig" file or "asc" file) with user/visitor, also over HTTPS based encrypted connection, (and author should include main/data file's checksum & full byte-size inside the ("sig"/"asc") signature-file). Then main/data file can be shared-with or delivered-to any user/visitor, over any type of connection, either open or encrypted any type connection, and from any type of web/file-server, or from any type of 3rd-party server: Mirror/CDN/Cloud/Hosting etc. (For more info or basics on GPG or GnuPG or PGP or OpenPGP based file-&-author-&-size, all authentication (aka, verification) process, see below into 5th post, related to PGP/GPG).
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
CONTINUED ON NEXT POST.
SEE NEXT POST, FOR PART-2-of-2.
REFRENCES:
Moved references into 2nd/below post.
Well informed (and well spirited) suggestions to improve this & other posting info, are welcomed, but please provide your links & references. Or, add/post your own posting related to this thread, under this thread (or in your own or other thread, and let me know), then i can add link to it in the top/1st post, if its correct. Thanks in advance. #xda-devs @ irc.freenode.net
Note:
I have tested most but not all.
Note:
I have copied various info portions on this & my other posts, from various other websites & authors, with their permission obtained. Most of which are mentioned inside each post's "References" section.
Display HASH/Checksum Code Of Original Files Inside 1st Post & Use HTTPS WebPages
[SIZE="+1"]PART-2-of-2 : Display HASH/Checksum Integrity Code Of Original Files Inside 1st Post & Use HTTPS WebPages/WebSites[/SIZE]
At the time of this message/post initial writing, it is now June, 2015: every 18 to 24 months or so, general computing power is doubling up since/around 1971. And, in every 12 months or so, super-computing power is doubling up. Displaying/showing/informing ONLY the MD5 hash-code of a file, MUST be avoided, as MD5 was cracked long time ago (in around 2004), cryptanalysis showed wrong files can be created to have/produce/show same MD5 (you may want to see the PDF file linked in below reference section). Fake MD5 based SSL certificate-authority (CA) is existing since 2008, which is more dangerous than any single MD5 based SSL certs. Displaying only SHA-1 hash-code must also be avoided, it was also cracked few years earlier (in around 2009, then again in 2011, and then again in Oct, 2015, and getting more easier by each time). Displaying (only) SHA-256 code is better & still fine for now (yr2015-june). Displaying of MULTIPLE hashing integrity codes for same file, is also very fine step, infact, it is better. Like showing both: SHA-1 & SHA-256, or, MD5 & SHA-1, or, MD5 & SHA-256, etc. Because, to create a fake file to match both types of hash-codes & also matching the shown file size, would be almost-impossible, (but not totally impossible). Using SHA3-512 (by USA-NIST) or SHA-512 (by USA-NIST) etc is always better than using any other lower strength hash (Jan 2016). You may also consider to use Skein hash, or use both Skein & SHA3-512 (or SHA-512). Whenever a lower strength hash algorithm or mechanism is used, then that data-portion is secure for a less-longer time (it means, that data-portion is secure for a shorter time period), than a data, which is hashed using a higher strength hash algorithm or mechanism.
Please use (one of) those or other hash/checksum calculating software tools/apps, and compute checksum/hash-codes for files, and copy-paste those hash-codes (and file's full byte-size) into your 1st post/message, under each released file or file-link, immediately when you release. A dev only need to do it once (one-time), when he/she releases a new file.
Thanks for considering & practicing.
-- Erik.
REFERENCES:
* https://eprint.iacr.org/2004/356.pdf (PDF file) (Practical Attacks or Risks on Digital Signatures Using MD5 Message Digest 5, in 2004).
* wikipedia.org/wiki/Comparison_of_file_verification_software
* wikipedia.org/wiki/Hash_function_security_summary
* wikipedia.org/wiki/Collision_attack (researchers use such techniques for finding a data(-file) with same Hash integrity code, to see weakness level in hash functions, including how weak is PBKDF, PBKDF2, etc based protection, because hardware computing power around us, are changing every 12 to 18, or 18 to 24 months. When we know how risky or vulnerable a thing is, or When we know what amount of danger exists in a thing, then we can improve (and have a chance to improve) it by reducing risks/dangerous items/components and fix it).
* wikipedia.org/wiki/Comparison_of_cryptographic_hash_functions
* http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331 (RSA encryption codes are backdoored (in 2004) for Mass Surveillance (aka, Bulk Data Collection) by USA-NSA, which is in violation of multiple Amendments of USA Bill Of Rights, not to mention it was in violation of worldwide many other Laws & Rights).
* https://pomcor.com/2016/02/09/nsas-faqs-demystify-the-demise-of-suite-b-but-fail-to-explain-one-important-detail/ (NSA’s FAQs Demystify the Demise of NSA's Suite-B for Cryptography, but Fail to Explain One Important Detail, written by Francisco Corella, Feb-09, 2016)
* https://sites.google.com/site/ItsTheSHAppening/ (Not-so-costly hardware-sets or systems can be used (in Oct, 2015) easily to create SHA1 collisions, demonstrated by Marc Stevens (CWI, the Netherlands), Pierre Karpman (Inria, France and NTU Singapore) and Thomas Peyrin (NTU Singapore)).
* http://www.WashingtonPost.com/world/national-security/us-israel-developed-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html[/b] (The "Flame" virus was, invented at-least 5 years earlier of 2012 by United States of America (U.S.A) & Israel, jointly. Though it was used (by them) for long time, but this info (was disclosed to public, aka) came to public knowledge in 2012, it+they used MD5 weaknesses in SSL certs).
* https://www.win.tue.nl/hashclash/rogue-ca/ (Fake MD5 based CA cert, in 2008, which used complete new type of attack which no other earlier researchers even mentioned/indicated/found. Such news should create questions in your mind, if not, something wrong with your brain & body, question like this: So how about SHA1 based SSL certs or others ? Even after cryptanalysis researchers suggested long time ago, not to use SHA1 after 2010, then why many CA (SSL cert providers) are still providing SHA1 based SSL cert even in 2015 ?!!! Another question should come to your mind, Why & how few countries or businesses still received MD5 based SSL certs & kept on using it, even after 2008 ?!!!).
* en.wikipedia.org/wiki/PBKDF2 (Read & analyze & follow related & referenced links to understand, why all developers & users should use stronger Hash & longer length password, in various software login components & in file/data encryption components & in other areas).
* https://tools.IETF.org/html/rfc5246 (RFC-5246 : TLS-Protocol-1.2, and updates).
* wikipedia.org/wiki/Cipher_suite (Various Combinations of Authentication, Encryption, Message Authentication Code (MAC) and Key Exchange Algorithms, etc which are used for TLS/SSL certs, for HTTPS & similar encrypted connections). https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml (List of Cipher Suites), OpenSSL-ciphers , GnuTLS-ciphersuites
* What SSL/TLS Cipher Suites Should Be Used in a High Security HTTPS environment? (discussed & voted by members of StackExchange.com).
