As title...
https://developers.google.com/android/ota#shamu - OTA full image
https://developers.google.com/android/images#shamu - full image
Is the microphone issue fixed?
Sent from my Nexus 6 using Tapatalk
Same bootloader, same radio. FYI
FLaMpeR said:
Is the microphone issue fixed?
Sent from my Nexus 6 using Tapatalk
Click to expand...
Click to collapse
I have the same question. This bug is annoying.
Demonoid_i_am said:
I have the same question. This bug is annoying.
Click to expand...
Click to collapse
Yes it's fixed for me.
Sent from my Nexus 6 using XDA-Developers Legacy app
buge boyo said:
Yes it's fixed for me.
Sent from my Nexus 6 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Glad we can fix it...is dirty flash from 7.1.1 alright?
Sent from my Nexus 6 using Tapatalk
Strange. Just swapped phones with my wife and the loudspeaker echoes horribly, so I guess it's not fixed for me, unless I'm misunderstanding the problem...
Edit: Half an hour later, after dinner and a flash of Yoinx's speaker fix, both my wife's Nexus 5 and my Nexus 6 are clear as a bell, both of them on loudspeaker. I therefore say that the Google image does not contain the loudspeaker fix - not from where I sit, anyway. Anyone else?
"is dirty flash from 7.1.1 alright?"
Yes. I flashed the OTA directly over the existing N6F26Q and it works fine.
Best way to tell is if someone could pull the mixer file and diff it to see any changes ... I would but I'm not in front of my setup right now.
Well, from where I sit the best way is to call someone, switch on your N6 loudspeaker, and see if they can hold a conversation with you... Which I did. And it didn't work until I flashed Yoinx's zip.
Google will most likely not fix it. Any new updates will most likely just be security patches. If you want the fix then I would flash the zip or grab a custom roms that has it fixed for ever. Never can say I ever had this issue as I don't use speaker phone ever. Unless completely alone it is considered rude.
The nerve. Why in the world would they leave such a feature broken. I know some people don't use it but the purpose of a phone is to freaking work. Doesn't matter if you use that feature or not. Others do. I use speaker all the time because I work from home. Stock software shouldn't have this problem. Period. It's been over a month and still no fix from Google. Meanwhile our guys fixed it almost immediately. This is just plain negligence and disrespectful at this point. I guess it's a sign they want us to get a new device so they completely fu**ed this phone by breaking what is a core and even basic feature of all phones. Ridiculous and ******y practices. At this point there literally is nothing that's making me more mad.
MysticKing32 said:
The nerve. Why in the world would they leave such a feature broken. I know some people don't use it but the purpose of a phone is to freaking work. Doesn't matter if you use that feature or not. Others do. I use speaker all the time because I work from home. Stock software shouldn't have this problem. Period. It's been over a month and still no fix from Google. Meanwhile our guys fixed it almost immediately. This is just plain negligence and disrespectful at this point. I guess it's a sign they want us to get a new device so they completely fu**ed this phone by breaking what is a core and even basic feature of all phones. Ridiculous and ******y practices. At this point there literally is nothing that's making me more mad.
Click to expand...
Click to collapse
What do you expect. The device is EOL which means anything broken will stay broken. Then add in that the OS was coded for 64 bit devices and had to be ported to our device to begin with. Also really if you are not willing to dig in and fix the issue then you miss the whole point of owning a nexus. It's a developer device.
And yes some people use it and some don't. That is the way it is with all features.
Getting upset about it is really pointless.
