[Q] Textsecure integration? - Omni Q&A

https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?

SHAWDAH said:
https://whispersystems.org/blog/cyanogen-integration/
The client logic is contained in a CyanogenMod system app called WhisperPush, which the system hands outgoing SMS messages to for optional delivery. The Cyanogen team runs their own TextSecure server for WhisperPush clients, which federates with the Open WhisperSystems TextSecure server, so that both clients can exchange messages with each-other seamlessly. All of the code involved throughout the entire stack is fully Open Source.
"All of the code involved throughout the entire stack is fully Open Source."
So any possibility of seeing this in omnirom?
Click to expand...
Click to collapse
Hmm.
1) All of it would have to get reviewed for security. I know pulser has looked at some of CM's other solutions and found vulnerabilities.
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.

TextSecure definitely looked interesting until seeing that it requires gapps.

wkwkwk said:
TextSecure definitely looked interesting until seeing that it requires gapps.
Click to expand...
Click to collapse
Yea its stupid, he partially justifies it here https://github.com/WhisperSystems/TextSecure/issues/127
He also said this
"If you want alternatives to things like GCM, you have to either build them or help the people that are. I would love to use a different push service, but they don't exist.
Likewise, if we want an alternative to Play, we have to build it. What exists now (f-droid) has a centralized trust model, so we're building something else."

Entropy512 said:
2) Since it sounds like it needs some server infrastructure, it would take some time and planning before we could get it up and running.
Click to expand...
Click to collapse
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.

palpitations said:
For whatever it is worth, Moxie Marlinspike has said that Open WhisperSystems has a TextSecure server that they will let other ROMs use. Sadly I am unable to link, but /r/Android/comments/1shejv/as_of_today_cyanogenmod_is_integrating/cdxlnck should give you the info and context you're after. I hope that helps alleviate some concerns, or at least makes this somewhat more doable--I would love to see this adopted much more widely!
I just wish they could add return receipt functionality, and fall back to SMS if data delivery doesn't provide one in a reasonable time frame.
Click to expand...
Click to collapse
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.

I got myself a tinfoil wide-brim to match my duster...
I'll have to get a 4.4 capable phone in the future so I can get OMni.

Entropy512 said:
Ok, that's useful.
I'll let pulser do final judgement on this. He's our resident tinfoilhatter.
Click to expand...
Click to collapse
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Once again, a solution has been made, which is smart, has good features, but is crippled in the security area, due to making things "easy to use".
The specific issue is that, from what I can see, at least right now, there is no way to tell if a message is going to be sent encrypted or unencrypted. It's no good knowing AFTER the fact - you need to know before it is sent how it will be sent.
Additionally, if you are using encryption, from what I can see, the message is actually sent over the internet. This means there is a central repository of users stored on a server somewhere. That is centralisation, centralisation is bad... As I raised back at the time, there are side-information risks.
While the new implementation may well eliminate some of these, I am not convinced this system provides the level of anonymity that some may desire. My worry is that since the original idea was conceived, where a user's phone number being available to CM was not seen as a concern, that any solution has been architected without considering every aspect of security.
Securing correspondence via SMS would be very nice to have done properly. But this is simply a "hook", that takes what you *think* is an SMS, and sends it over the internet. There are plenty of people in the world (particularly developing nations), where they have poor, or limited, access to the internet. SMS can be a lifeline for them.
There are also many places (some incredibly large), which regularly and routinely block internet services they disagree with (not at all looking at China here...) - it is important that any system works worldwide, and is resistent to easy "blocking".
I would personally prefer to see the actual messages sent over SMS... That means if you have no internet connection, you can still send the SMS. And you can do so ENCRYPTED, rather than unencrypted.
At the end of the day though, until you can tell 100% whether something will be sent encrypted or unencrypted, you can't trust a system. The server operator may also gain useful metadata in this case (though not ideal, your carrier already gets metadata for SMS).
Tl;dr, it looks nice, but we need to look at everything here, and consider that not everyone has internet access all the time. After key-exchange is complete (I would like offline key exchange via NFC and QRcode (on the screen) as well, for in-person identity verification), we need to ensure that a user can securely communicate without internet connectivity.
Until then, this is just a smaller rival to iMessage. And hey, maybe that's a good thing... But for my money, it's not a secure SMS system...
Thoughts welcomed.

