Stagefright Vulnerabilities - T-Mobile Galaxy Note 4 General

Is someone more technical than me able to tell me if the stock 5.0.1 Tmobile has us on vulnerable to this?
http://blog.zimperium.com/experts-found-a-unicorn-in-the-heart-of-android/

Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies

acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
Switched to the CM nightly today. It's going to take for ever for Samsung to get this patch of there.
Sent from my SM-N910T using XDA Free mobile app

Turn off auto retrieve in mms settings of you messaging app and only accept vids and pics from close friends! It's an annoyance but it'll keep you safe for now!

I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app

ShrekOpher said:
I have also heard you can just use hangouts as your default text app and avoid the issue all together.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!

Dvanzutphenkann said:
I'm not so sure seeing as it centers around that video being downloaded with the virus automatically before you even open it but if true that would be nice!
Click to expand...
Click to collapse
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app

ShrekOpher said:
Hangouts uses a cloud based system to handle mms. Basically everything goes through Google Photos. The pictures and videos are the loaded to you phone once you click on them. As long as you dont click on a video or picture from someone you dont know, it would never reach your phone and thus not be an issue.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
(Joshua) Drake found that when the exploit code was opened in Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”.
Click to expand...
Click to collapse
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/

pcriz said:
Do you have a link to a reference on that?
I ask this because the guys that originally found the exploit stated that depending on what SMS app you use, you may not even know you were infected, hangouts being one of those.
http://www.forbes.com/sites/thomasbrewster/2015/07/27/android-text-attacks/
Click to expand...
Click to collapse
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app

ShrekOpher said:
Drake found that when the exploit code was opened in*Google Hangouts it would “trigger immediately before you even look at your phone… before you even get the notification”
The above is true, but hangouts allows you to approve the messages which hold them in photos before they are delivered. You can also block all sms message that are not from contacts in hangouts.
See the screen shot below. The stock messaging app on many android phones does not have this option.
Also hangouts can be updated without a carrier approval so they will address it in the next update. The infamous hangouts 4.0.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.

pcriz said:
I suppose the clarification I wanted to get out there is that this isnt some inherently present functionality without some forethought to change those settings. So hangouts like any other text app needs to be made secure enough to prevent the exploit if you are not running a patched build. Just making sure the people reading don't get a false sense of security simply because they are using Hangouts.
Click to expand...
Click to collapse
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app

ShrekOpher said:
In all reality this is just a puff piece to try and make Apple who is losing market share look more secure and to get this Drake guys name in some press. The threat HAS NOT BEEN SEEN IN THE WILD, and its very likely Drake is the only one to ever produce it.
Its also very low class to unveil a zero day exploit that you know hasn't been patched and that no one else has found. Dude just wants the fame, in reality no one is at risk as long as it gets patched in the near future (months) . And if that douche would have kept his mouth shut and just let Google know and not the press none of us would have been at risk at all.
Sent from my SM-N910T using XDA Free mobile app
Click to expand...
Click to collapse
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.

And now more potential hackers have been made aware of this.

StageFright defense
ChompSMS has patched their sms app from running StageFright, fingers crossed, you will see the explanation when you search PS for it
---------- Post added at 08:06 PM ---------- Previous post was at 08:03 PM ----------
pcriz said:
It's not even really about Google dropping the ball after the fact. Google has already released the patch, it just hasn't been implemented across the various OEMs. Just because it has yet to be exploited doesnt mean it shouldn't be brought to light. In fact the exploit was found in APRIL and the article I cited was posted June 27th. Also Google has its own team of software nerds that do this very thing. Find vulnerabilities in software and give the authors a window to respond before publishing it. Of course the last 0day exploited posted to google for windows 8.1 was published 90 days after its finding but the person who found it NEVER contacted Microsoft..
This is why I would be weary of trying to call this dude out as starved for attention when our beloved Google does the same thing his firm does.
I'm sorry but I am all for transparency when it comes to security issues no matter how big or small. Especially in this mobile world we live in.
Click to expand...
Click to collapse
I'm with you, what's really hilarious is that when I called the nation's largest carrier, and as usual I was transferred 3 times for a simple question, no one knew of the SF exploit, what does the word EMAIL or MEMO mean again Verizon??