AOSP commits from 7.1.1_r13\N6F26Q to 7.1.1_r17\N6F26R
.
project bionic/
e046081 Check for bad packets in getaddrinfo.c's getanswer.
project build/
8a89878 N6F26R
e225344 Update Security String to 2017-02-05 on nyc-dev
8e84b75 Update Security String to 2017-02-01 on nyc-dev
project device/htc/flounder/
a37d1ee Fix security issue in Visualizer effect
project external/libavc/
cf606f3 Decoder: Fix in checking for valid profile flags
project external/libgdx/
c156e72 Fix security vulnerability
project external/libhevc/
3a64694 Fixed handling invalid chroma tu size for error clips
f22345d Fixed out of bound reads in stack variables
e20f6b8 Fix in Chroma SAO for non-multiple of 8 height
project frameworks/av/
048ba59 Fix security vulnerability: potential OOB write in audioserver
bab10e4 Effect: Use local cached data for Effect commit
project frameworks/base/
593144f [DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
de5747d Fix vulnerability in MemoryIntArray
a66099e DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
4df434d DO NOT MERGE: Check provider access for content changes.
project frameworks/native/
541b1eb Correct overflow check in Parcel resize code
74dae33 Fix security vulneratibly 31960359
509fb5c Fix SF security vulnerability: 32706020
project hardware/libhardware/
9f0e940 Fix security vulnerability: potential OOB write in audioserver
project libcore/
c55ce33 Fix URL parser may return wrong host name
project packages/apps/Bluetooth/
379e7b6 Remove MANAGE_DOCUMENTS permission as it isn't needed
project packages/apps/Messaging/
1bb11f3 resolve merge conflicts of eafd58a to nyc-dev
13f739b 32807795 Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the messaging app.
86e5bf5 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so
project packages/apps/UnifiedEmail/
1fc7b01 Don't allow file attachment from /data through GET_CONTENT.
project system/core/
7f94bb4 change /data/bugreports to /bugreports
project system/sepolicy/
54a3eec label /bugreports
dahawthorne said:
As title...
https://developers.google.com/android/ota#shamu - OTA full image
https://developers.google.com/android/images#shamu - full image
Click to expand...
Click to collapse
Is there a TWRP flashable version? Those of us with root ava TWRP need to extract the zip and flash system. IMG, boot.img etc. Using ADB?
zelendel said:
What do you expect. The device is EOL which means anything broken will stay broken. Then add in that the OS was coded for 64 bit devices and had to be ported to our device to begin with. Also really if you are not willing to dig in and fix the issue then you miss the whole point of owning a nexus. It's a developer device.
And yes some people use it and some don't. That is the way it is with all features.
Getting upset about it is really pointless.
Click to expand...
Click to collapse
Okay so you're telling me it's perfectly fine for a manufacturer to leave a device in a broken state because the device reached the end of its life? This is what's wrong with the world lol. And no I'm not missing the whole point of the nexus line. This is my first Nexus device however. But that's not the point. You don't leave major bugs like this unfixed. Not sure about you but if I pay for something EVERYTHING on the phone should work correctly. Of course there'll be a few minor hitches here and there. I expect that from betas and custom roms. But that's what BETAS and custom roms are for. The point of the nexus line is to play with custom software. Of course if some things from that doesn't work then of course you can't expect google support. You buy a nexus (or at least you used to) to get pure Android without skins like TouchWiz or HTC sense. And of course to experiment with custom software. Just because google allows custom software on the device does not give them the right to fu** us on an update then leave it to the community to fix it. Luckily we have a terrific community that fixed it in no time. But still I expect that google fixes the mistake they made. Because it was in fact their mistake. They released an official update. Not a beta. This is supposed to be stable!
sanumaj said:
Is there a TWRP flashable version? Those of us with root ava TWRP need to extract the zip and flash system. IMG, boot.img etc. Using ADB?
Click to expand...
Click to collapse
No, you don't need to do all that. You can if you want, but the OTA is a one-button solution - sideload via ADB, reboot, job done. You'll need to reroot.
zelendel said:
The device is EOL which means anything broken will stay broken.
Click to expand...
Click to collapse
I wouldn't argue with zelendel on technical matters, but I can on matters of policy and principle.
This is no different from taking your phone in for repair and finding that they've fixed what you asked them to fix but have broken another component. You could argue that the difference here is that the ROM upgrade is free; I refute that by saying that I paid a great deal of money (£549/$800) on the understanding that I would receive ongoing support. That support does continue to come, and I welcome it, but the bottom line here is that Google broke a function and are therefore morally obliged to repair it. And since this is the company whose motto at the beginning was (is it still...?) "Don't be evil" I think I'm entitled to get upset, no?