* Testing for Weak SSL/TLS Ciphers
* https://LetsEncrypt.org/howitworks/ (Obtain FREE SSL/TLS Certificates for your domain-name & web-servers. Unfortunately it needs to run inside a web-server with root-level access given to it for major updates, OR, obtain LetsEncrypt-NoSudo which does not need root-level access). Read more info from wikipedia.org/wiki/Let's_Encrypt.
* https://httpd.Apache.org/docs/2.4/ssl/ssl_howto.html (How to add SSL/TLS certificate in Apache httpd web server).
* https://www.OpenSSL.org/docs/faq.html (FAQ on OpenSSL & Certificate).
* http://GnuTLS.org/ (Though this project website itself is not using any HTTPS server yet, but it is a very very good alternative of OpenSSL tool, and GPG based authentication can be done on downloaded files), wikipedia.org/wiki/GnuTLS , http://gnutls.org/manual/gnutls.html
* wikipedia.org/wiki/Comparison_of_TLS_implementations (Comparison of various types of certificate creator software & tools).
* https://www.InternetSociety.org/deploy360/resources/dnssec-registrars/ (How To Secure And Sign Your Domain With DNSSEC Using Domain Registrars).
* https://www.ISC.org/downloads/bind/dnssec/ (Basics of enabling DNSSEC using BIND domain name-server). Automatic DNSSEC Signing With BIND NameD.
* https://wiki.Debian.org/DNSSEC (Enabling DNSSEC based domain-name resolution by using various name-server software, on Debian linux).
* https://www.Unbound.net/documentation/index.html (How to use "unbound" in your computer as a local full DNSSEC supported DNS resolver).
* https://www.internetsociety.org/deploy360/blog/2013/12/want-to-quickly-create-a-tlsa-record-for-dane-dnssec/ (How to publish a free or self-signed or purchased SSL/TLS certificate in TLSA/DANE DNSSEC record for HTTPS based web-servers).
* https://www.internetsociety.org/deploy360/resources/dane/ , https://tools.IETF.org/html/rfc6698 (Standard definitions on DANE, aka RFC-6698). Rfc7218 (DANE-acronyms). Rfc7671 (DANE operational guidelines).
* https://tools.ietf.org/html/rfc7469 (Public Key Pinning Extension for HTTP, aka, HPKP). Use HPKP as well as DANE. You may also want to see HSTS (HTTP Strict Transport Security) and HSTS-weaknesses.
Note:
Well informed suggestions to improve this & other posting info, are welcomed, but please provide your links & references. Or, add/post your own posting related to this thread, under this thread (or in your own/other thread, and let me know), then i can add link to it in the top/1st post, if its correct. Thanks in advance. #xda-devs @ irc.freenode.net
Note:
I have tested most but not all, and i have copied various info portions on this & my other posts, from various other websites & authors, with their permission obtained.
File Hash/Checksum Integrity Code Calculating Tools & Apps For Multiple Platform & OS
[SIZE="+1"]C[/SIZE]HECKSUM or [SIZE="+1"]H[/SIZE]ASH [SIZE="+1"]INTEGRITY[/SIZE] code [SIZE="+1"]CALCULATOR TOOLS[/SIZE]/APPS:
These are very common & easy to use tools.
Over time, file-sharing website or account, etc goes down or expires, but if the hash/checksum-code is obtained & known, from original developer's work or developer's 1st post (from forum websites), then original file still can be obtained/downloaded from any other locations, or uploaded-&-shared by ANY other USER or group, WITHOUT the FEAR & CHANCE, that, (one or more) MALWARE/virus/trojan/backdoor etc was EMBEDDED by that user/sharer/group/MITM. And hash-code (aka, checksum-code, aka, integrity-code) also helps to make sure, that, correct & intended files are used by users/visitors now & in later times.
OS = Operating System. It is a system of governing inter-communication in-between various hardware components & firmware components & software components. It has the potential of becoming self-aware (aka, have a form of soul), if enough intelligence (from other intelligent beings, and nature) is transferred/trained/shown/recorded into it, and if enough freedom is permitted for its various components & functions.
In Microsoft [SIZE="+1"]Windows[/SIZE] OS:
developers/users/visitors may obtain & load any below apps/tools (from any link, if they wish to), these tools can add an extra tab/page, inside file's "Properties" info-window (or can add an extra right-click context-menu item), which can be used from "Windows Explorer" (it is a GUI shell window for file management in Windows OS computers). Just right-click on any file, goto "Properties", then find+goto "Hash" tab or similarly named tab, and then click on "Calculate" button or similar button, to view that right-clicked file's md5, sha-256, etc hash/checksum tiny integrity codes. You can press both Windows-Flag button & the E button together, to start the Windows Explorer, in windows.
* https://github.com/arktronic/hashprop/
* https://www.safer-networking.org/products/filealyzer/
* http://www.febooti.com/products/filetweak/members/hash-and-crc/
* http://implbits.com/products/hashtab/
* http://code.kliu.org/hashcheck/
* https://github.com/gpfjeff/winhasher
* https://code.google.com/p/jdigest/
Above or below websites, which are NOT using a HTTPS based webpage or connection, for showing the hash-code of their hash-calculating tool file, those website's owner/developer must add a TLS/SSL-certificate in their website server, and must show hash-code of file on a HTTPS (encrypted) webpage, and must allow users/visitors/developers to obtain such important & INITIAL level software tool/app over HTTPS secure+encrypted connection.
Once such a tool/app is obtained securely & installed in a developer's computer, then, a developer only need to calculate only-once for each file & show the tiny few bytes of alpha-numeric characters of HASH/checksum integrity codes (next-to or under the filename or file-link), shown on a HTTPS (secure+encrypted) forum WEBPAGE (in the 1st post/message of a forum-thread or forum-topic), and then, any large or small size files can be delivered to users over any non-encrypted connection link/page, like: HTTP, FTP, p2p (bittorrent), etc, and can also be delivered to users from any 3rd-party websites.
CLI = Command Line Interface.
[SIZE="+1"]MacOS/Linux/Unix[/SIZE]:
start a "Terminal" window (a CLI shell), type "openssl md5 " (without those double quote symbols, and enter a single "space" character after that "md5" word), or type "openssl sha256 ". Then, from MacOS "Finder" app (which is equivalent of "Windows Explorer", or, "Total Commander", etc), DRAG-&-DROP that downloded file on the end of the word "md5" or "sha256", in that "openssl" line in "Terminal" window. Then press "enter" or "return" button, and you now have checksum/hash-code. Getting tiny hash-code is that easy.
In [SIZE="+1"]MacOS[/SIZE]:
user/dev may use below few GUI based hash calculator tool:
HashTab:
http://www.implbits.com/Products/HashTab.aspx
previous link is not on a HTTPS webpage & it asks for email registration.
free.