Sprint released their patch specifically for stagefright...
The other major carriers will soon follow!
Do not download the Korean version released today 910t3...
You may be sorry!
But that's just my 2 cents...

acdcflame said:
Yes. Even the nexus 5 on 5.1.1 is still vulnerable. Google has already distributed a patch to all carriers, but as far as I know, none of the carriers have actually released it. The only patched rom so far is the most recent cyanogenmod 12.1 nightlies
Click to expand...
Click to collapse
So would the latest cm nightly rom from here be good to go? http://forum.xda-developers.com/not...-temaseks-unofficial-cm12-0-build-v9-t3066174

There is an app called stage fright detector in the playstore that can tell you if you are vulnerable.
Sent from my SM-N910T using Tapatalk

Related

[Q] Security for Android

OK, I did search for this before I posted so I hope I don't get anybody mad for starting a new thread if this has been covered.
Regarding security threats and android phones. I did see the thread about a malware program out of Russia affecting android phones (installed via a movie program?). But in general, security issues do not seem to be a big issue.
The other threads I've found seem to have conflicting opinions.
So my question(s) is, how much do you all worry about security issues? Does anybody use Lookout (free mobile security app)? I did see that it has high ratings on the market, but I put more stock in what this community has for opinions than the market users.
Again, if this has been covered to death and I missed it, I apologize.
I do have concerns over security and therefore really don't install many apps. Since I have had an android phone, my gmail account has been compromised once, allowing spam to be sent from my gmail account and also spam to be placed on my Blogger site. While I cannot be certain it was something on my phone that allowed this, I rarely use my computer to access any of my Google apps. I also had never had issues with any email or other accounts being compromised for as long as I've had a computer. I also rarely get spam. So while I can't be certain, the fact it showed my account being logged into by a mobile device in Malaysia makes me very suspicious.
Sent from my HERO200 using XDA App
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
I haven't tried it in the past, as I'm skeptical too. I went ahead and installed it though after my post just to see. It is now being installed by some of the carriers by default apparently and I guess has won some awards, so hopefully it's been poked at a bit by people to where it itself isn't a large threat. Figure if it doesn't impact performance a lot there can't be any harm in trying it. Now, as for how effective it really is, I'd imagine that's something many people will never know.
Sent from my HERO200 using XDA App
Again, thanks for your input.
Performance impact is basically what I was worried about. I actually installed it the other day but when I realized it was on ALL the time, I uninstalled it before really giving it a chance.
I guess it's worth a shot. I'll install it again tonight and run a couple before and after quadrant benchmarks to see how much of an impact.
If I don't get anybody else posting here, I'll still post my experience in a couple/few days, so if you're interested, check back later in the week.
Thanks dpeeps, have a good one.
Paranoid much?
Sent from my HERO200 using XDA App
Eric_1966_FXE said:
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
Click to expand...
Click to collapse
seriously? lookout is featured in a Droid commercial for verizon. (i think its verizon anyhow)
i use it, i really haven't noticed any effect on the performance.
Vandelay007 said:
Paranoid much?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Not paranoid .... just cautious.
There is so much good information on this site that when I search for something that sounds too good (for free), and I can't find anything, yes, I'm going to "err on the side of caution".
ngholson, thanks for the input.
Eric_1966_FXE said:
ngholson, thanks for the input.
Click to expand...
Click to collapse
you are welcome. i use it mostly for the lost feature. if i lose it i can activate the gps and locate it that way, and i can also make it scream (caution this is really loud, and the only way to stop it is a battery pull) if it is somewhere close to me. it is very effective.
EDIT: they changed the scream feature, now it will scream for 1 minute and you can stop it by turning the volume down on the phone.