pulser_g2 said:
Resident tinfoil hat responding to duty...
The issue I've seen with this system (and I must say, it is good that work is done on this, and I commend that it has been done) is the implementation.
Click to expand...
Click to collapse
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?

slashslashslash said:
Great criticism Pulser but surely this system (even with its flaws) is better than traditional SMS, where everything you send and receive is logged by your carrier?
Click to expand...
Click to collapse
The thing is, since everything is sent via the Internet, there are plenty of other existing ways to send encrypted messages over the Internet where *you can be sure the message is encrypted*.
Pulser touched on my initial concern (which I held off on voicing until he chipped in) - To determine whether to send a cleartext SMS or send the SMS via an Internet message, the app needs to know whether the recipient is "enabled" with this service. There are two ways to do this:
1) The sender explicitly configures the app to say that recipient Y is capable of receiving encrypted SMS
2) The app does some form of peer-to-peer negotiation
3) The app sends data associating your phone number with an account on another service to a centralized server. This appears to be what CM's solution is doing. Which is kind of silly - This is an app for extremely privacy-conscious people, that is enabling widespread data collection of mappings between a users' phone number and other accounts.

Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.

optimumpro said:
Stay away from this app and developer, who in my view, has been compromised. In the latest release (which I compiled about an hour ago), he removed the ability of the user to regenerate identity key. In the last couple of releases, the app would crash unless you allow it to use the internet. He also introduced Google Cloud Pushing services, which means that everyone who is using textsecure will be recorded in centralized Google/Nsa database. That is if you compiled the app from the source. If you download the app from the store, you wouldn't be able to use it at all without Google account and GSF. Having GSF defeats any encryption as every keystroke is recorded and regularly submitted Home (Google/NSA). Stay away and look for alternatives. I am checking Tinfoil sms app.
Click to expand...
Click to collapse
Stop spreading this your uninformed opinion everywhere.
I answered each and every one of your "arguments" in your original thread:
http://forum.xda-developers.com/showpost.php?p=51818980&postcount=10

Related

Chrome2Phone -- Exploitable?

Had the thought that perhaps the new feature, to send your nexus a direct link from your computer, might be exploitable by some unfriendly people.
What do you all think the risks are, if any?
If it can tell your phone to open the browser and launch a website, whats to stop someone from telling your phone to buy ten thousand copies of Conan the Barbarian, or destroying itself and catching on fire. Kidding of course, but you get what i mean.
Very difficult. It'd be just as likely as someone stealing your Gmail account.
Mmm, ok. Thought I would ask
It has the potential, under the right circumstances, to be used for evil though! EVIL!
I'm not entirely sure, but from what I understand all intents go through google servers. I assume google is doing checks for malicious behaviour on their end.
Don't you have to register a phone to a gmail account and be logged into that account to send to the phone?
Haven't tried the app myself make it wouldn't make sense any other way ;-)
You have to be logged in. And i thing info is sendt via google servers, so unless someone steals your google account, i think you should be safe
it only triggers the browser or maps. I guess the risk would be real, but on the phone side you have the option to set it to do nothing but notify you FIRST prior to any action. If you didn't initiate anything, then you could click cancel at that time.
chromiumcloud said:
it only triggers the browser or maps. I guess the risk would be real, but on the phone side you have the option to set it to do nothing but notify you FIRST prior to any action. If you didn't initiate anything, then you could click cancel at that time.
Click to expand...
Click to collapse
one of the things being worked on is making the phone dial a number selected on the browser. that could get interesting
I believe that Google are running a closed beta at present too, so the only people that can write apps that use cloud messaging will have been vetted by Google.
All the components of the extension (chrome extension, android application and application server) are open source, what prevent anyone from developing an other extention that use google cloud service to communicate with android ?
ludo218 said:
All the components of the extension (chrome extension, android application and application server) are open source, what prevent anyone from developing an other extention that use google cloud service to communicate with android ?
Click to expand...
Click to collapse
All of the messages go through the Google servers
As I understand, the application engine part of the extension (which runs on google application engine) register itself to "the cloud" using google api. Anyone should be able to use these api, no?
It most certainly could be exploited. I can think of a javascript exploit that would work right now.
However the consequences of an exploit are severely limited by the security model that Android uses. Something can not run in another security context unless you allow it to.
The day "Chrmoe2Phone" asks for root access is the day it should be removed from your phone. Until then they most it could do is tell an app to do something that you've already allowed that app to do (which could arguably be undesirable things).
The user needs to explicitly permit all security privileges in Android remember (read that app install page with security details!). If it can do something, you've permitted it to do so.
tanman1975 said:
one of the things being worked on is making the phone dial a number selected on the browser. that could get interesting
Click to expand...
Click to collapse
That is true, but if i recall correctly, when you choose a phone number link from the browser, it will bring the number up in your dialer application, but you must initiate the call with the green call button, so there is a level of security there.
actually this could be a pretty nifty security feature. Is the phone gets stolen how great would It be to able to enable the gps, camera or mic? Given proper security protocols of course...
@tanman1975
Didn't think of that one. T'would be a very powerful tool against the robbers out there. Nice.