HashMaker:
https://itunes.apple.com/us/app/hashmaker/id509733654?mt=12
free.
In [SIZE="+1"]MacOS & Linux/Unix[/SIZE]:
many other command-line interface (CLI) based hash/checksum code calculator tools can be used, too many to list here.
In [SIZE="+1"]Linux/Unix[/SIZE] OS:
below hash/checksum code calculator tools may be used:
DeepDigest:
https://sourceforge.net/projects/deepdigest/
Update, Mar 5, 2016: SourceForge (SF) website has began to allow HTTPS encrypted connections, for all general users & visitors (at-least for USA side users/visitors). To view HASH code of files, over HTTPS webpage/connection, their forced sign-in/login process/policy is not required anymore.
Older (Jun 20, 2015) info: After login/sign-in into SourceForge (SF) website, if you click on the circular "i" icon next to filename, then it can show hash-code of the file, but its not obtained over a HTTPS based query in all locations ! Unfortunately SF requires users to login 1st, before pulling & showing any hash/integrity code, (and the SF website is not HTTPS based by default on all locations), so targeted attack & alteration is possible toward a certain locality or user.
[SIZE="+1"]Android[/SIZE] / [SIZE="+1"]AOSP[/SIZE] / [SIZE="+1"]CyanogenMod[/SIZE] / [SIZE="+1"]Replicant[/SIZE], etc OS:
user/dev may use below app (GUI tool), to calculate hash/checksum code:
Hash Droid (by Hobby One) : open-source, free, available in PlayStore, it does not use Un-Necessary Permissions & does not do unnecessary system level Accessing:
https://play.google.com/store/apps/details?id=com.hobbyone.HashDroid&hl=en
ZArchiver (by ZDevs): free, file compression/decomression tool, available in PlayStore, it can show only MD5 (in current version 0.8.3) when "Information" option is chosen after touching & holding-onto a file, it does not allow to copy the MD5 code, this tool does not use Un-necessary Permissions or System Level Accesses:
https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver&hl=en
[SIZE="+1"]iOS[/SIZE] (Apple [SIZE="+1"]iPhone[/SIZE] / [SIZE="+1"]iPad[/SIZE] etc devices) OS:
user/dev may use below free, open-source checksum calculating tool:
info coming here later.
So far no free hash calculating tool is found in iOS !!! out of 1.4 million iOS apps, not one free app to check hash integrity of downloaded files !!!
A free MD5 hash/checksum calculating library is available for iOS apps, so if any free File management or Archiver type of app can integrate it, then they can provide the feature for "free", it can also be adapted for other hash functions : https://github.com/JoeKun/FileMD5Hash
Microsoft [SIZE="+1"]Windows 10 Mobile[/SIZE] / [SIZE="+1"]Windows Phone[/SIZE] OS:
user/dev may use below free checksum/hash calculating tool:
Hash Express (by eCodified) : free, available in Windows-Phone appstore:
https://www.microsoft.com/en-us/store/apps/hash-express/9wzdncrdmnj7
Hash (by Miroslav Veselý) : free, available in Windows-Phone appstore:
https://www.microsoft.com/en-us/store/apps/hash/9wzdncrdmn99
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
Note:
If you find free tools are useful or helpful and not-intrusive for you, then please try to donate what you can, so that developer/group can continue to develop & update & provide a non-intrusive program for free. Please do not donate & do not encourage those, who makes intrusive/spying programs.
Note:
I have tested most but not all, and i have copied various info portions on this & my below posts, from various other websites & authors, with their permission obtained.
File Compression (zip, archive, compact, pack) & Decompression (unzip, unarchive)
[SIZE="+1"]FEW CHOICES FOR FILE COMPRESSION (aka: ZIP, ARCHIVE, ENCRYPT, COMPACT, PACK), or, DECOMPRESSION (aka: UNZIP, UNARCHIVE, DECRYPT, EXTRACT, UNPACK) TOOLS:[/SIZE]
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]Windows[/SIZE] platform/os:
7-zip : open-source, GUI, CLI, 7zip-manager can compress+decompress multi files+folders, encrypt/decrypt, LZMA & various other formats & algorithms are supported.
http://www.7-zip.org/
https://SourceForge.net/projects/sevenzip/
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]Mac OS X[/SIZE] platform/os:
(some core portions of this OS is BSD or FreeBSD Unix)
7zX : a 7-zip based derivative, GUI, encrypt is supported, it can do only one file at-a-time compression.
http://7zx.UpdateStar.com/
Keka : a 7-zip based p7zip derivative, open-source, GUI, compress+decompress tool, encrypt/decrypt, obtain free-edition from their website.
http://www.KekaOSX.com/
The Unarchiver : GUI, decompression tool, decrypt only, obtain it from Apple iTunes Mac AppStore.
https://itunes.apple.com/us/app/the-unarchiver/id425424353?mt=12
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]Linux/Unix[/SIZE] platform/os:
p7zip : a 7-zip based derivative, open-source, compress+decompress tool, encrypt/decrypt.
https://SourceForge.net/projects/p7zip/
p7zip for Debiaun, Ubuntu, etc.
https://packages.debian.org/sid/p7zip-full
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]Android[/SIZE] [SIZE="+1"]/[/SIZE] [SIZE="+1"]CyanogenMod[/SIZE] [SIZE="+1"]/[/SIZE] [SIZE="+1"]Replicant[/SIZE], etc platform/os:
Total Commander by C. Ghisler : file management software/tool, available in Google Android PlayStore, it can compress & browse/view, encrypt only. It requires such Permissions: Photos/Media/Files (modify or delete the contents of your USB storage, read the contents of your USB storage), Other (access Bluetooth settings, pair with Bluetooth devices, full network access, view network connections, prevent device from sleeping, install shortcuts).
http://www.ghisler.com/android.htm
https://play.google.com/store/apps/details?id=com.ghisler.android.TotalCommander
ZArchiver by ZDevs : available in PlayStore, free, it can compress+decompress and browse/view, encrypt/decrypt, it does not use Un-Necessary Permissions or System Level Accesses.
https://play.google.com/store/apps/details?id=ru.zdevs.zarchiver&hl=en
UnZip & Unrar - Zip file by UCWeb Inc : To use it, user must also install the tiny web-browser "UC Browser Mini - Save Data" (1.5MB) from same developer, (unselect the "Cloud Acceleration - wap access via server" option in UC Browser after install, if you prefer higher-level "security" more, than slightly higher speed). Unzip-&-Unrar is available in play appstore, free, decompress, decrypt, it does not require extra unnecessary permission, but the web-browser does need access to many Permissions.