Update 3/15 Skype Keeps Backing Out On Video Call Support For Android.

Skype is long overdue for Android. There was supposed to be support on the Xoom tablet, but reports show yesterday that they withdrawed their business/services for the tablet and future laptop/devices .Its word going around that now they will continue to work on a better agreement to bring video chat to the platform. I looked online and alot of Androidians (lol) arent too happy with this. Everyone is wondering was there a Apple pay-off and what is taking so long. Will Skype video chat/3g calls every come to us?
Don't know why Google didn't write their own freaking application for it. I video call through gmail on my laptop fine, seems like the logical step to integrate their phones and tablets into that.
Seriously if Google isn't going to step up and write some BASIC polished apps for their own platform rather than having devices being released half-baked, apple is going to continue to dominate the tablet market.
dinan said:
Don't know why Google didn't write their own freaking application for it. I video call through gmail on my laptop fine, seems like the logical step to integrate their phones and tablets into that.
Seriously if Google isn't going to step up and write some BASIC polished apps for their own platform rather than having devices being released half-baked, apple is going to continue to dominate the tablet market.
Click to expand...
Click to collapse
I think its ridiculous. Its taking way too long.
Sent from my Nexus S using XDA App
Unless things like this change, I won't be using the Android platform in the future. One of my top priorities/needs is great app support. If you don't have that, all this new hardware is useless IMO.
meetagrawal said:
Unless things like this change, I won't be using the Android platform in the future. One of my top priorities/needs is great app support. If you don't have that, all this new hardware is useless IMO.
Click to expand...
Click to collapse
i can agree with that. i was happy to get a front facing camera but i have yet to use it. so whats the point. i could have kept my g2 around.
Well Google released video chat on the Xoom via google chat so hopefully it wont be long until they integrate it into phones
Sent from my Nexus S using XDA App
aaltaf22 said:
Well Google released video chat on the Xoom via google chat so hopefully it wont be long until they integrate it into phones
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
hopefully it may come
It's not just Android, if you check the last update for the Linux client, don't be surprised how long ago that was (January 20, 2010; 13 months ago from Wikipedia).
I've already completely lost faith in Skype, I don't trust them anymore.
ehm??? no 3G calling?
what have i been doing the last few day's?
you can call with 3G.wel atleast i can.
Using skype over 3g service and video calls. And no you haven't been doing it
Sent from my Nexus S using XDA App
I don't think that Skype has any intention of releasing a free Android app. They seem to only be interested in installing video-enabled Skype on devices sold by manufacturers/carriers that will pay them directly. e.g. Verizon or Nokia.
Of course, the strange part of all this is that Skype w/video is available for iPhone 4.
Oh well, if Google releases video chat before skype does, then my skype account, along with the rest of my family's, will be gone.
Sorry if this is a noob question but is it possible to extract the apk of Skype from a Verizon phone and install it on others?
Carne_Asada_Fries said:
Sorry if this is a noob question but is it possible to extract the apk of Skype from a Verizon phone and install it on others?
Click to expand...
Click to collapse
i have been questioning this as well. why it didnt happen yet.
unless :
- there is no phone that is out right now and has skype video call in it
OR
