Has HTC push the patch? Samsung already roll out security patches to S4. I Just scanned, my ONE is unpatched/vulnerable.
Here’s How You Can Check If Your Android Device Is Patched Against The Master Key Exploit.http://www.redmondpie.com/check-if-your-android-device-is-patched-against-the-master-key-exploit/
Sent from my HTC One using xda app-developers app
the Google Edition roms are patched
IINexusII said:
the Google Edition roms are patched
Click to expand...
Click to collapse
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
crackeyes said:
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
Click to expand...
Click to collapse
That app says I'm patched and I'm running InsertCoin with the latest elementalX. I wonder if the master key patch is in the kernel. If so, that makes sense.
Sent from my HTC One using Tapatalk 2
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
@Wiss said:
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
Click to expand...
Click to collapse
What CID and OTA or custom Rom?
Sent from my HTC One using Tapatalk 4 Beta
Ye in the last OTA it is patched. The 4.2.2
My One is "patched." I don't download warez, steal paid apps, or install third-party app stores that are untrusted.
I have no sympathy for anyone who does the above and gets their phone jacked up.
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
KekeJr said:
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
Click to expand...
Click to collapse
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
BenPope said:
Basically you can't trust downloads that didn't come from the play store
Click to expand...
Click to collapse
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
BenPope said:
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
Click to expand...
Click to collapse
First i want to thank you !
Second: ....so, basically this means that it was not that BAD... as the media said !
We all knew that only Play store has trustable content.
Thanks, again !
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off. As a general rule, I don't download any apps that require the "run at startup" or "install shortcuts" permissions, unless I fully trust the developer. By the way, there's an easy solution; Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Basically don't install a calculator app that has full phone/internet/device permissions
The android security model is actually quite good IMO, there's been some exploits but everybody has them (not just android) and they get patched relatively quickly. Potential exploits aside it's actually quite good.
Sent from my HTC One using Tapatalk 2
REDACTED
Sent from my HTC One using xda app-developers app
WhatsAUsername said:
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off.
Click to expand...
Click to collapse
Really? What app was that? I mean, I get annoyed at Candy Crush Saga spam too, but I hardly consider it malware.
WhatsAUsername said:
By the way, there's an easy solution, Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
Click to expand...
Click to collapse
You're kidding yourself if you think Apple or Microsoft isn't collecting as much data about you as they can and doing what they want with it. Beyond that, I always take point with folks who accuse any company of "stealing your information." They're not. You're freely giving them access to it (as outlined in that Terms of Service/ELEU agreement you don't read) to utilize their services. If you don't want them to have your info, then don't share your info with them.
bbedward said:
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Click to expand...
Click to collapse
Halfway true. It's more difficult than you think to get malicious apps on the Play store. Most of the "successful" attacks have been from someone uploading the 1.0 version of their app(which is perfectly clean, and passes inspection by Google Bouncer) then pushes an update to it with some of the malicious code. As you noted, it usually gets flagged and removed at this point. The other way I've heard of people getting "infected" from apps off the Play store is when the author ties their ads into a nasty website, tricks the user into clicking on it, then further tricks them into downloading an unsigned/untrusted APK.
Yup, as long as your not doing some silly things like getting you apps from the Pirate Bay or Joes crazy world of underground apps you will be more or less safe.
godutch said:
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
Click to expand...
Click to collapse
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
alanchai said:
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Check your play store version I have 4.1.10 and I am patched
Related
anyone know much about the sercurity on the phone?
recently i read about this new free security app called on NQ mobile.
http://www.redmondpie.com/nq-mobile...st-solution-against-malware-viruses-and-more/
i installed it and noticed that it really drains the battery (seems like if toggles apps that aren't even opened into its memory). so it got me thinking .. is it really worth it to install apps like these for anti-virus's, maleware, etc.. ?
did a search and it seems the top three as of March 20th are:
Kaspersky Mobile Security (not free)
Lookout Security & Antivirus (free)
F-Secure Mobile Security (more for parental control)
not too sure where NQ would fit into the picture since the article came out on april 11th.
anyhow anyone with any idea such programs on the android is worth the draw back on power consumption and security risk please comment!
thanks.
IMO I don't think there is an antivirus app out there that would serve its purpose... It's more common sense... There's a good reason why when you try to download non market apps that you have to read that little disclaimer and check the box to allow them to install... Know what the apps do, if it doesn't need a permission or if you dont think it needs a permission then don't install it...