4million people downloaded data-stealing Android app

http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Mike Luttrell | Thu 29th Jul 2010, 08:30 am
A seemingly innocuous Android app that let users change their phone's wallpaper has actually been stealing private user information and may have been downloaded millions of times.
Users should be concerned if they downloaded an app from "Jackeey Wallpaper." While it does perform the functions described in the app download page, it also ends up taking the phone's Internet browser history, mobile phone number, every single text message, and voicemail password. That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
http://phandroid.com/2010/07/29/another-app-stealing-data/
[Update]: MyLookout chimed in with us to clarify some details that other outlets have been reporting. Specifically, the app does collect data from your phone, but only the device’s phone number, subscriber identifier, and voicemail number fields are retrieved. SMS and browsing history are not touched by any of the apps they analyzed throughout their Blackhat conference. Your voicemail’s password is also not transmitted unless you included the password in your phone’s voicemail number field.
We’re not yet certain on what the developer’s intentions are for using the pieces of data it does send to China – so we can’t outright call it malicious – but it is collecting and sending data nevertheless. Hopefully that clears up some of the confusion everyone’s been faced with regarding the read-only property READ_PHONE_STATE that the application uses to access certain pieces of data.
Click to expand...
Click to collapse
So no SMS, browsing history or voice mail password taken.
FOR REAL?!?!
All your data belongs to somebody else
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Free isn't free: http://www.androidpolice.com/2010/0...t-all-your-data-are-belong-to…-somebody-else/
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
It's not like it doesn't show you the stuff when you install apps.. And this "Genome Project" thing is out of context nonsense.... 14% of free apps have access to your contacts. You realize that includes IM programs, SMS programs, Email programs, etc....
If you install a wallpaper app that requests access to your Accounts and Contacts, well....
http://www.cyrket.com/search?q=Jackeey+Wallpaper
I don't see such permissions on the 2-3 I looked through, but maybe specific ones did.
Another thing about this "lookout" app and Genome Project.. Look at the permissions on their app on the market:
Permissions: ACCESS_COARSE_LOCATION , ACCESS_FINE_LOCATION , ACCESS_NETWORK_STATE , CLEAR_APP_CACHE , DISABLE_KEYGUARD , GET_ACCOUNTS , INTERNET , MANAGE_ACCOUNTS , MODIFY_AUDIO_SETTINGS , PERSISTENT_ACTIVITY , READ_CONTACTS , READ_LOGS , READ_OWNER_DATA , READ_PHONE_STATE , READ_SMS , READ_SYNC_SETTINGS , READ_USER_DICTIONARY , RECEIVE_BOOT_COMPLETED , RECEIVE_SMS , VIBRATE , WAKE_LOCK , WRITE_CALENDAR , WRITE_CONTACTS , WRITE_SETTINGS , WRITE_SMS , WRITE_SYNC_SETTINGS , WRITE_USER_DICTIONARY , com.android.browser.permission.READ_HISTORY_BOOKMARKS , com.android.browser.permission.WRITE_HISTORY_BOOKMARKS
What if the 'AV' software itself turns out to be the one stealing data? If anything could, it could.
we get that all apps ask for permission to allow access to our location, contacts, emails etc....but to gather our private info and sell them to China.....thats messed up.
time to sue.
That information is then sent to a website based in Shenzhen, China.
Click to expand...
Click to collapse
question:
if this app was downloaded and used by US government....would it be considered as a SPY? lol
It's a big deal, but it illustrates very well that android users are in a ffa environment without someone looking over their shoulder to protect them.
It's good and bad. Some people will call bad on google for not protecting them, but others will see it for the truth of it and know they have to cover their own ass.
Wouldnt a functional firewall app work for this?