- even if they managed to do so, it wont connect to skype network so it was useless " something to do with skype knowing your phone before it connect to the server, and if the phone is not registered in their database, it wont connect.
There's always Fring;
http://www.fring.com/android/
That said, as a Skype subscription holder it'd be nice to have video supported.
Think about the legal ramifications. Google talk is praticially installed on every device and can't be uninstall. Remember way back when Netscape sued Microsoft for having monopolistic capatilism with having IE installled by default? Eventually they got told By the surpreme court that they have to allow more competitive practice with third party vendors. as far as I can see Google is allowing third party vendors to coexist with their own apps...and thank good. I lovvvve my choices. I'm sure we'll see a filtered down version of honeycomb to smartphone. I bet Google chat will even come as a newly downloadable app from the market with such features. Google certainly have their hands fill. I'm pretty sure they got their hands fill for coding for tablets and smartphones at the same time.
Btw I hate using Skype...why doesn't the app have a turn off button?
thommcg said:
There's always Fring;
http://www.fring.com/android/
That said, as a Skype subscription holder it'd be nice to have video supported.
Click to expand...
Click to collapse
How dare you....
Sent from my Nexus S using XDA App
inspiron41 said:
Think about the legal ramifications. Google talk is praticially installed on every device and can't be uninstall. Remember way back when Netscape sued Microsoft for having monopolistic capatilism with having IE installled by default? Eventually they got told By the surpreme court that they have to allow more competitive practice with third party vendors. as far as I can see Google is allowing third party vendors to coexist with their own apps...and thank good. I lovvvve my choices. I'm sure we'll see a filtered down version of honeycomb to smartphone. I bet Google chat will even come as a newly downloadable app from the market with such features. Google certainly have their hands fill. I'm pretty sure they got their hands fill for coding for tablets and smartphones at the same time.
Btw I hate using Skype...why doesn't the app have a turn off button?
Click to expand...
Click to collapse
You can uninstall any app on the phone if your rooted. And there is a log off/turn off button in skype.
Sent from my Nexus S using XDA App
Carne_Asada_Fries said:
Sorry if this is a noob question but is it possible to extract the apk of Skype from a Verizon phone and install it on others?
Click to expand...
Click to collapse
Not a noob question. The xoom would have had it but skype pulled out. There is no android device that has it. The xoom and the thunderbolt were supposed to be the first to have it.
Sent from my Nexus S using XDA App
charlieb620 said:
Not a noob question. The xoom would have had it but skype pulled out. There is no android device that has it. The xoom and the thunderbolt were supposed to be the first to have it.
Sent from my Nexus S using XDA App
Click to expand...
Click to collapse
heh that means my theory is right. damn i am good
There is a Skype app. It does make (voice only) calls over 3G (and 4G if you believe all the marketing hype). I use it quite regularly to talk with my family back in the US.
As for Google taking forever to put out all these apps, you have to understand that they are subject to the same dev process all other app developers are. They have to wait until the SDK is available. Yeah, they may get it a bit sooner than other devs, but I'd say only a week at most before. It doesn't benefit them to hold out just to get their stuff (apps) out first. And it takes time to produce [email protected]$$ apps. If you dev outside of an existing engine, even longer.
I praise Google for what they've done so far and I look forward to their contributions.