Sent from my HTC Sensation 4g Rocking ARHD 6.6.2
wapena92 said:
IMO I don't think there is an antivirus app out there that would serve its purpose... It's more common sense... There's a good reason why when you try to download non market apps that you have to read that little disclaimer and check the box to allow them to install... Know what the apps do, if it doesn't need a permission or if you dont think it needs a permission then don't install it...
Sent from my HTC Sensation 4g Rocking ARHD 6.6.2
Click to expand...
Click to collapse
Very good advice. Also, keep really sensetive stuff to a minimum. If you can bank on your computer, do it.
I just flash another ROM every couple of days and get my apps from the market. Lol
i hear ya both..
so basically in, layman's terms, these so called "security" apps dont do squat?
and you should just keep personal and secured stuff off these devices and perhaps use a laptop to access key information (like banking and emails)?
I am not sure what you mean when you refer to some apps as non-market apps. think all the security apps i mentioned are available through the android market (aka Play Store).
Not the security apps. By non-market apps we mean any apk's installed that you get any place but the play store.
estallings15 said:
Not the security apps. By non-market apps we mean any apk's installed that you get any place but the play store.
Click to expand...
Click to collapse
thanked you both. .
i see.. guess i am not keen on where else you can get apk files other than the market place (play store) .
so bottom line is no need install these "security apps" cause they dont do anything?
junkiee24 said:
thanked you both. .
i see.. guess i am not keen on where else you can get apk files other than the market place (play store) .
so bottom line is no need install these "security apps" cause they dont do anything?
Click to expand...
Click to collapse
No, they do behind the scene stuff. Lookout scans ALL your apps, just to check for anything malicious. Lookout has some kind of backup, but I never use it. When I bought my myTouch, my T-Mobile rep installed about 5 must have apps on my phone, and Lookout was #1 on his list. I've been using it on every ROM I've had. Hope this helps!
EDIT: You can get apks from the internet. Specifically pirated apps. People do not want to pay for the app, so they download it online. But people could have modified that apk and but a virus or who knows what in that apk. So it's best to keep an anti virus app. Lookout scans a new app each time I install/update it.
invasion2 said:
No, they do behind the scene stuff. Lookout scans ALL your apps, just to check for anything malicious. Lookout has some kind of backup, but I never use it. When I bought my myTouch, my T-Mobile rep installed about 5 must have apps on my phone, and Lookout was #1 on his list. I've been using it on every ROM I've had. Hope this helps!
EDIT: You can get apks from the internet. Specifically pirated apps. People do not want to pay for the app, so they download it online. But people could have modified that apk and but a virus or who knows what in that apk. So it's best to keep an anti virus app. Lookout scans a new app each time I install/update it.
Click to expand...
Click to collapse
Cool.. so now the questions is which security app is better.. Lookout or this NQ one.. ill go ahead and try lookout and see how much battery drain i get.
i dont download any apks outside of the market. but i hear there were a few places that had pirated apks but i guess i never trusted them (blackmarket). its not like Cydia for the iOS, where the apps are safely cracked.. atleast i think they are. so with a security app i guess it would alert you if the apk is corrupt - nice.
Thanks again.
junkiee24 said:
Cool.. so now the questions is which security app is better.. Lookout or this NQ one.. ill go ahead and try lookout and see how much battery drain i get.
i dont download any apks outside of the market. but i hear there were a few places that had pirated apks but i guess i never trusted them (blackmarket). its not like Cydia for the iOS, where the apps are safely cracked.. atleast i think they are. so with a security app i guess it would alert you if the apk is corrupt - nice.
Thanks again.
Click to expand...
Click to collapse
I don't get any battery drain with Lookout. Hope you experience the same thing mate.
I used lookout for a little while, but then I realized that I only need it if I'm careless, which I'm not.
SECURITY!!!
Lookout is very good but since I'm rooted Avast free works wonders beyond basics. van allow which apps have internet access etc. must have for me. very nice on batt.
Has anyone ever had, or known anyone who got a virus or anything on a smartphone? Personally I haven't. Therefore I don't use any type of protection, which I probably should.