For me its simple. Google broke it so Google needs to fix it. EOL or not, they brought out an official security update that has a error in it. But to be honest, i don't believe that Google even cares about the N6, to them its an old phone not worth putting much time and energy in.
Well it's a punch in the face to all of us who purchased the Nexus 6. This year Nexus 6p and 5x will suffer the same fate and next the Pixel phones. Great way to keep trust. The speakerphone is really important while driving or when using in a conference call which the latter is in my case. They've spent way to long time without fixing it. I'm grateful for the custom ROM community but Google should have fixed it long time ago for those who depends on running stock. Because of issues like this and conducts like this, people will move on to a different OEMs. In a marketing side of view, Google will loose customers in the long run.
TMG1961 said:
For me its simple. Google broke it so Google needs to fix it. EOL or not, they brought out an official security update that has a error in it. But to be honest, i don't believe that Google even cares about the N6, to them its an old phone not worth putting much time and energy in.
Click to expand...
Click to collapse
EOL does matter though. Google broke a core function of our device on the last official Android update we will get. One could argue it was not intended to make us buy a newer device, but Google's behavior on it leaves much open to speculation.
And to the anyone defending Google, would it be OK if auto manufacturers updated your car's radio on the first service appointment after the warranty had expired, and said update disabled all but one of your speakers? That's essentially what Google has done to the N6. To top it off, seeing the defense of Google is like going back to work after your service appt, and when you complain about the broken speaker functionality at the water cooler, your co-workers tell you you should give Ford some slack, after all, you're outside the warranty period, and they didn't the have to update anything for you.
Related
I hope we get 2.2
http://it.slashdot.org/story/10/11/05/0229205/Researcher-To-Release-Web-Based-Android-Attack
"The attack targets the browser in older, Android 2.1-and-earlier versions of the phones."
http://forums.t-mobile.com/t5/Samsung-Vibrant/Security-vulnerability-in-2-1/td-p/535335
And the thread appears to have already been locked.
EDIT: My bad, the link icon isn't a lock icon.
What an ass. So he figures out something and now hes going to release it?
So is his intensions to piss people off or force Googles hands to fix it?
kizer said:
What an ass. So he figures out something and now hes going to release it?
So is his intensions to piss people off or force Googles hands to fix it?
Click to expand...
Click to collapse
I think its the latter. That, or to light a fire under the OEMs & network operators to get 2.2 out to more devices. Just my $0.02...
Sent from my SGH-T959 using XDA App
The current OEM vendor/carrier model is one of the worst parts of Android. Google attempted to break this model via the Nexus One. Hopefully it does light a fire to improve the security model for these phones.
Google may be forced to rein in some of the rampant variances to secure the platform via enforcing a minimum level of compliance to security updates or else revoke a phone makers ability to use the Android trademark.
The problem has already been fixed with 2.2, so the onus is on the OEMs to get their act together.
Some things make me want to respect this guy, then again it affects me since we have yet to recieve 2.2. But yes I believe all android phones should be running current software.
I wonder if you need to be rooted in order to fall the vicitm, unless you can push superuser.apk via the exploit and run it.
Have to give him props for trying, and like seeing that he is using linux based OS to develop on
lqaddict said:
I wonder if you need to be rooted in order to fall the vicitm, unless you can push superuser.apk via the exploit and run it.
Have to give him props for trying, and like seeing that he is using linux based OS to develop on
Click to expand...
Click to collapse
Youre right! Maybe he works for T-mobile and is secretely making all our phones go back to stock and unrootable. Which in turns means they will never release 2.2 hahaha. <- By the way do not take this as actual fact I know how the paranaoid are here on the forums lol
lqaddict said:
I wonder if you need to be rooted in order to fall the vicitm, unless you can push superuser.apk via the exploit and run it.
Have to give him props for trying, and like seeing that he is using linux based OS to develop on
Click to expand...