Ummm does this worry anyone else?

I've been up late tonight, and just so happened to stumble across this article over at AndroidPolice. Figured it might interest some people here since it includes our phone.
http://www.androidpolice.com/2011/1...e-numbers-gps-sms-emails-addresses-much-more/
Here's the thing, though. They recommend uninstalling the offending apk immediately, which I tried.....Unfortunately that gives me repeated force closes over and over and over while the system tries to run it, to the point where I had to restore to a backup. So what do we do about this?
UPDATE: You can remove HTCloggers.apk...all you have to do is restart afterwards.
Evo4gLI said:
I've been up late tonight, and just so happened to stumble across this article over at AndroidPolice. Figured it might interest some people here since it includes our phone.
http://www.androidpolice.com/2011/1...e-numbers-gps-sms-emails-addresses-much-more/
Here's the thing, though. They recommend uninstalling the offending apk immediately, which I tried.....Unfortunately that gives me repeated force closes over and over and over while the system tries to run it, to the point where I had to restore to a backup. So what do we do about this?
Click to expand...
Click to collapse
Yes and no.
Yes because so many users run Sense.
No because I run AOSP.
Frankly, I wonder how many other serious flaws there are.
I can name several apps that want their hands on permissions they have no business in [Facebook for one]
Its like 1984 for sure. There's an article in the new section here at xda that talks about some of the other vulnerabilities as well.
Sent from my PC36100 using xda premium
Thanks for sharing. Another reason why we root our phones
Sent from my PC36100 using XDA Premium App
Many devs remove these programs and such to remove ciq. I can't find the thread right now, but it reads just about everything. It's so deeply imbedded into the framework.
It reads every button you press on your keyboard.
Every text you send and receive.
Every app you use and download.
The pages you browse on using the internet browser.
It even goes as far to read any spot on your screen that you touch.
This is spyware to the extreme. Sprint and HTC will say its not "spyware" and say its used only for marketing to determine how phones are being used to further develop for the current trends in smartphones. It's very possible they could steal personal info with this. Is it currently happening? Uhh...probably not, but there will still be a lot of paranoia about it.
Sent from my PC36100 using XDA App
Sounds like a really good reason to stay with AOSP to me...
very True Haha
Sent from my GT-I5800 using XDA App
Some of us haven't forgotten the XCP rootkit that was on some Sony BMG titles in 2005... hope HTC doesnt suffer a similar demise like Sony eventually has of late.
This has been removed from MikG.
This is exactly why I'm AOSP. (that and sub-100MB ROM files)
I read the article too- (I have an Androidpolice/Android Central) feed in my Pulse reader....
I already knew CIQ and such were slimy embedded spyware...but the Treve app- spotted stuff I hadnt deleted already... Sprint sent me a "letter" about bandwidth usage and We-KNOW-what-Your-Doing" ----
I'm not amused by HTC/Sprint's collusion... leaving our bottoms out there in the cold for anyone to do whatever with.....
I bet even money my phones been cloned... sometimes I can't use it for calls .. recently -and I'd not had a single missed call or problem in a year.
I'm not a happy camper.. worried about my credit card #'s and really really am annoyed by HTC sliming us this way...
to the tune- that it'll be an icey cold day in hell before I'd consider buying another HTC phone for anyone in my family- (my family has 3 Evo 4g)...
We are not amused.....
HipKat said:
Sounds like a really good reason to stay with AOSP to me...
Click to expand...
Click to collapse
AMEN
it appears to me that this file has already been removed from MikFroyo. At least, I can't find it...
BTW, you can just remove it using TIbackup, but you'll have to restart to get rid of the repeated force closes. Simple fix, and I've done the same for CarrierIQ as well.
It was removed from sprint lovers rom as well... I couldnt find it at least
I removed HtcLoggers.apk from mine and after rebooting (force close loop) it seems to be working fine. However, is there an old log file still on the phone that can be read by some Spyware app that needs to be removed or does all this data need to come from the logger app itself? If there still is a log, I'm sure it has enough info to still steal my ESN and other stuff.
Wow! Glad I run custom ROMS

Master Key Exploit patch?