Sent from my HTC Glacier using XDA Premium
No, I don't know anyone who ever got malicious SW or any type of virus on Android. For the same reason I never heard of anyone getting a virus on Linux. And for the same reason, I don't have any apps that are made to protect me from things that aren't a threat.
estallings15 said:
Very good advice. Also, keep really sensetive stuff to a minimum. If you can bank on your computer, do it.
Click to expand...
Click to collapse
Right best option to do so...
junkiee24 said:
i hear ya both..
so basically in, layman's terms, these so called "security" apps dont do squat?
and you should just keep personal and secured stuff off these devices and perhaps use a laptop to access key information (like banking and email)
Click to expand...
Click to collapse
The reason why they don't much is because there not meant for this kind of system... Android unique system is a little well very complex to make a antivirus app or that would find malware... There are so many ways around it...
It's amazing... There's an article I read that explained this...
I'm gonna see if I can find it and post the link
Jack_R1 said:
No, I don't know anyone who ever got malicious SW or any type of virus on Android. For the same reason I never heard of anyone getting a virus on Linux. And for the same reason, I don't have any apps that are made to protect me from things that aren't a threat.
Click to expand...
Click to collapse
Well you should look around the web... You'll be surprised want you'll find... The threat on smartphones is very high... It's pretty scary...
If I find any of those articles ill post a link...
Sent from my HTC Sensation 4g Rocking ARHD 6.6.2
junkiee24 said:
i dont download any apks outside of the market. but i hear there were a few places that had pirated apks but i guess i never trusted them (blackmarket). its not like Cydia for the iOS, where the apps are safely cracked.. atleast i think they are. so with a security app i guess it would alert you if the apk is corrupt - nice.
Thanks again.
Click to expand...
Click to collapse
Those security apps don't really know what there looking for... It's a lot different then windows OS... They don't need much to mess around with your info...
Sent from my HTC Sensation 4g Rocking ARHD 6.6.0
http://www.xda-developers.com/android/major-facebook-sdk-vulnerability-run-for-the-hills/
There are good people out there but that's not always the case...
Vulnerability is everywhere...
It's hard to make an app with little mistakes as possible... Making an app period is hard... I've tried and failed horribly at it lol so I can just imagine how hard it is to take out those nicks, bugs and issues that causes problem like this
http://www.lifehacker.com.au/2011/11/do-android-antivirus-apps-actually-do-anything/
So people think otherwise from me...
Here is their opinion... I take this very lightly...
http://www.extremetech.com/computin...s-apps-are-useless-heres-what-to-do-instead/2
Here's with what I agree with...
Like I said some disagree.....
http://m.zdnet.com/blog/hardware/premium-rate-sms-trojans-hit-googles-android-market/17070
And here a small case of sms trojan that hit a little while back...
Just some things to read and think about...
Sent from my HTC Sensation 4g Rocking ARHD 6.6.2
It all boils down to not downloading crappy, unknown apps, and if downloading - checking their permissions. Trojans hit people who don't understand anything and don't have control over their apps (not that there aren't enough of those). Other threats are virtually non-existent.
true.. i am trying avast now.. pretty cool.
thanks everyone!
Exactly that simple lol
And no problem... Keep it safe
Sent from my HTC Sensation 4g Rocking ARHD 6.6.2
Interesting - Wolfram Alpha is free via Samsung Apps, but costs $5 (or so) on Google Play. Useful tool if you are into science or maths.
ralphrmartin said:
Interesting - Wolfram Alpha is free via Samsung Apps, but costs $5 (or so) on Google Play. Useful tool if you are into science or maths.
Click to expand...
Click to collapse
One of the reasons I like stock roms, you get few good apps for free.
Boy124 said:
One of the reasons I like stock roms, you get few good apps for free.
Click to expand...
Click to collapse
I never understood why WA is an paid app if in the browser it is free...
I'm not sure how relevant this info is, but both file size and publisher differ between Pay and SamsungApps versions.
Sound cool! Unlike the Play Store, it has no user review under the Samsung App Store, can I trust that this app is the same as the one in Play Store and that it has no malware, virust, torjan, etc.?
Does Samsung impose strict quality control before putting the apps in the Samsung App Store?
Apparently, Samsung app store has hosted an old version 1.04 if I am right.
abhijit038 said:
Apparently, Samsung app store has hosted an old version 1.04 if I am right.
Click to expand...
Click to collapse
If it is reliable and I download it, it should prompts for update to the latest version, hopefully for free as well?