Click to collapse
No, this a generic exploit within WebKit. The actual exploit itself doesn't have superuser access, it can only access what the web browser is able to access. It can't make phone calls or generate SMS messages, but it can access files like photos and whatever else is available to non-rooted apps.
I don't know why you guys think this guy is a douche. This is how it always worked. When people find security vulnerbilities, they tell the company, but the company usually doesn't move it up to the top of the list to fix. So they mention the type of security flaw there is, sends the information to the company, and sometimes even mention it at conferences. After publicly announcing it, they give the company time to fix it, otherwise it's the company's fault for not getting their ass in gear to fix the security issue.
DKYang said:
I don't know why you guys think this guy is a douche. This is how it always worked. When people find security vulnerbilities, they tell the company, but the company usually doesn't move it up to the top of the list to fix. So they mention the type of security flaw there is, sends the information to the company, and sometimes even mention it at conferences. After publicly announcing it, they give the company time to fix it, otherwise it's the company's fault for not getting their ass in gear to fix the security issue.
Click to expand...
Click to collapse
I do no see how he is a douche.
Ignoring the issue does not make it disappear, and he clearly has done his work to make the issue public in hopes it gets addressed.
Releasing a code with a security hole that you have to use something to circumvent the security of the device to fix is douche (apple vs jailbreakme.com anyone)
kizer said:
What an ass. So he figures out something and now hes going to release it?
So is his intensions to piss people off or force Googles hands to fix it?
Click to expand...
Click to collapse
I was paranoid by this too. My Vibrant will shackled from having sex with the web until it gets 2.2 Maybe that researcher wants them to release Froyo soon so use this to leverage against them to release ASAP?
I don't think he's a douche. I honestly want to believe that google would push carriers to be on the same OS. Just the fact that not all android phones can handle the 2.2 OS - And so people stuck with those phones and would be affected by this flaw is pretty crappy. But I really hope this makes carriers want their phones updated and running the latest and greatest. Only time will tell.
Has anyone else seen this yet? It's a supposed secure OS for nexus devices. https://copperhead.co/android/downloads If anyone checks it out, let us know how it goes.
Wow I never seen this.:laugh:
Looks interesting, Im gonna check it further. Probably a AOSP based with some patches, fdroid, and some anti-gapps apps?
Most definitely curious as to how this runs....they want you to relock the bootloader though...????????????
Runs really nice. But there is no open source support for my android wear watch which I need.
No thank you. I would rather trust google and NSA, instead of some no name offshore company.
Sent from my Nexus 6P using XDA Labs
suhridkhan said:
No thank you. I would rather trust google and NSA, instead of some no name offshore company.
Sent from my Nexus 6P using XDA Labs
Click to expand...
Click to collapse
Toronto is off-shore?
Lol
Sent from my Nexus 6P using XDA-Developers mobile app
Locking the bootloader is good for your security.
Sent from a 128th Legion Stormtrooper 6P
toronto is offshore? do you think they live in igloos still aswell?
also this is just aosp with google signatures,
i tested for fun, boot animation is crap,
some lag going n settings,
no playstore access, no gapps at all from what i saw,
secure unsure, i dont know enough to rip apart the source and see if any holes from the company,
I was intrigued by Copperhead since reading about the Unaphone, another Google free operating system. Unlike Unaphone, whom's developers were providing it only for their proprietary hardware, when I saw CopperheadOS I knew I was going to try it for sure!
Previously running Resurrection, my phone already had an unlocked bootloader. Even if it hadn't, flashing Copperhead using the developer's instructions is very easy.
First impressions were good. The phone was noticeably more responsive, lacking google services normally running, and stable since the OS itself is based on stock which was considerably more stable than other roms I've tried. All the features you would expect from 6.0.1 are present and working. What is not preset however is the Google Play store or services! I didn't appreciate the implications of not having google services before actually trying to use a phone without them. Although it is possible to sideload gapps, one would rather negate the point of this ROM.
Poking around the settings the first thing I noticed were granular security settings with detailed descriptions. There is also a nice security versus performance slider for the layman. The idea of preventing exploits using the techniques in this rom is my main reason for using it.