Has HTC push the patch? Samsung already roll out security patches to S4. I Just scanned, my ONE is unpatched/vulnerable.
Here’s How You Can Check If Your Android Device Is Patched Against The Master Key Exploit.http://www.redmondpie.com/check-if-your-android-device-is-patched-against-the-master-key-exploit/
Sent from my HTC One using xda app-developers app
the Google Edition roms are patched
IINexusII said:
the Google Edition roms are patched
Click to expand...
Click to collapse
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
crackeyes said:
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
Click to expand...
Click to collapse
That app says I'm patched and I'm running InsertCoin with the latest elementalX. I wonder if the master key patch is in the kernel. If so, that makes sense.
Sent from my HTC One using Tapatalk 2
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
@Wiss said:
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
Click to expand...
Click to collapse
What CID and OTA or custom Rom?
Sent from my HTC One using Tapatalk 4 Beta
Ye in the last OTA it is patched. The 4.2.2
My One is "patched." I don't download warez, steal paid apps, or install third-party app stores that are untrusted.
I have no sympathy for anyone who does the above and gets their phone jacked up.
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
KekeJr said:
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
Click to expand...
Click to collapse
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
BenPope said:
Basically you can't trust downloads that didn't come from the play store
Click to expand...
Click to collapse
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
BenPope said:
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
Click to expand...
Click to collapse
First i want to thank you !
Second: ....so, basically this means that it was not that BAD... as the media said !
We all knew that only Play store has trustable content.
Thanks, again !
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off. As a general rule, I don't download any apps that require the "run at startup" or "install shortcuts" permissions, unless I fully trust the developer. By the way, there's an easy solution; Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Basically don't install a calculator app that has full phone/internet/device permissions
The android security model is actually quite good IMO, there's been some exploits but everybody has them (not just android) and they get patched relatively quickly. Potential exploits aside it's actually quite good.
Sent from my HTC One using Tapatalk 2
REDACTED
Sent from my HTC One using xda app-developers app
WhatsAUsername said:
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off.
Click to expand...
Click to collapse
Really? What app was that? I mean, I get annoyed at Candy Crush Saga spam too, but I hardly consider it malware.
WhatsAUsername said:
By the way, there's an easy solution, Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
Click to expand...
Click to collapse
You're kidding yourself if you think Apple or Microsoft isn't collecting as much data about you as they can and doing what they want with it. Beyond that, I always take point with folks who accuse any company of "stealing your information." They're not. You're freely giving them access to it (as outlined in that Terms of Service/ELEU agreement you don't read) to utilize their services. If you don't want them to have your info, then don't share your info with them.
bbedward said:
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Click to expand...
Click to collapse
Halfway true. It's more difficult than you think to get malicious apps on the Play store. Most of the "successful" attacks have been from someone uploading the 1.0 version of their app(which is perfectly clean, and passes inspection by Google Bouncer) then pushes an update to it with some of the malicious code. As you noted, it usually gets flagged and removed at this point. The other way I've heard of people getting "infected" from apps off the Play store is when the author ties their ads into a nasty website, tricks the user into clicking on it, then further tricks them into downloading an unsigned/untrusted APK.
Yup, as long as your not doing some silly things like getting you apps from the Pirate Bay or Joes crazy world of underground apps you will be more or less safe.
godutch said:
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
Click to expand...
Click to collapse
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
alanchai said:
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Check your play store version I have 4.1.10 and I am patched

NFL Mobile + root = no go???