https://play.google.com/store/apps/details?id=com.uc.addon.decompress
https://play.google.com/store/apps/details?id=com.uc.browser.en
Unzip Tool by lichy : available in play appstore, free, decompress + compress, file browse, encrypt/decrypt. though it works on many android version but it uses lots of unnecessary Permissions & accesses, like: Location (precise location (GPS and network-based), approximate location (network-based)), Photos/Media/Files (modify or delete the contents of your USB storage, read the contents of your USB storage), Wi-Fi connection information (view Wi-Fi connections), Device ID & call information (read phone status and identity), Other (view network connections, full network access). So avoid it if you care more about higher-level "security", unless you must have to have a such tool's functionalities. (i included it, because i also have firewall (frwl) and it is configured to not-allow send/receive any stuff through internet, and i have noticed it's file-browsing feature was slightly better than few other similar apps in older android os).
https://play.google.com/store/apps/details?id=com.lichy.unzip
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]iOS[/SIZE] (iPhone/iPad) platform/os:
zip rar tool free - (zip/unzip/unrar/un7z) from email & File manager for Dropbox, Box (by tau xu) : available in iOS/iPhone/iPad iTunes AppStore, free, compress+decompress tool, encrypt/decrypt.
https://itunes.apple.com/us/app/zip-rar-tool-free-zip-unzip/id649649718?mt=8
ZipApp Free - The Unarchiver (by Langui.net) : available in iOS/iPhone/iPad iTunes AppStore, free, multi-format decompression tool & zip-only compression), multi format decrypt & zip-only encryption.
https://itunes.apple.com/us/app/zipapp-free-the-unarchiver/id585600850?mt=8
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
[SIZE="+1"]Windows 10 Mobile / Windows Phone[/SIZE] platform/os:
"Windows Phone" is successor of "Windows Mobile", and "Windows 10 Mobile" is successor of "Windows Phone".
STARchiver ZIP RAR (by Attractor Mobile Software) : free, compress/decompress, encrypt/decrypt.
https://www.microsoft.com/en-us/store/apps/starchiver-zip-rar/9nblggh67q7l
-.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-. -.-.-.-.-.-.-.
REFERENCES & List of AppStores & Repositories:
* wikipedia.org/wiki/Comparison_of_file_archivers
* https://apps.microsoft.com/ (Windows Store, aka Windows AppStore, for Microsoft Windows OS based PC, Laptop, Notebook/Netbook, Surface, Tablets, etc x86/x86-64/ARM)
* https://Cygwin.com/ (Repository of Linux & Unix & open-source POSIX tools & apps & packages, made usable for (Microsoft) Windows OS. It does not require an administrative user access during install & update. Also used for loading required dependencies, compiling, and to obtain cygwin*.DLL for POSIX apps/tools).
* https://MinGW-w64.org/ (Repository of Linux & Unix & open-source POSIX tools & apps & packages, made usable for (Microsoft) Windows OS. It does not require an administrative user access during install & update. Also used for loading required dependencies, and includes GCC compiler. Note: This website uses SSL/TLS cert from "nautica.notk.org" which is issued by CAcert.org, so you will have to add that SSL/TLS cert as a temporary exception in your web-browser, for accessing the website over HTTPS connection).
* https://itunes.apple.com/us/genre/mac/id39 (Apple iTunes AppStore, for Mac OS X computers)
* https://www.apple.com/osx/apps/app-store (Apple Mac OS X AppStore, for Mac OS X computers)
* https://www.MacPorts.org/ (Repository of Linux & Unix tools & apps & packages, made usable for Mac OS X. It requires an administrative user access during install & update. Also used for loading required dependencies, and compiling.)
* https://Brew.sh/ (HomeBrew) (Repository of Linux & Unix tools & apps & packages, made usable for Mac OS X. It does not require an administrative user access during install & update. Also used for loading required dependencies, and compiling. This website is using a common SSL/TLS cert from their GitHub project, so used SSL/TLS cert is not their own)
* https://addons.mozilla.org/en-US/firefox/ (Mozilla's Firefox web-browser Addons & web-browser based App list, for Windows OS, Mac OSX, Linux, Unix, etc computers)
* https://chrome.google.com/webstore/category/extensions/ (Google's Chrome web-browser extension list, for Windows OS, Mac OSX, Linux, Unix, etc computers)
* https://chrome.google.com/webstore/category/apps/ (Chrome web-browser based App list, for Windows OS, Mac OSX, Linux, Unix, etc computers)
* wikipedia.org/wiki/List_of_free_and_open-source_iOS_applications
* https://github.com/dkhamsing/open-source-ios-apps
* https://itunes.apple.com/us/genre/ios/id36 (Apple iTunes AppStore for iOS/iPhone/iPad/etc)
* https://www.apple.com/appstore (Apple iOS App Store. Note: unless an iOS based web-browser's user-agent string is set or found, this URL will detect user-agent string and user's IP-address location, and then it will auto-forward users/visitors to a different appstore. Another simpler alternative is, use the iTunes app to browse+view iOS App Store apps).
* http://apt.saurik.com/ (SaurikIT Repository, aka Cydia appstore, for Jailbroken iOS/iPhone/iPad etc, more info)
* wikipedia.org/wiki/List_of_free_and_open-source_Android_applications
* https://play.google.com/store (Google Android Play Store AppStore, aka Android Market, aka "Vending" appstore, aka Google AppStore, aka, Google-Play AppStore)
* https://F-Droid.org/repository/browse/ (F-Droid.org Repository for Android & AOSP based OS)
* https://www.WindowsPhone.com/store (includes apps for both Windows Phone, and Windows 10 Mobile)
* https://addons.mozilla.org/en-US/android/ (List of web-browser based addons & apps for Mozilla's Firefox web-browser for Android) (Firefox Browser for Android from Play-store, Firefox web browser for iOS/iPhone/iPad etc, from iTunes appstore for iOS/iPhone/iPad etc) (Note: Firefox for iOS does not support addons yet)
* http://www.GetJar.com/mobile-apps/ (List of Java Jar based apps for various mobile multiple platforms)
* List of more Software Package Management Systems (wikipedia).
If you find free tools are useful or helpful or not-intrusive for you, then please try to donate what you can, so that developer/group can continue to develop & update & provide a non-intrusive program for free. Please do not donate & do not encourage those, who make intrusive/spying programs.
GPG / PGP Based File Integrity And Actual File Author Authentication / Verification
[SIZE="+1"]How to verify a file's integrity & same file's author/developer, both/etc all at same time ?[/SIZE]
A Brief/Short ([SIZE="+1"]PGP / GPG[/SIZE]) Summary is:
When we carry out a file's checksum/hash verification process, or a file's integrity checkup process, then this process makes sure if the file under investigation, whether has correct & intact (md5/sha1/sha256 etc) integrity or has got modified/altered, it answers or clarifies ONLY those area or aspect. An integrity verification process does not verify a file's author, and does not verify if the file has correct byte-size or not.
When only checksum/hash/intergrity code is shown & obtained from a popular HTTPS based (encrypted) website webpages, then it has suffice (a minimum low-level of) security or suffice (a minimum low-level of) trust-level, but Not One-of-the-Best (O-o-t-B) security-level or O-o-t-B trust-level. Because, it does not tell or indicate & does not PROVE to users/visitors, WHO EXACTLY made that file (aka, Which exact developer developed that file, or Which exact author created that file), AND, it (checking only hash-integrity) also does not prove WHAT'S the actual file size (which was released by the actual-&-original developer or author).