After an evening of use, the vast majority of closed-source-paid apps I was able to replace with open-source alternatives. There are a few exceptions I am still trying to figure out, but overall, I think if you are willing to cut the google-cloud-services cord its worth a try. If you really must, most apk's for closed apps can be found and installed but these decisions should probably be weighed carefully.
I never realized my reliance on google and closed apps until I tried to use an OS that doesn't rely on them. Trying this rom is a good exercise in living off the google grid; or at the least driving the use of google services back into the browser.
At the end of the day this rom has its place for the privacy and security minded enthusiast, but for the average user, sticking to something with google services is probably more realistic.
longview41 said:
Toronto is off-shore?
Click to expand...
Click to collapse
pacman photog said:
toronto is offshore? do you think they live in igloos still aswell?
Click to expand...
Click to collapse
The 'offshore' part was simply a figure of speech.
What I mean is that if you don't trust google with your data, you have more reason not to trust an unknown company.
At least google is transparent about my data, and gives me control of how much I want to share with them. https://myactivity.google.com/myactivity
Installed it yesterday on a Nexus 5x and so far it runs great. It indeed seems really security orientated with no default root or GApps. Didn't try to activate xposed (which I hope will work) or related stuff yet but so far I intend to keep it.
Copperhead is trusted. They will be working with Guardian Project and Fdroid to build a complete system. Read this post for more info: https://copperhead.co/blog/2016/03/29/crowdfunding-partnership-announced
mg.degroot said:
Installed it yesterday on a Nexus 5x and so far it runs great. It indeed seems really security orientated with no default root or GApps. Didn't try to activate xposed (which I hope will work) or related stuff yet but so far I intend to keep it.
Click to expand...
Click to collapse
Please let us know if you're able to root, install xposed and still relock the bootloader.
mg.degroot said:
Installed it yesterday on a Nexus 5x and so far it runs great. It indeed seems really security orientated with no default root or GApps. Didn't try to activate xposed (which I hope will work) or related stuff yet but so far I intend to keep it.
Click to expand...
Click to collapse
Could you please share some screenshots... Would like to try the OS... But would like to see how it is ...
Also do you see the sRGB mode in developer options... Without it the colors on the Nexus 6P are inaccurate at best...
Stop asking about features or customisation options, this rom has none. Its about security, not features
kbBT4A5e said:
I was intrigued by Copperhead since reading about ...
After an evening of use, the vast majority of closed-source-paid apps I was able to replace with open-source alternatives. There are a few exceptions I am still trying to figure out, but overall, I think if you are willing to cut the google-cloud-services cord its worth a try. If you really must, most apk's for closed apps can be found and installed but these decisions should probably be weighed carefully.
I never realized my reliance on google and closed apps until I tried to use an OS that doesn't rely on them. Trying this rom is a good exercise in living off the google grid; or at the least driving the use of google services back into the browser.
At the end of the day this rom has its place for the privacy and security minded enthusiast, but for the average user, sticking to something with google services is probably more realistic.
Click to expand...
Click to collapse
Thanks for sharing your experience. So we have decide if security is really more important than our investment and dependency in the Google ecosystem. I depend on G too much. My email is like my passport or online identification. I dont sideload unknown or unverified apps, dont visit links i dont know about, etc. Yes, i can still be remotely exploited, but i am not a gov official or some sort of millionaire with top secret info on my phone, as most of us. You saved me couple of hours of my day
A little update since I've been running this for about 2 weeks. I sideloaded gapps and the phone has been running fine, but found out today while trying to install the latest OTA update from copperhead it fails to install due to inconsistencies detected in the system partition since I installed gapps; from a security standpoint this feature is great. Unfortunately I can't function without gapps. In order to get the latest security updates, which is probably more important than the security features cooked into copperhead, I must: reflash the device with the latest full image, install twrp, sideload gapps, restore the copperhead recovery, then reinstall all my apps.
This being the case to get OTA updates, unless you can really commit to opensource with no gapps its not really worth the hassle.
Using it for an extended period I did notice the device was a bit slow even on medium security settings. Originally I had it maxed right out, but it wasn't usable. On medium it was a small price to pay for security but its hard to quantify the value.