cutting off apps access to non essential portions of data...but also from data transmitting?
Flixster is malicious??
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
and what about all the gmail notifiers?
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
bwolmarans said:
More fears:
I will preface this by saying I don't know much about Android security, but to me, it's as secure as any PC.
So: what about gmail notifier apps and apps that ask for access to your gmail account?
Do they have access to your gmail password? Seems like it. So what's to stop malicious gmail notifier developers from stealing your gmail passwords and having their way with your google account, for example, grepping your mailbox for banking information.
Also think about keyboard apps, what's to top malicious keyboard developers from writing a keyboard which logs all your keystrokes to a zipfile then uploads it to a russian server for analysis of B-A-N-K and P-A-S-S-W-O-R-D and then the next keystrokes which follow that?
It doesn't end there. Picture apps which can steal your pictures. Apps which can record your phone conversations and upload the audio to servers a few hours later so you don't notice that data going on.
Click to expand...
Click to collapse
The same things are possible for a regular computer as well. You can connect to a site and it could execute a download that then snoops your keystrokes and uploads them somewhere.
The difference (so far) is that on android you have to install an app to do that.
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
This will happen more and more. Mobile is where people are doing most of there communication and beginning alot of banking.
Not just Android all mobile OS.
Like I said a zonealarm/lilsnitch like app would be of great use. Even if logging or reading they still need to communicate out. An easy low mem/bat/cpu usage app that monitors this behaviour would go along way.
This is becomming a bigger issue and we do need some type of security alert monitor!
http://www.newsfactor.com/story.xhtml?story_id=13100EVAC2WI
"Mobile apps on Android-powered smartphones and Apple's iPhone can disclose more personal data than most users realize, security vendor Lookout revealed Wednesday at the Black Hat USA 2010 conference in Las Vegas. Rather than being malicious, users often give the apps permission to access data when they are installed...."
jp_macaroni said:
http://www.tgdaily.com/security-brief/50862-as-many-as-4-million-people-downloaded-data-stealing-android-app
Click to expand...
Click to collapse
Opps missed this post prior to posting my thread...
http://forum.xda-developers.com/showthread.php?t=739446
Arcarsenal said:
Woaaah now... I have used this app on almost ever ROM I flash - downloaded straight from the market each time. I've never had an indication that my information was compromised in any way... Are you 100% sure that Flixster was the culprit? That's a pretty heavy claim for what I think is a very widely used (and recommended) app.
Click to expand...
Click to collapse
100% sure , I checked out the IP involved , and it pointed directly to their website !!!
pvillasuso said:
Same happened to me with an app posted here for movies
Flixster for android
http://www.flixster.com/
I did find out ON TIME , that someone was messing with my gmail account , had to change my password inmediatly
I received an altert from an IP ( from their site ) trying to change my password !
You've been warned , happened to me !
Click to expand...
Click to collapse
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
GldRush98 said:
Don't be stupid. Flixster is a 100% legitimate app. Don't bad mouth it because you fell for a phishing scam some place else.
Click to expand...
Click to collapse
Use it then, who cares anyway ..!
Hope u get your gmail account hacked ...
samagon said:
The takehome message is to excersize caution and install apps you can verify where they come from and what they do.
Click to expand...
Click to collapse
Easy to say, but how do you 'verify where they come from and what they do'?