Kriggs said:
I never understood why WA is an paid app if in the browser it is free...
Click to expand...
Click to collapse
not anymore its not 3$ a month O_O if u want to do anything that isnt 2+2
hajime_android said:
If it is reliable and I download it, it should prompts for update to the latest version, hopefully for free as well?
Click to expand...
Click to collapse
Google play offers to update it for a price. You dont have to.
I think it's free, due to Samsung using it in conjunction with the S-NOTE
Just tried to download it. Got a message saying that for security reason, download from sites besides the Play Store is blocked. Then, the phone asks me to agree that I am the one responsible if my data are leaked. For some reason, the phone also wants to upgrade my Samsung account. Is it ok to accept?
hajime_android said:
Just tried to download it. Got a message saying that for security reason, download from sites besides the Play Store is blocked. Then, the phone asks me to agree that I am the one responsible if my data are leaked. For some reason, the phone also wants to upgrade my Samsung account. Is it ok to accept?
Click to expand...
Click to collapse
Actually, the app for Samsung app store also needs to be updated. I tried using it today and just went with the update, then logged in and installed Wolfram|Alpha app without a hitch.
debsuvra said:
Actually, the app for Samsung app store also needs to be updated. I tried using it today and just went with the update, then logged in and installed Wolfram|Alpha app without a hitch.
Click to expand...
Click to collapse
On the Play Store, the author is "Wolfram Alpha, LLC". How come on the Samsung App Store, the author is "Dinh Nho Hao"?
When I clicked "Get", Samsung update was activated. Then, there is a window "Complete action using" with two options: 1. Package Installer 2. Scan with Lookout before Install. I chose option 2 as I don't know what option 1 is. Next, there is a new window "Install blocked" "For security, your phone is set to block installation of applications not obtained from Android Market". I chose Settings.
Shall I check "Unknown sources" to allow installation of non-Market applications?
Hitting the button leads to an Attention window saying "Your phone and personal data are more vulnerable to attck by applications from unknown sources. You agree that you are solely responsible for any damage to your phone or loss of data that may result from using these applications." As a new Android user, this is a bit scary.
That depends on whether you trust SamsungApps. Just as with the Play store.
The thing about the differing authors worries me more. Especially as SamsungApps does not reveal permissions before install.
Sent from my GT-N7000 using xda app-developers app
Randomwalker said:
The thing about the differing authors worries me more. Especially as SamsungApps does not reveal permissions before install.
Click to expand...
Click to collapse
The fact that the author is different is a bit doggy.
Not sure if he did some reverse engineering and posted the app.
Try this App
http://forum.xda-developers.com/showthread.php?t=2287833
So as some of you may already know, the latest update for the NFL Mobile app (came out this morning I think) has officially killed its functionality with rooted (or "non stock Android") devices. A story on Android Police can be see here.
At any rate, I saw a recent post on a GSIII forum (here)where the user claimed to have a workaround which, among other things, involved renaming the superuser.apk, however if you're using CM nowadays then you'll know there really isn't a separate apk - instead it is now integrated into the rom. That being said, does anyone have any idea similar to this that might work for tricking the app into thinking it isn't running on a rooted unit? I have no clue myself, but seeing as how no one has started a dedicated thread for this in the forum of the current Google flagship phone, I thought I'd get things started.
Thanks in advance people!
Well I guess it looks like no one has any ideas...? Oh well, a rare swing-and-a-miss for solutions in the xda community
A quick fix would be to just find the apk for an older version and install that one. That's what I'm currently trying to do, there's no reason for then to block us from using it just because we're rooted.
Sent from my Nexus 4 using Tapatalk 4
Kyle C said:
A quick fix would be to just find the apk for an older version and install that one. That's what I'm currently trying to do, there's no reason for then to block us from using it just because we're rooted.
Sent from my Nexus 4 using Tapatalk 4
Click to expand...