I think its time to return to an AOSP rom for me.
I'm running it currently runs great but I can't figure out how to fix the dreaded APN issues :\ Tried almost every fix on XDA haven't gotten Any dev help either :\ other than the lack of data its a great ROM. Apparently I'm not alone judging by the other post on XDA about this. Apparently this is a known issue with no real fix. Sucks since its the only reason I got this phone
Hi guys add me also 09945673600
According to the BBC, "Serious security flaws that could give attackers complete access to a phone's data have been found in software used on tens of millions of Android devices." This includes the Nexus 6.
Full story here: http://www.bbc.co.uk/news/technology-37005226
App from Check Point for testing whether your device is susceptible: https://play.google.com/store/apps/details?id=com.checkpoint.quadrooter
I never worry for two reasons,
1) I watch what I download and install, trusted vendors and sources only
2) It is a Nexus device it will be patched
Don't worry, yesterday it was stagefright, now it's something else.
With Nexus we will be close to a patch
http://thetechportal.com/2016/08/08/new-android-vulnerability-quadrooter/
This one took six months of reverse engineering qual comm code to find. And that is only to outline theoretical avenue for attack...real exploit can be more challenging.
It is ranked as "high risk"...Not even the highest category (critical is highest). There are many high and critical vulnerabilities patched every month. I think the only thing unique about this one is press coverage drummed up by checkpoint to celebrate their finding and make themselves look more notable
http://www.recode.net/2016/8/8/12403088/android-security-mess-quadrooter
http://www.recode.net/2016/8/8/12403088/android-security-mess-quadrooter
"Google, meanwhile, says three of the four flaws tied to Quadrooter were patched in an August security update while the fourth is set to be fixed soon. "
electricpete1 said:
"Google, meanwhile, says three of the four flaws tied to Quadrooter were patched in an August security update while the fourth is set to be fixed soon. "
Click to expand...
Click to collapse
Hmmmm. I'm running MOB30W (dated 5th August), and the Checkpoint app claims that I'm vulnerable to 3 of the vulnerabilities, so either Google or Checkpoint have got something wrong...
Philip said:
Hmmmm. I'm running MOB30W (dated 5th August), and the Checkpoint app claims that I'm vulnerable to 3 of the vulnerabilities, so either Google or Checkpoint have got something wrong...
Click to expand...
Click to collapse
It needs stock kernel, because it's a kernel driver bug. I'm using my own build but with the stock kernel, and it says only one vulnerability left.
btw.. 3 of the 4 are already patched.
If you are on the August update only one of the four is still an issue. And Franco just rolled the commit in for the fourth one in his update today if yoy are using his kernel.
But as mentioned, just be careful what tou install and it is a non issue. And remember its a report of a flaw, not a report of it being used in the wild. Big difference.
The Checkpoint app is questionable I think. Lots of false positives being reported on the web.
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Note that THREE of the FOUR bugs are within the closed source GPU (Adreno) drivers.
So this is a very strong argument in favor of getting this crap swapped out in favor of freedreno.
And I've applied the CAF patch to the kernel. Great, but the app still lists it as a vulnerability. So since the fix looks valid, then the app must give a false positive.
zelendel said:
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Click to expand...
Click to collapse
finally a voice of reason!
thanks man, couldn't agree more. Unfortunately 95% of the people that come here don't get it..
zelendel said:
Really guys this is nothing more then more fear mongering. As long as android offered open source code you will always find holes like this. Most are nothing to even worry about. Just like the stagefright issue. Dont sweat it.
Click to expand...
Click to collapse
100% agree. Exploits usually need to be customized for different makes, models, and Android operating system versions in order for compromise to occur, really, really difficult to own an entire ecosystem.
Every year it's something new, first stagefright, now Qualcomm bug, nothing comes of it and it's packed withing a month or two, it makes you wonder why they even bother reporting on it.
did the scan and my nexus 6 is ok running the dev 5 android 7 rom
Former Cyanogen developer - "if you have a CyanogenOS phone and can disable updates o
https://www.reddit.com/r/oneplus/comments/5k8ppv/former_cyanogen_developer_if_you_have_a/
TL;DR provided by /u/Nickers77
CyanogenOS team was mostly fired, rest quit.