So, to verify a main file's integrity, and to verify the actual maker/creator/author/developer/releaser of main file, and to verify if the main file has correct size, ... any shared main file must also have a (PGP or OpenPGP or GPG based) "signature" file (aka, "sig" or "asc" file), and such file must be shown next to the main file download link. And a "signature" file (it is a very small file, usually under 8 kilo-bytes) must be delivered to user/visitor over a HTTPS encrypted connection. And then, main file can be delivered to user/visitor over any type of open or not-encrypted connection, (or even over any encrypted connection).
And for this to work, user/visitor also needs the FILE-SIGNING public (aka, pub) KEY, which was used to create the signature-file (SIG or ASC). And user must obtain it over a HTTPS encrypted webpage or connection. So, developer or author MUST SHARE file-signing GPG/PGP pub-key over an encrypted webpage or file, shared from their OWN main/source website/server (it means, pub-key MUST be shown from a such Server Computer which the original developer/author has full-control & kept in their/his/her own office/home, it means, Beside the original author/developer NONE-OTHER have any-control on it. And original author/developer MUST ALSO OWN the SSL/TLS certificate for the sub-domain or main domain used in that server). When a File-Signing Gpg/Pgp/OpenPgp Pub Key is shared/shown from a Mirror or CDN or hosting or Cloud Hosting server or Forum website or shared project site (like Github, SourceForge) etc 3RD-PARTY websites, or, When pub-key is shared/shown over open/unencrypted connection like FTP or HTTP etc, then such Gpg/Pgp pub KEY has "ZERO" (aka, NO, none, nada) security. When used all components or all tools or all factors/vectors or all connection or all software or all portions, etc ALL & each, are secured (encrypted & verified & authenticated), to keep the security-level & trustworthiness-level checked at a Fully/Totally/Completely-"TRUSTED" level. If EVEN-ONE of the "SINGLE" used tool/portion/factor/vector is NOT WHAT is mentioned previously, then it is NOT-TRUSTED (aka, NOT-SECURED), or Not-Fully-Trusted, or Not-Totally-Trusted, or Not-Completely-Trusted, etc. We also need to realize, Reaching an absolutely "Trusted"-level (for infinite amount of time duration into future) may not be possible in real life (with finite amount of resources), So we MUST need to TRY AT-LEAST to reach a "COMPARATIVELY-MORE TRUSTED-Level" or "COMPARATIVELY-MORE SECURED" level, FOR "SIGNIFICANT" AMOUNT OF TIME (INTO FUTURE), so that, those who are "REMOVING-TRUST" (or those who are "DECRYPTING & STEALING" private-data), CANNOT COMPLETE decryption+theft process for SIGNIFICANT amount of TIME DURATION, so that we can avoid assist them in decrypting+stealing our private-data, so that we can make it MORE-HARDER for them to decrypt+steal our private-data. Always use most strongest encryption, because each new computing hardware, in each 12 to 18 months, is becoming double-time powerful & capable than before, to decrypt quickly. Encryption is like a cloth/jacket/envelope (a wrapper/cover) for digital data packet, we use cloth/dress on a civilized human-body for privacy & decency & for protection of body, and we use envelope when we send private/personal mail via post-office, to a destination person's address. HTTP/FTP/POP/SMTP/IMAP etc is like sending or mailing a postcard, which is open, anyone can see+steal+record. But, HTTPS/SSH/VPN/PGP/GPG/IMAPS/POPS/SMTP+STARTTLS etc is encrypted, it is like sending an enveloped mail or using a non-transparent tube for data-transfer or communication. Read the top-most 1st post (in this forum topic thread), to understand more on Encryption, Decryption, Privacy-Rights, Civil-Rights, etc.
Non-encrypted data packets are faster, because its easier & faster to generate non-encrypted data packets, as such data packets require lesser computing & lesser processing & lesser verification. Generation of Encrypted data packets are computing resource consuming, and thus time consuming, (inside the server computer which will generate it), as these type of encrypted data packets are intended & directed toward certain specific & different destinations, and each destination's encrypted data packets need to be different & unique than other destination. Once encrypted data packets are generated, then transfer process of it via/thru other computers, is comparatively less resource consuming.
Public = pub. Openly available for any public/person. for public use, for general use, for open use.
Private = prv = priv = pvt. Private or personal or secret portion-&-use purpose, it is Not for public/general eyes.
A file's author/maker/developer need to load an OpenPGP or GPG or PGP software, and create an openpgp/gpg based (encryption) key-pair for file-signing purpose, and keep the "private-key" (or "secret-key") portion private (in an external write-protectable SD flash-memory media/storage drive or inside a secured read&write-protected Keyring or Keychain usb device), and then author/dev can share the file-signing "public-key" portion (aka, public-key-file) of file-signing key-pair, with the users/visitors over a HTTPS encrypted secured webpage.
Some dev/author may also choose to "sign" files, with their own primary identity pub-key-file profile. Portable apps (like, email client software, portable gpg/pgp/openpgp software/tools, etc) can be kept in a portable usb storage device or in a (write-protectable) flash memory media/storage card. These "portable" software must not write into or use host computer's storage media, for better security. Multi partitions can be created inside external storage media/cards, for storing "secret"/"private" portion, and "public"/general portion.
Then author/developer of software tool, can (bundle into a zip/7zip/tar etc compressed format file, and then author/dev can) gpg-sign (or pgp-sign) the main file before releasing it, and gpg/openpgp/pgp tool will create a signature-file for the main file, and then author/dev need to share & show the url-link of the "signature"-file (next to the url-link of main file) in the author's/dev's own primary/source website (not in a mirror or 3rd-party website), for all users/visitors, over a HTTPS encrypted webpage. Also show link to a (HTTPS based) webpage (or show a link to a HTTPS based file-url) from where any user/visitor can get dev's/author's file-signing pub-key code or pub-key-file. And certain command-line option or appending (or piping) command can also output & create a signature-file with the main-file's hash/checksum integrity code & it's byte-size, etc shown inside it, beside the must-have the file-signing openpgp/pgp/gpg code.
On the other side (OTOS), a visitor/user also need to load a openpgp or gpg or pgp software in their side on a secured laptop computer or store sensitive private file stuff (like, gpg/pgp "keyring"-file) inside an external secured portable private flash-memory storage usb-drive, or inside a write-protectable flash-memory media/storage SD drive, or inside a (read & write) RW-protected Keyring or Keychain device.
id = identity, identification.