Google TOS & Data Privacy

I have a question about data privacy while using Android and/or any Google service or application. My concern was prompted after installing Google Sky last night and seeing their warning about data collection when starting up.
As a marketing professional, I don't particularly care that Google gathers anonymous data such as browsing history and so on to improve their products and services. They're a business providing employment to others, paying taxes, and contributing to our economy therefore they have both a right to, and deserve to, profit from that. But I do have a very large concern over my privacy where personalized information is concerned.
In particular, I'm talking about whether or not Google has access to my contact, calendar, email, or documents data either on the phone, or especially when synchronizing to their servers. My worry is that Google might be 'snooping' around to see my personal information.
Are my fears unfounded? Do any of you know how the OS and their services are working?
Google will gather all the data it can, including emails and contacts, from your phone, browser, chrome os or any other google product you use. Didn't you read news? Google was even sniffering all traffic from open WI-FI networks.
We can hope that this data is gathered anonymously, but I don't think so. Good thing is that me and you are not interesting to google, so they will collect data, but only use it for targeting advertisement etc.
I guess this is a strong argument for staying with WM, WP7 or even iPhone. Privacy is one of our most valuable assets, and should be protected.
BillTheCat said:
I guess this is a strong argument for staying with WM, WP7 or even iPhone. Privacy is one of our most valuable assets, and should be protected.
Click to expand...
Click to collapse
No, WP7 would send all your data to Microsoft as it's all in a cloud. Dunno about iPhone, but probably same, Apple would get everything. And even if you won't be using a phone, goverment is still watching you.
So forget about it and use Android.
Hence why Im not moving to Android yet. I still just want a solution to sync my tasks, calendars at a local level, aka Outlook. Lawl.
The best way for a company to check for trends and how their product is used isn't by creating polls or questionaires of some sort. They almost all, whenever possible, use automatic and passive mechanisms. Yes, google does parse my whole mail. I remember having received a email from my collegue principal and on the ad side of Gmail reading an about about "Tired of putting up with your boss". Facebook does the same think, like many other. Thing is, would you rather have free stuff WITH custom tailored publicity or paying for something to be completly free? Google earns with publicity, and since you are in the marketing area you know better than I that trends are everything. They're just trying to make the best (for their own purposes) of us using their tech. Is it creepy? Yes it is... Will it get worse? You betcha... Just check Google's or Facebook's TOS. Google looks like an angel next to facebook's...

[i9000] New Android/WiFi Security Threat - Precautions

Since I know most of us tend to do A LOT or reading on tech sites and Android-focused blogs, you are all likely aware of the new security problem that has recently been headline news (especially on Apple sites).
In a nutshell, it is possible for malicious unsecured WiFi APs and HotSpots to steal the AuthToken from your phone when your WiFi contacts it. This AuthToken then can be used for two weeks to gain access to your Google account, which in turn may make other accounts you have vulnerable. They do this by using very common SSIDs, such as Default or Linksys, to encourage passing Android phones and/or tablets to try an connect with them. Though the connection doesn't complete, just the sniffing that takes place in advance is enough for the theft to take place.
Fortunately Android phones don't automatically try and connect to every cheap, streetcorner HotSpot they see...but they do automatically connect to WiFi APs they have been connected to before. Since these malicious APs are using very common SSIDs, it is likely your phone has connected to an AP with the same name in the past, and it will therefore query the AP, allowing the Token to be swiped.
How do we prevent this? Well, there are a few precautions that can be taken to make it less likely your poor phone gets grifted for being too trusting.
Make sure your home AP and other APs you control do not have common names. If your home AP has the SSID default, or Wireless....change it.
Keep your WiFi OFF when not using it.
Do NOT log into APs when you do not know their origin, and certainly not ones you scan for with names like Free Public WiFi. SSIDs like Evil Hacker Out to Fleece You are right out too.
If you DO log into a legit public AP (especially one with a common SSID), but it isn't one you commonly use, after you are done go into your WiFi settings and have your phone forget it.
Lastly, keep an eye on your Google account for suspicious activity. Did someone just your Google account to pay for $5000 worth of Skype calling to the Canary Islands? If so, report it (unless you got a girlfriend in the Canary Islands). Also use the security features in your gmail account to keep track of what IP numbers are logging into your mail. If someone on the other side of the country suddenly accesses your inbox, change your account details and report it to Google.
Forewarned is forearmed..and the sooner we make this scam unprofitable, the sooner it will go away and the sooner iPhone users will shut up about it.
source?
10char
kepke said:
source?
10char
Click to expand...
Click to collapse
Background on the security problem? All over the interwebs. HERE for example, or HERE.
The suggestions and commentary are my own.
In 2.3.4 this problem is fixed. Is there any chance to use the fixed files in older android versions?
Sent from my GT-I9000 using Tapatalk
HiQ123 said:
In 2.3.4 this problem is fixed. Is there any chance to use the fixed files in older android versions?
Sent from my GT-I9000 using Tapatalk
Click to expand...
Click to collapse
Might be something for the devs to consider adding to their custom ROMS.
Google on the case
In an official statement, Google has said it is already rolling-out a fix for the security flaw, which could affect all Android users, except those already running Gingerbread.
"Today we're starting to roll out a fix which addresses a potential security flaw that could, under certain circumstances, allow a third party access to data available in calendar and contacts.
"This fix requires no action from users and will roll out globally over the next few days."
Read more: http://www.techradar.com/news/phone...-security-flaw-fixing-it-957143#ixzz1N5zq1K7S
HiQ123 said:
In 2.3.4 this problem is fixed. Is there any chance to use the fixed files in older android versions?
Sent from my GT-I9000 using Tapatalk
Click to expand...
Click to collapse
So is 2.3.3 still at risk ?
google already fixed it on their servers. danger averted
Sent from my GT-I9000M