Core developers are gone, don't download any updates.
Reason for this change is so they can monetize android OS, presumably by selling consumers to adware companies.
They can push system-level packages to your phones undetected and with no way to stop.
Google now competitor, but since it doesn't have access to Google calendars and searches like the entire of the Google system, will rummage through your data to find relevant info.
Click to expand...
Click to collapse
How can you do this on a stock device?
Go go Settings ==> Apps ==> Show System (behind the 3 dots on Top right) ==> open "Systemupdates" ==> check "disable"
Info is from the Reddit article from the first post...I don't know if this is enough, but I did this on my Oneplus One.
Boy that went downwards real quick. First the death of CyanogenOS, then the death of CyanogenMod, now this. Guess Cyanogen Inc won't be around for too long.
GXGOW said:
Boy that went downwards real quick. First the death of CyanogenOS, then the death of CyanogenMod, now this. Guess Cyanogen Inc won't be around for too long.
Click to expand...
Click to collapse
It was foolish trying to make profit from CyanogenMOD ...when COS was created I was why? why? ...at least now this is dead so it's LineageOS or roms based on that which is cool
I hate this corporate D, who tried to make profit from open source code
evronetwork said:
It was foolish trying to make profit from CyanogenMOD ...when COS was created I was why? why? ...at least now this is dead so it's LineageOS or roms based on that which is cool
I hate this corporate D, who tried to make profit from open source code
Click to expand...
Click to collapse
Well putting an asshole like McMaster in the CEO position wasn't one of their smartest moves either. The whole company was just one downward spiral. It's a shame, but that's how things went, unfortunately. Let's hope LineageOS will take of as the worthy CM-successor. Hopefully no-one will have the bright of starting something like Lineage Inc.
GXGOW said:
Well putting an asshole like McMaster in the CEO position wasn't one of their smartest moves either. The whole company was just one downward spiral. It's a shame, but that's how things went, unfortunately. Let's hope LineageOS will take of as the worthy CM-successor. Hopefully no-one will have the bright of starting something like Lineage Inc.
Click to expand...
Click to collapse
Well LineageOS inc would be terrible as a name, heck I find the name bad but as long as it's open source and similar to CyanogenMOD I'm fine
Just wish they would try to reduce it's size, ~400MB for a custom rom? that's terrible
I'm baffled that everyone is surprise with this....any manufacturers or devs can push system-levels packages into their rom without user ever noticing it whether in full roms or via OTA updates....
remember this articles http://www.kryptowire.com/adups_security_analysis.html ??? it is the same thing happening on COS and no one notice it until Kryptowire discovered it last month....
I worked at Cyanogen.
They fired the OS team at the end of July. Of the rest, half were gone by the end of November, and the only people who weren't looking for another job were upper management.
They shut down the Seattle office at the start of December. They're selling off all the equipment there (except the large televisions we used for all hands meetings for some reason). That leaves a very small subset of the developers.
They have nobody who knows how to create a new android build. They have nobody who knows how to upload a build to aerios (the OTA system). They have nobody who has write access to aerios (though they could log into cassandra and add someone manually -- hell, that's what I had to do). They have nobody who can authorize a build to go out to end users. I think they have just barely enough technical knowledge to shut off our AWS services (but I can't be sure about that -- we enabled termination protection for some instances, and that might trip them up). They could potentially hire contractors for QA, though.
Given what level of access they have and the things they were discussing when I left, if you have a CyanogenOS phone and can disable updates on it, do so.
Click to expand...
Click to collapse
Taken from Reddit
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Pixelxluser said:
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Click to expand...
Click to collapse
What's the vulnerability?
Plain and simple the software needs removed.. doesn't that apply to the devs policy's which they agreed to here on xda not to publish anything which may be a threat to someone... So you know what should of happened is the devs should of removed the software right away. That never happened so I've lost all faith in theses devs and publishers of official software threads...