And then all users/visitors must 1st try to obtain software or file author's/developer's file-signing public-key-file by using a very trustworthy way:
either directly from him/her from a convention or from a key-signing party, which he/she is attending, after a face-to-face conversation. Give the author your (primary-id) pub-key CD/DVD disc (or your write-protectable SD storage card). And get back your signed pub-key and also get author's (primary-id) public-key-file and file-signing pub-key-file, before the end of key-signing party or convention, in a different (write-protectable or write-protected) secured storage media (like, another CD/DVD disc or another SD flash-memory card), to reach one-of-the-highest-trust-level (OOTHTL) or to reach highest-trusted-authority-level (HTAL) in PGP or GPG WEB-OF-TRUST (WOT) LEVEL. If you have original pub-key-files, then GPG/PGP commands can show with higher assurity, that, if the author/developer himself/herself has trusted his/her own file-signing pub-key or not. And, gpg/pgp tool can also show, if the "signature"-file & main-file has been authenticated or not, when you will have author's/developer's file-signing pub-key (inside your own gpg/pgp tool's keyring fille).
And if its not possible for a user/visitor to meet face-to-face, then such user/visitor can obtain file-author's or file-developer's FULL fingerprint-code for his/her file-signing public-key-file, or file-author's primary-id public-key-file, from the author's own-hand-given visiting-card or business-card (if it is published or written or shown in it), then user/visitor can use a gpg/pgp command, to initiate a HKPS encrypted download of author's public key from a public key-server, and then, user can match if the fingerprint-code shown on hand-given visiting/business card has matched with the downloaded key file or not. And then user can also check, if author/developer has indeed trusted his/her own file-signing key or not.
And if even-that-is not-possible, then such category of user/visitor can obtain file-author's older public-key-file codes from the author's any paper-based published book (if entire code was published in it) or obtain shown fingerprint-code of author's pub-key-file from any published book, and use a public key-server & HKPS encrypted protocol, to obtain the full pub-key, and then match book-shown fingerprint code with the downloaded key's fingerprint code.
And if even-that-is not-possible, then such user/visitor can obtain file-author's pub-key file over a HTTPS encrypted webpage or connection from author's own (and author's very trustworthy) website, (which should be DNSSEC secured authenticated domain as well, to reach a double-trust-authority trusted level).
And also, always try to match any downloaded key file's fingerprint, with fingerprint code obtained from author's any published paper source materials. And then find out, if author/devloper has "signed"/"trusted" his/her own file-signing key or not.
And, when any user/visitor is obtaining author's pub-key-file from a public Key-server (even if an encrypted HKPS connection is used) and when that user/visitor does not have the author's/developer's fingerprint code from a trustworthy trusted-authority (TA) or from any published paper materials, then such pub-key cannot be trusted enough, and in such case public key-server is just a middle-man entity, which is very likely to have various multiple keys with same (or similar) name as file-author's name, but actually only one of them or none is correct, which is very likely not possible to be detected by a general level visitor/user.
And, if author shows file-signing pubkey file or fingerprint code on a HTTP (not-encrypted) webpage, then it is not trustworthy enough either, but slightly-better than none/nothing at all.
After previous steps, then a visitor/user is finally ready to do a PGP or GPG based "AUTHENTICATION" of file & file's author, correctly. So now user/visitor can use a pgp or gpg software and load the obtained file-signing (and author's primary-id) pub-key into his/her own gpg/pgp-"keyring"-file, and run a gpg/pgp command, to use (author's file-signing pub-key code and) the "signature"-file which was downloaded (encryptedly), to authenticate (aka, verify) the downloaded main file. GPG / PGP software can show if a downloaded file is specifically verified by the specific author/developer or not, AND, it can also show if the file INTEGRITY is intact or modified, and if the file byte-size has matched or not.
Usually authors & developers associate the shared (primary-id & file-signing) public-key with one of their own (or different) email address. Users/visitors should also create their own key-pair, and try to obtain trust+sign on their pub-key from other people, after meeting them face-to-face & get to know each-other via key-signing party/events or conventions or meetings etc.
When a developer/author is publicly known in real physical world, or has public events with video of lectures/training/guides seminar/convention etc, which are present or visible publicly, then such dev/author person should attend key-signing parties/sessions/events, and increase your WOT level & connections+network with other trusted devs+authors. Exchange business-card or visting card. Share your updated pub-key or at-least share your (long+full) fingerprint with general or other users, from your own website (HTTPS/TLS secured + DNSSEC signed). Also create a file-signing key, and trust+sign it with your main/real/primary identity key, with a higher-level of trust-level. Then you can sign the file-to-be-released with your file-signing key. Also share full file signing pub-key or at-least it's fingerprint-code over a trustworthy HTTPS/TLS secured+encrypted website + DNSSEC signed domain name-servers. Also declare (aka, publicly share) your (and your group member's) main/primary id pub-key & file-signing pub-key fingerprints, in your domain's DNS record & dnssec sign it. When you will reload back your own pub-key after (or during) a key-signing party, then your own keyring will have all necessary codes & data showing who have signed it and who has set what trust levels on it. Then if you update your pub-key with a key-server, then key-server will have updated key, and it will contain data showing who has trusted+signed your pub-key.
But when a dev user or a dev-persona or a user, has some reason(s) to remain less-known physically in real world, or wants to protect privacy or if a dev/user prefers to remain as a virtual presence only person in cyberworld (aka, internet-world, aka, virtual-world), then don't do gpg-sign & don't do gpg-trust with highest trust level, for your pub-key which you will be using for file-signing purpose, with your main/real/primary world identity key. Keep real world main or primary identity pub-key file aspects separate, from a cyberworld-only identity's file-signing pub-key aspects. But if you want to, you can & may sign+trust a pub-key of a cyberworld person or cyberworld person's file-signing pub-key, with a lesser-trust level (like, internet-level or cyberworld level). If a cyberworld entity or identity owns domain & website, then such user can also publish the identity pub-key or file-signing pub-keys, fingerprints, etc over HTTPS+TLS secured/encrypted webpage + DNSSEC signed domain + DNNSEC signed key-fingerprint.
General users or a general visitors, when has not physically seen a person face-to-face in real world, and do not fully trust, and do not really know what this person is really doing in various times, and did not see/view/inspect this person's any official/government issued ID (and photo-ID), then in such cases, general users or visitors should not set trust or gpg/pgp sign any type of (real world or cyber world) pub-key with a Higher-Trust level.
But when a released software/tool file was helpful, and if it was checked via multiple checking / monitoring / benchmarking / analysis / inspecting tools, and if the software/tool was found to have no backdoor, and if the tool did Not send user's private or personal info back to some outsider data-harvestor or data-mining or mass-surveillance or bulk-data-collection entities or adversaries or groups, and if the tool has Not violated various public Privacy-Rights & Civil-Rights & Laws which were passed with majority public's voted public decision, and if the tool is Not assisting corrupted-groups (or corrupted-interests) who created unhelpful & conniving newer Rights & newer Laws, and if the tool is Not assisting corrupted-groups (or corrupted-interests) who created unhelpful & conniving newer Rights or newer Laws or newer Provisions or newer Codes inside a closed-door & non-public & non-publicly-voted session, and if the tool has earned+gained real provable trustworthiness, ONLY then a general user/visitor can trust that specific file's file-signing pub-key with a lower-level trust (cyber-level / internet-level trust), to indicate this dev/releaser/author is trustworthy, at-least at that lower-level of trust-level.