BBM, iMessage... what are the chances?

so since apple released whatever 'iMessage' for all apple products and its exclusive and what not, and all blackberry devices have BBM, how much do you gander android will release its own form of IM within the coming months before the release of icecream sandwich?
revamp of G-Talk... maybe? LOL that thing seriously need a big overhaul anyway.
a penny for your thoughts?
I personally like the idea of GTalk how it is now. They could just make sure its installed on every phone and maybe even put it on the first screen.
I like having it cross-platform and even available on the desktop.
Most of my friends have Android now, so more and more people are moving to GTalk.
I wish they would come out with a better desktop client though that'll do video rather than relying on the web one.
I think GTalk should be a feature they advertise more. Its already available on every Android phone, uses push for 2.2+ and works really well.
It would be cool
I would like to see google sync google talk across devices. Not sure if it could kill off SMS like everyone thinks though.
ethridgt said:
I would like to see google sync google talk across devices. Not sure if it could kill off SMS like everyone thinks though.
Click to expand...
Click to collapse
The nice thing is that it uses Jabber, so there's lots of clients out there that will support it...all with their own feature sets. So its easily cross-platform, just not always the official app.
I think iMessage is going to be hugely popular as it looks like it's built right into the normal SMS messaging application in iOS and is going to be automaticly used any time you are sending a message to another iPhone user. Once people get used to using the combined messaging app, it's going to be nearly impossible to convince iPhone users to install a 3rd party chat app.
I now think it makes sense for RIM to open up BBM to other platforms, as they have the best chance of getting people to install their app, and if they are going to lose customers to iPhones and Androids (which is clearly happening), it would be in their best interest to at least keep them as BBM users.
Frankly, Google really dropped the ball by not seeing what a big problem all of these propietary chatting protocols are going to be for alternative mobile platforms. Many people in places like Canada (where blackberry and BBM are very popular) fear switching from blackberry as it means giving up all of your BBM contacts, and it's going to be the same thing for iPhone users soon. We needed an open spec protocol like XMPP to be the dominant protocol so that anyone can make a client for any device, but there are parts of Google Talk that just don't meet what people are looking for.
Google Talk needs at least the following, in my opinion:
- Remove the ability to log out
- Delivery (and maybe read) status for messages
- Improved group chat (currently the implementation is clumsy and inconsistent)
- Improved media transfers (photos and videos, but also contacts and locations)
- Combine SMS and Google Talk applications into one messaging super app, like iMessage.
The biggest problem with Google talk is its currently not widely available on every android phone.
Google doesn't need to revamp gtalk. It just needs to make Disco the default messaging program like Apple has done with iMessage. It would need to add MMS and remove the requirement for creating groups before sending messages but I can't imaging either would be too difficult to do before ICS is released.
http://techcrunch.com/2011/05/23/google-disco-2/
Been wishing this was in gtalk since 1.6. I dont think they need to combine it with the SMS app if they keep the green circle next the contacts name when they are signed on in Gtalk.
If they updated the BB and IOS apps to work with the new Gtalk apps it could dominate. But like google maps with navigation, they reserve group chats and video chatting to the web client and android users.
http://www.cultofmac.com/androids-going-to-help-apples-imessage-kill-off-sms/99831
PrawnPoBoy said:
I think iMessage is going to be hugely popular as it looks like it's built right into the normal SMS messaging application in iOS and is going to be automaticly used any time you are sending a message to another iPhone user. Once people get used to using the combined messaging app, it's going to be nearly impossible to convince iPhone users to install a 3rd party chat app.
I now think it makes sense for RIM to open up BBM to other platforms, as they have the best chance of getting people to install their app, and if they are going to lose customers to iPhones and Androids (which is clearly happening), it would be in their best interest to at least keep them as BBM users.