Click to collapse
Well yeah, I mean I already uninstalled and then restored a backed up version of the app using Titanium Backup. The problem is - and if you've been a user of the NFL apps over the last year or two then you'll know this - that the NFL app is not like most apps where each upgrade just adds some incremental upgrades or changes. With this app the upgrades are typically pushed out right before the start of the key timeframes of the NFL season: usually an update right before preseason; another before the start of the regular season; another at the start of the playoffs; another right before the Super Bowl; and once more right before the draft in April. Each update is specific to that time period of the season and usually contains the critical information/tweaks/additions/UI alterations specific for that segment of the year. Point being, after missing an update or two, the app becomes extremely outdated and eventually useless. And that's why, in the mid-to-long term, just using the older version of the apk unfortunately isn't a useful alternative. Damn you NFL! Now we just have to hope the xda community will come to the rescue as they usually are able to do
joeski27 said:
Well yeah, I mean I already uninstalled and then restored a backed up version of the app using Titanium Backup. The problem is - and if you've been a user of the NFL apps over the last year or two then you'll know this - that the NFL app is not like most apps where each upgrade just adds some incremental upgrades or changes. With this app the upgrades are typically pushed out right before the start of the key timeframes of the NFL season: usually an update right before preseason; another before the start of the regular season; another at the start of the playoffs; another right before the Super Bowl; and once more right before the draft in April. Each update is specific to that time period of the season and usually contains the critical information/tweaks/additions/UI alterations specific for that segment of the year. Point being, after missing an update or two, the app becomes extremely outdated and eventually useless. And that's why, in the mid-to-long term, just using the older version of the apk unfortunately isn't a useful alternative. Damn you NFL! Now we just have to hope the xda community will come to the rescue as they usually are able to do
Click to expand...
Click to collapse
Ooooh gotcha. I didn't realize that that's how NFL ran their app. That's really annoying.
i'm not rooted, but that does seem like somebody went off the deep end with this app. rooting a device won't hurt their revenue, in fact, it will probably increase it from allowing ALL Android (and iOS) devices access the app. instead, they're cutting off access to a HUGE chunk of their fans, present and future. in essence, they're biting the hand that feeds them.
i voted the app down in the app store out of principal alone.
I am extremely displeased with this as well and am searching for a solution. Leave it to Verizon to try to control how you use YOUR phone.
hey is this an nfl app for verizon or a market version for all?
playya said:
hey is this an nfl app for verizon or a market version for all?
Click to expand...
Click to collapse
From what I gather there are two different versions - the one that comes on Verizon phones, and the one that anyone else can grab from the Play Store. I have the Play Store version (as a TMo customer).
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Its working for me on pa
Sent from my Nexus 4 using xda app-developers app
Working on 4.3 stock rooted.
Sent from my Nexus 4 using Tapatalk 4
CNexus said:
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Click to expand...
Click to collapse
Boss.
CNexus said:
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Click to expand...
Click to collapse
And THAT is why the xda community is PRICELESS! You're my hero, well done and a big tip of the cap to you, CNex! Long live xda, and long live Android!!! And btw I'll do my best to spread the word to the countless other forums on xda for other devices with people trying to find th same solution!
joeski27 said:
And THAT is why the xda community is PRICELESS! You're my hero, well done and a big tip of the cap to you, CNex! Long live xda, and long live Android!!! And btw I'll do my best to spread the word to the countless other forums on xda for other devices with people trying to find th same solution!
Click to expand...
Click to collapse
Awesome, sounds good
Just in posting my thread I got a ton of hits of people freaking out about the new app...lol
FYI, they have fixed the app and it is now working perfectly fine on rooted devices strait from the play store
I might be the only one it's not working for. Wondering if anyone can help.
I cannot get 95% of the buttons to work in the Fantasy section of the app. Not only that, when I said 'to hell with the app' and went to their mobile site (which looks exactly like the app), I got the same thing... 95% of the buttons on the mobile site wouldn't do anything.
Now, on my N7, everything works fine.
Any ideas?
Edit: It was Ad Away. Can't use the app while it's running. Now I'll try to find the hosts file and see if I can edit the NFL entries out of it.
Sorry if this is a dumb question, but I don't quite understand how users are supposed to receive the new Google Play Services update with the Android Device Manager built in to it.
AndroidPolice said it would be a slow rollout over the Play Store, but it's not even a listed app there, so that makes no sense to me. They had some apk downloads, but they advised against downloading them, since there are different versions for differently sized devices.
So how do we receive this update? Is it only via an updated ROM/OTA/manual download? Seems like if that's the case, then the whole notion of pushing it to the public with older 2.2 devices is a pipedream.
I feel like that plus updates to the Google Play Store are not handled very well. Everything is a just a paper release, and the vast majority of the Android population never sees any of it.