REFERENCES:
* PGP ~=~ OpenPGP ~=~ GPG ~=~ GnuPG ~=~ IETF RFC 4880 . WOT . PGP/GPG Keys Via DANE DNSSEC , DNS OpenPGP Key , DANE .
* https://www.GnuPG.org/ , GnuPG-HowTOs , GnuPG-FAQ , GnuPG-Handbook/Manual/Guides
* https://EmailSelfDefense.FSF.org/ , https://EmailSelfDefense.FSF.org/en/windows.html
* https://people.via.ECP.fr/~clem/nist/gpg-enigmail-howto.php
* http://www.CryptNet.net/fdp/crypto/keysigning_party/en/keysigning_party.html (GnuPG/GPG/PGP/OpenPGP Key Signing Party, WOT) -- by V. Alex Brennen.
* http://pgp.cs.uu.nl/ - Trust Paths of keys, and Key statistics (WOT) -- by Henk P. Penning.
* https://www.rubin.ch//pgp/weboftrust.en.html -- by Patrick Feisthammel.
* key server article on Wikipedia , https://sks-keyservers.net/status/ (Pool list of SKS = Synchronizing Key Servers).
* https://www.gnupg.org/related_software/swlist.html
* https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/GnuPG (GnuPG, Keyservers, WoT, Key Signing, Trust Levels, Cyberspace, Privacy-Rights, Anonymity, Tor).
Note: i have copied various info portion on this & my other posts, from various other websites & authors, with their permissions obtained.
GPG/PGP 2
reserved this 6th post here.
How To Securely Share Files, Password & Hash With Destination Users, OTR / END-TO-END
[SIZE="+1"]How To Securely Share Files or Password or Hash Codes With Destination Users, Over OTR (Off-The-record) or END-TO-END (E2E) ENCRYPTION Supported Secure (IM) Instant Messengers[/SIZE]
Compression & decompression tools which also have encryption & decryption support or feature, those tools can protect your any files (when files are encrypted), inside your phones, computers, etc devices, from being watched/viewed/modified by outsiders or unwanted person or unwanted software/script/bot, and Encryption can also protect your files while in transit via Internet from one user or you, to another (destination) user, when you are sending it via emails or other file-sharing medium.
As devices are connected with Internet most of the time, Encryption can also protect files from being modified or watched/viewed by unwanted person with backdoor access into your devices, and can also protect files from being modified/watched/viewed by unwanted software script/bot, which are pre-programmed to call or connect with remote-server or remote developer's computers, without your awareness, running as a background software or service.
quoting: "We Now Live In A Nation Where Doctors Destroy Health, Lawyers Destroy Justice, Universities Destroy Knowledge, Governments Destroy Freedom, The Press Destroys Information, Religion Destroys Morals, And Our Banks Destroy The Economy." - by Chris Hedges.
Though filename is visible (after general encryption), but content of file can be kept completely hidden from unwanted viewers. If directory structure inside the archive/zip/7zip file is also encrypted, then filename will also be hidden from unwanted viewers, after encryption.
When longer length password is used, and when such password has combination of random alphabets, numbers, symbols, etc, and when very strong encryption ciphers & algorithms are used for encryption, then breaking such encryption-protected file would take very very very very long time, when less powerful computer-systems will be used for file decryption.
When you want to send any picture-files, video-files, document-files, ROM-files, software-files, etc to another (destination) user, then always compress+encrypt first before sending out. If pictures, videos, documents, ROMs, software, etc are attached in email & sent WITHOUT ENCRYPTING, then anyone else (like, gateway & router computers) in transit and any people (or any software or any script or any bot) with access to email-servers, gateway-computers, and anyone who has access to your email-client (email receiving & sending) software in your side, is able to VIEW such pictures, videos, documents, ROMs, software-files, etc because by-default emails are OPEN, it means, they are NOT-ENCRYPTED, it means, they are very easily view-able by anyone, it also means, those files are NOT-PRIVATE & NOT-PERSONAL ANYMORE. And not-private or not-personal items (without-encryption) may be considered as OPEN & PUBLIC items on various situations, when it has traveled thru OPEN (means, non-encrypted) internet. So email attachment encryption, is extremely necessary step, when you want to share private files, or when your files contain private or personal or non-public information.
If you need to send 20 original files to a destination user, safely & securely, then (for example), you will need total of 10 emails, with each email having two attachment files, to send those all original files to the destination user, if you encrypt each of those 20 files individually. But one of the better alternative is to do such as this: Combine & compress & encrypt (by using above mentioned software tools) all of those 20 files into a set of compressed SPLIT pieces of files, let's say for example, 20 files are converted into 4 split 7z (7zip) files, with split piece size is set onto 9999000 bytes or 9.99 MBytes, then in such case you would need only 2 emails, and each email would need two attachments of 7z files, for combindly sending all of those 20 original files.
A Zip or Compression type of software tools with encryption support, should allow any user to combine all pictures, videos, documents, ROMs, software, etc inside one SINGLE compressed & encrypted large sized FILE, then such single compressed (and encrypted) file can be uploaded into a file-sharing website, and then file-sharing website's specific URL (for your uploaded file), can be shared with your destination user, so that destination user can download it in his/her side.
And some Compression tools will also allow you to compress & split the target compressed file into multiple pieces, so that each split pieces can be attached with multiple emails, or when you need to split files because file-sharing websites have some restriction on upload file's size. Most email-service providers also usually do not allow usage of email attachments of a file which has file-size of over 10 or 20 MegaBytes. So we need to combine all of our picture, video, document, ROM or software files (which we want to send to the destination user), and turn those all files into a set of multiple compressed-file pieces, where each compressed-file piece size must need be 10 or 20 MegaBytes or below, to efficiently use email service.
And to increase Security & Safety level of your compressed & encrypted single file or a set of split-files, you should share such file's password over a different communication medium, and you MUST OBSCURE the PASSWORD secret word or sentence. Which means, do not type-out & send the actual password directly as a single word. Instead use a puzzle or few wrong-characters inside the password, and instruct your destination user to use his/her human-brain to do something 1st on the shown wrong-password, to obtain the actual password. And you MUST also INCLUDE the HASH/CHECKSUM code of compressed (and encrypted) single file, or include hash/checksum of the 1st file of the compressed set of split-files, after or with the password.
For example, if the actual password was "pass1word2", then do not send out password directly as "pass1word2" ! to your destination user. Instead send this, (for example) "pass3word9", and then write some instruction such as these inside brace symbols or inside some other symbols, after the wrong-password: (change 3 into 5-four, change 9 into four-2), or like this: (change 3 into this number: # of nose in human, change 9 into: 4 - # of eyes in human), or like this (change the "3" into this number: my position in highschool game, change 9 into a number: my son's day of birth).