Frankly, Google really dropped the ball by not seeing what a big problem all of these propietary chatting protocols are going to be for alternative mobile platforms. Many people in places like Canada (where blackberry and BBM are very popular) fear switching from blackberry as it means giving up all of your BBM contacts, and it's going to be the same thing for iPhone users soon. We needed an open spec protocol like XMPP to be the dominant protocol so that anyone can make a client for any device, but there are parts of Google Talk that just don't meet what people are looking for.
Google Talk needs at least the following, in my opinion:
- Remove the ability to log out
- Delivery (and maybe read) status for messages
- Improved group chat (currently the implementation is clumsy and inconsistent)
- Improved media transfers (photos and videos, but also contacts and locations)
- Combine SMS and Google Talk applications into one messaging super app, like iMessage.
Click to expand...
Click to collapse
+1, I totally agree with you.
It really has to be promoted. I have a lot of friends with Android devices whom doesn't even know that Gtalk exists, it's a real pain. It needs the option to login with a kind of a "PIN" maybe just like RIM has.
VicToR_AC said:
+1, I totally agree with you.
It really has to be promoted. I have a lot of friends with Android devices whom doesn't even know that Gtalk exists, it's a real pain. It needs the option to login with a kind of a "PIN" maybe just like RIM has.
Click to expand...
Click to collapse
why use a pin though? that just creates more hassle for everyone. why not just tell them to add your gaccount which has everything integrated... your number/whatever you want to share.
FaithCry said:
why use a pin though? that just creates more hassle for everyone. why not just tell them to add your gaccount which has everything integrated... your number/whatever you want to share.
Click to expand...
Click to collapse
Because as I can see, some of my friends with an Android device don't even use Gmail accounts, and there's when the problem using Gtalk begin!
VicToR_AC said:
Because as I can see, some of my friends with an Android device don't even use Gmail accounts, and there's when the problem using Gtalk begin!
Click to expand...
Click to collapse
Fair enough...but then are you telling me they aren't downloading any apps from the market then? And thus not optimizing the android system already? Because if they can access the market they should be able to use g chat ...
Sent from my Nexus One using XDA App
For it to work, any message system has to integrate with the default messaging app. Otherwise, it will be a failure. Apple did get iMessage right by integrating it with the sms app and make using it automatic (without any user input to setup).
^wait, so how does the phone know if the receiver is an iOS user and that the receiver has an internet connection? For iPads, there are no phone numbers associated with the devices. So how does iMessage integrate with the SMS app?
Currently you can see if the person is on gtalk in the SMS app by a green dot next to their name. That seems perfectly fine by me.
NexusDro said:
^wait, so how does the phone know if the receiver is an iOS user and that the receiver has an internet connection? For iPads, there are no phone numbers associated with the devices. So how does iMessage integrate with the SMS app?
Click to expand...
Click to collapse
Actually, even iPad 3G users have a phone number (it just isn't visible to the user). My guess is it will do contact matching (which will check the contact's email against itunes accounts and the phone number). The phone number will probably be automatically registered to your account when you login to your phone with your itunes account. So it isn't hard to do that simple matching.
moelester518 said:
Currently you can see if the person is on gtalk in the SMS app by a green dot next to their name. That seems perfectly fine by me.
Click to expand...
Click to collapse
Which sms app? I don't see any green dots (or spaces for them) in the default app, or handcent.
I'm on CM7. Is this a feature in stock roms?
bozzykid said:
Actually, even iPad 3G users have a phone number (it just isn't visible to the user). My guess is it will do contact matching (which will check the contact's email against itunes accounts and the phone number). The phone number will probably be automatically registered to your account when you login to your phone with your itunes account. So it isn't hard to do that simple matching.
Click to expand...
Click to collapse
But what if I switch between iphones and other phones all the time?
J.L.C. said:
Which sms app? I don't see any green dots (or spaces for them) in the default app, or handcent.
I'm on CM7. Is this a feature in stock roms?
Click to expand...
Click to collapse
You can see who's online on Gtalk on the stock contact list.
NexusDro said:
You can see who's online on Gtalk on the stock contact list.
Click to expand...
Click to collapse
Yep, you can. But the contact list isn't an sms app

Categories

Resources