It appears to be more of a silent update. I didn't get a notification when mine was updated.
It will be listed in settings -> more -> security -> device administration
Sent from my SGH-I337M
ChrisG683 said:
Sorry if this is a dumb question, but I don't quite understand how users are supposed to receive the new Google Play Services update with the Android Device Manager built in to it.
AndroidPolice said it would be a slow rollout over the Play Store, but it's not even a listed app there, so that makes no sense to me. They had some apk downloads, but they advised against downloading them, since there are different versions for differently sized devices.
So how do we receive this update? Is it only via an updated ROM/OTA/manual download? Seems like if that's the case, then the whole notion of pushing it to the public with older 2.2 devices is a pipedream.
I feel like that plus updates to the Google Play Store are not handled very well. Everything is a just a paper release, and the vast majority of the Android population never sees any of it.
Click to expand...
Click to collapse
It seems to me the article from Android Police is pretty straight forward.
mymusicathome said:
It appears to be more of a silent update. I didn't get a notification when mine was updated.
It will be listed in settings -> more -> security -> device administration
Sent from my SGH-I337M
Click to expand...
Click to collapse
Ahhh I see it there, thanks! I guess mine got silently updated. Not a huge fan of that, but oh well.
Here's another article with information and links to the new apk...
http://www.androidpolice.com/2013/0...-new-episode-notifications-and-more-teardown/
Mine stealth updated sometime between 8pm and 10pm.
android device manager
I receive my update on my AT&T GS 4 and i activated it, but there is no app support yet, so it's still useless. until there is a app or a web site to support it
Willibda1 said:
I receive my update on my AT&T GS 4 and i activated it, but there is no app support yet, so it's still useless. until there is a app or a web site to support it
Click to expand...
Click to collapse
Mine shows up as well... not sure if it was there before or not but I just recently got the updated pushed to my device so that might have done the trick. Either way I've gone in and checked it off.
Now it's just a wait and see game...
ADM is now live and working. See here
R.Suave said:
ADM is now live and working. See here
Click to expand...
Click to collapse
Up and working well.
Android device manager
LuvrGirl said:
Mine shows up as well... not sure if it was there before or not but I just recently got the updated pushed to my device so that might have done the trick. Either way I've gone in and checked it off.
Now it's just a wait and see game...
Click to expand...
Click to collapse
Web base tracking is up https://www.google.com/android/devicemanager
Have it one mine but I didn't get a notification so I'm guessing it's a silent roll out. The only thing is ADM Web page can't seem to locate where my phone is. I don't need it right now it would just be nice to know it's working.
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Is someone more technical than me able to tell me if the stock 5.0.1 Tmobile has us on vulnerable to this?
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
Switched to the CM nightly today. It's going to take for ever for Samsung to get this patch of there.
Sent from my SM-N910T using XDA Free mobile app
Turn off auto retrieve in mms settings of you messaging app and only accept vids and pics from close friends! It's an annoyance but it'll keep you safe for now!
I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!
Dvanzutphenkann said:
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!
Click to expand...
Click to collapse
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
(Joshua) Drake found that when the exploit code was opened in Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”.
Click to expand...
Click to collapse
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
pcriz said:
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
Click to expand...
Click to collapse
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.
pcriz said:
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.
Click to expand...
Click to collapse
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app
ShrekOpher said:
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.
And now more potential hackers have been made aware of this.
StageFright defense
ChompSMS has patched their sms app from running StageFright, fingers crossed, you will see the explanation when you search PS for it
---------- Post added at 08:06 PM ---------- Previous post was at 08:03 PM ----------
pcriz said:
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.
Click to expand...
Click to collapse
I'm with you, what's really hilarious is that when I called the nation's largest carrier, and as usual I was transferred 3 times for a simple question, no one knew of the SF exploit, what does the word EMAIL or MEMO mean again Verizon??
Sprint released their patch specifically for stagefright...
The other major carriers will soon follow!
Do not download the Korean version released today 910t3...
You may be sorry!
But that's just my 2 cents...
acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
So would the latest cm nightly rom from here be good to go? http://forum.xda-developers.com/not...-temaseks-unofficial-cm12-0-build-v9-t3066174
There is an app called stage fright detector in the playstore that can tell you if you are vulnerable.
Sent from my SM-N910T using Tapatalk