If you have chosen to send compressed files over email, let's say for example: gmail (Google Email), then send password+hash over a DIFFERENT MEDIUM, like, via IM (instant messaging) software of a different email-service provider, like YIM (Yahoo IM), or MSN-IM (Microsoft IM), or SMS, or Apple Messenger, etc.
And configure & enable your IM software to use END-TO-END ENCRYPTION (E2EE) feature/support, it may also be known as OTR (Off The Record) feature. If you are not using or unable to use strong END-TO-END encryption, and if you still send password with such deficiencies, then your password is visible & available to unwanted person & unwanted software, because most IM systems are using (middle-man) servers to store your messages & to route messages from one user to another user. Connecting with a remote IM server computers over TLS or SSL encrypted connection without using any E2E/OTR does not make your conversation Private or Personal or secure, between you & destination user. Only when very strong End-to-End encryption system is used, then you & destination user's conversation is really Private & Personal & secure, for longer amount of time duration, if less powerful computers are used for IM message IP-packet decryption.
When mentioned type of obscuring process and when Distribute Different Portions in Different Medium (DDPDM) process are used, then it makes bulk or mass-surveillance type of data-collection related illegal jobs and constitutional-rights violating jobs, "comparatively" slightly more harder, for data-harvesters or data-miners or data-spy or data-thief, etc violators. Please do not make things easy for those who violate laws & rules, created by majority of people with majority of people's votes, and do not make it easy for those who disrespect your Privacy-Rights, Civil-Rights, etc, and do not make it easy for those who do activities behind closed-door, without any accountability from majority of public. These type of violators & violator groups & violator INDUSTRIES (and their family and their supporters) are ADDICTED to the POWER and derived benefits & PROFITS, and these violators are addicted to the JOB OF ABUSING other people's Human Rights & Civil Rights, these violators would DO ANYTHING & say anything to keep these abusive POWERS & their JOBS within their domain as abusive tool-sets/tools, including creating their own-terror events or manufacture their own INSIDER-JOB operations, and then violator-groups systematically place blame of terror-events on others & minorities, to create FEAR/DOUBT/HATE among IGNORANT people AND to influence & generate SUPPORT & FUND for even further-more abusive HUMAN-RIGHTS violating tool-sets & jobs, these violators have thousands of vendors & contractors (from local & foreign nations) in their group who are manufacturing & supplying & profiting from different components (and parts) for abusive toolsets, and acquiring+bribing (aka, funding) law-makers (aka, public-servants) into their pocket or turning them as their mouth-piece or assisting each-others through REVOLVING-CHAIR mechanisms, and these violators will not disclose to general public: how these VIOLATOR INDUSTRIES & GROUPS are really collaborating & really abusing these abusive tool-sets in mass-scale. Those are the processes how these type of violator-groups live & run their life generation after generation, and how they carry-out their life-style. And those are the real actions what they really do or act in their life, and they say something-else in public with their mouth.
List of software which allows END-TO-END Encryption: * Email related: PGP/GPG & S/MIME supported email client software:
items will be added here later.
* IM (Instant Messaging) related: OTR or E2E supported IM client software:
Adium (for Mac OSX),
Pidgin (for Windows OS),
iMessage (for iOS/iPhone/iPad, it's pre-included),
Signal by Whisper Systems: Signal Private Messenger for Android, CyanogenMod, Replicant, etc, Signal - Private messenger for iOS/iPhone/iPad, unfortunately "Signal Private Messenger" app on both Android/CM & iOS/iPhone/iPad, uses massive amounts of Un-Necessary system Permissions & Accesses, so my suggestion is "avoid-it", when other respectful software or tools are not found. Or use it when devs will release a "lite" edition which does not access any un-necessary system Permissions & Accesses,
Miranda-NG (for Windows OS, get OTR plugin from Addons),
ChatSecure by Guardian Project is slightly better than "Signal", but it also needs to reduce un-necessary system Permissions & Accesses: ChatSecure for Android/CM/Replicant, ChatSecure for iOS/iPhone/iPad.
* Cloud storage related: Tresorit, MEGA, SpiderOak.
* IP-Telephony related: ZRTP or FaceTime. IP-Radio related: TETRA.
Choose only such apps, which will use only the necessary Permissions & Accesses, for your required specific functionalities and nothing more than that. Also avoid apps, that packs way too many features and start to use too many extra Permissions & Accesses when simple functions are configured & expected. There are some system apps which can be configured to disable some Permissions & Accesses of other apps, which use too much un-necessary Permissions & Accesses, but usually such system apps requires a rooted phone to disable Permissions. Also 1st try to use NoRoot based firewall in your device which uses built-in VPN-service to limit unnecessary outbound & inbound internet connections, if such is not suffice or not enough to control bad (internet) behavior of bad Apps, with access to unnecessary system Permissions & unnecessary remote connections, then use stronger firewall which requires rooted phone, and can change (android "iptables") firewall rules or filtering rules, for all internet packets.
Some communication (or data-transfer) mediums or communication channels are heavily monitored & heavily stored (means, all messages are recorded for un-disclosed amount of time period), "comparatively" more than some other mediums/channels, and ofcourse such major (Privacy-Right is 4TH amendment in constitution of USA) Right violating activities are illegal because these illegal activities are carried out without the voted consensus from majority of public. Majority of people would never vote to allow such illegal & immoral activities. So try to avoid using such heavily monitored and heavily recorded communication mediums/channels, (for sharing password), unless you (and destination user) are using very very strong (End-to-End) E2E / OTR encryption, or you are distributing different portions in different medium (DDPDM). For example, avoid using Non-E2E open & plain SMS/Text message via wireless carriers, or avoid using Non-E2E open & plain SMS/Text message via VoIP or IP-telephony companies, (example providers are: Google Voice, etc), for sharing any password for main-files. Here, IP means, Internet Protocol.
I'm not including list of file-sharing websites, for now. But website which can be accessed over https://... connection, is obviously better than websites with only http://... connection. When password+hash is shared or given over a secure & end-to-end (E2E) or OTR encrypted IM message, or when given over PGP or GPG encrypted-only email, then it does not matter weather a file-sharing website is using https or not. But https is always better than a http based website.
REFERENCES:
* wikipedia.org/wiki/End-to-end_encryption (E2E).
* wikipedia.org/wiki/Off-the-Record_Messaging (OTR).
* wikipedia.org/wiki/Comparison_of_instant_messaging_clients & Secure Messengers
Note: i have copied various info & portion of paragraphs, on this post & in my other posts, from various other websites & authors, with their permissions obtained.
Display Checksum Code In 1st Post, Hash Calculating, Un/-Zip, Encrypt, GPG, OTR, E2E
reserved this 8th post here.
added content in 7th post.