So as some of you may already know, the latest update for the NFL Mobile app (came out this morning I think) has officially killed its functionality with rooted (or "non stock Android") devices. A story on Android Police can be see here.
At any rate, I saw a recent post on a GSIII forum (here)where the user claimed to have a workaround which, among other things, involved renaming the superuser.apk, however if you're using CM nowadays then you'll know there really isn't a separate apk - instead it is now integrated into the rom. That being said, does anyone have any idea similar to this that might work for tricking the app into thinking it isn't running on a rooted unit? I have no clue myself, but seeing as how no one has started a dedicated thread for this in the forum of the current Google flagship phone, I thought I'd get things started.
Thanks in advance people!
Well I guess it looks like no one has any ideas...? Oh well, a rare swing-and-a-miss for solutions in the xda community
A quick fix would be to just find the apk for an older version and install that one. That's what I'm currently trying to do, there's no reason for then to block us from using it just because we're rooted.
Sent from my Nexus 4 using Tapatalk 4
Kyle C said:
A quick fix would be to just find the apk for an older version and install that one. That's what I'm currently trying to do, there's no reason for then to block us from using it just because we're rooted.
Sent from my Nexus 4 using Tapatalk 4
Click to expand...
Click to collapse
Well yeah, I mean I already uninstalled and then restored a backed up version of the app using Titanium Backup. The problem is - and if you've been a user of the NFL apps over the last year or two then you'll know this - that the NFL app is not like most apps where each upgrade just adds some incremental upgrades or changes. With this app the upgrades are typically pushed out right before the start of the key timeframes of the NFL season: usually an update right before preseason; another before the start of the regular season; another at the start of the playoffs; another right before the Super Bowl; and once more right before the draft in April. Each update is specific to that time period of the season and usually contains the critical information/tweaks/additions/UI alterations specific for that segment of the year. Point being, after missing an update or two, the app becomes extremely outdated and eventually useless. And that's why, in the mid-to-long term, just using the older version of the apk unfortunately isn't a useful alternative. Damn you NFL! Now we just have to hope the xda community will come to the rescue as they usually are able to do
joeski27 said:
Well yeah, I mean I already uninstalled and then restored a backed up version of the app using Titanium Backup. The problem is - and if you've been a user of the NFL apps over the last year or two then you'll know this - that the NFL app is not like most apps where each upgrade just adds some incremental upgrades or changes. With this app the upgrades are typically pushed out right before the start of the key timeframes of the NFL season: usually an update right before preseason; another before the start of the regular season; another at the start of the playoffs; another right before the Super Bowl; and once more right before the draft in April. Each update is specific to that time period of the season and usually contains the critical information/tweaks/additions/UI alterations specific for that segment of the year. Point being, after missing an update or two, the app becomes extremely outdated and eventually useless. And that's why, in the mid-to-long term, just using the older version of the apk unfortunately isn't a useful alternative. Damn you NFL! Now we just have to hope the xda community will come to the rescue as they usually are able to do
Click to expand...
Click to collapse
Ooooh gotcha. I didn't realize that that's how NFL ran their app. That's really annoying.
i'm not rooted, but that does seem like somebody went off the deep end with this app. rooting a device won't hurt their revenue, in fact, it will probably increase it from allowing ALL Android (and iOS) devices access the app. instead, they're cutting off access to a HUGE chunk of their fans, present and future. in essence, they're biting the hand that feeds them.
i voted the app down in the app store out of principal alone.
I am extremely displeased with this as well and am searching for a solution. Leave it to Verizon to try to control how you use YOUR phone.
hey is this an nfl app for verizon or a market version for all?
playya said:
hey is this an nfl app for verizon or a market version for all?
Click to expand...
Click to collapse
From what I gather there are two different versions - the one that comes on Verizon phones, and the one that anyone else can grab from the Play Store. I have the Play Store version (as a TMo customer).
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Its working for me on pa
Sent from my Nexus 4 using xda app-developers app
Working on 4.3 stock rooted.
Sent from my Nexus 4 using Tapatalk 4
CNexus said:
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Click to expand...
Click to collapse
Boss.
CNexus said:
@joeski27
Block removed. Enjoy!
http://forum.xda-developers.com/showthread.php?t=2395333
Click to expand...
Click to collapse
And THAT is why the xda community is PRICELESS! You're my hero, well done and a big tip of the cap to you, CNex! Long live xda, and long live Android!!! And btw I'll do my best to spread the word to the countless other forums on xda for other devices with people trying to find th same solution!
joeski27 said:
And THAT is why the xda community is PRICELESS! You're my hero, well done and a big tip of the cap to you, CNex! Long live xda, and long live Android!!! And btw I'll do my best to spread the word to the countless other forums on xda for other devices with people trying to find th same solution!
Click to expand...
Click to collapse
Awesome, sounds good
Just in posting my thread I got a ton of hits of people freaking out about the new app...lol
FYI, they have fixed the app and it is now working perfectly fine on rooted devices strait from the play store
I might be the only one it's not working for. Wondering if anyone can help.
I cannot get 95% of the buttons to work in the Fantasy section of the app. Not only that, when I said 'to hell with the app' and went to their mobile site (which looks exactly like the app), I got the same thing... 95% of the buttons on the mobile site wouldn't do anything.
Now, on my N7, everything works fine.
Any ideas?
Edit: It was Ad Away. Can't use the app while it's running. Now I'll try to find the hosts file and see if I can edit the NFL entries out of it.

Categories

Resources