I ignore all posts where the word "of" is used instead of the correct "have" or at least the contraction ending in 've that sounds like of.
...should of happened
sliding_billy said:
I ignore all posts where the word "of" is used instead of the correct "have" or at least the contraction ending in 've that sounds like of.
...should of happened
Click to expand...
Click to collapse
I ignore all posts that don't make sense like the OP's and this thread.
Pixelxluser said:
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Click to expand...
Click to collapse
First, there are no Oreo roms. Secondly, the devs who support our phones for free owe you nothing. Lastly, you need more than 12 posts to be taken seriously about anything around here. And, you can never post enough to attain the right to throw around accusations about the devs who, again, support our phone for free.
Pixelxluser said:
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Click to expand...
Click to collapse
Tell us how you really feel!
Windows people ?
Sent from my Pixel using XDA-Developers Legacy app
Pixelxluser said:
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Click to expand...
Click to collapse
If this is the case all root and bootloader exploits need removing also.
Any bootloader exploits or method of rooting without and unlocked bootloader is a SIGNIFICANTLY large security risk.
Sent from my Pixel using Tapatalk
Are we going to remove ALL the old ROMs from XDA? SHEESH.
In before the lock.
One thing I've found out over the years with hacking Android you eventually get tired of doing just hacking so you move onto security... Well that's the case with me anyways. Getting rid of vuneralable software is actually a good thing...
There's a reason why malware is successful with Android, and it's one that still hasn't been addressed: most phones are using old software and haven't been patched against it.
Google does a lot of work to make Android secure and keep it that way. It pays people to find security exploits, works with hardware vendors like Qualcomm or NVIDIA to fix them if needed, then writes a patch that can be injected into the existing version with no fuss. If you have a Pixel or Nexus or BlackBerry product, you'll then get these patches. If you have any other phone you roll the dice and hope the people who made it care enough.
Pixelxluser said:
One thing I've found out over the years with hacking Android you eventually get tired of doing just hacking so you move onto security... Well that's the case with me anyways. Getting rid of vuneralable software is actually a good thing...
There's a reason why malware is successful with Android, and it's one that still hasn't been addressed: most phones are using old software and haven't been patched against it.
Google does a lot of work to make Android secure and keep it that way. It pays people to find security exploits, works with hardware vendors like Qualcomm or NVIDIA to fix them if needed, then writes a patch that can be injected into the existing version with no fuss. If you have a Pixel or Nexus or BlackBerry product, you'll then get these patches. If you have any other phone you roll the dice and hope the people who made it care enough.
Click to expand...
Click to collapse
Nobody hacks individual phones. They hack companies and clouds.
****! Hey, can y'all hold it for just a moment? Need to run to the store real quick. I'm out of popcorn.
Seriously, though, just simply rooting your phone is a security risk. Also, from what i've seen, the majority of ROM users are smart about what they download. It's the general public that downloads mischevious apps that spread viruses. And as someone else mentioned, the malware and viruses don't target one person's phone. They are free floating and latch onto whatever moron downloads it. Your phone is not exactly the best place to download all your porn
But seriously, there are exploits with every security patch...it's the reason we get them every month, lol. Android is great and I love it but the OS itself is full of holes that malware developers consistently take advantage of.
Couldnt say this better myself..
Security is engineered into everything we do
Our goal is to make Android the safest computing platform in the world. That's why we invest in technologies and services that strengthen the security of devices, applications, and the global ecosystem.
It's also one reason Android is open source. Being open allows us to tap into a global network of security talent full of innovative ideas that help make Android safer every day. Security experts around the world can review our code, develop and deploy new security technology, and contribute to Android’s protections.
As the Android ecosystem evolves, we continue to invest in leading-edge security ideas. And we want to share our knowledge openly with you. Explore below to learn about the latest technologies and information that help secure Android.
Adrian Ludwig
Director of Android Security
Pixelxluser said:
Now it's clear there's a security problem with the official build of Oreo before Sept builds.. now all the Oreo roms and official roms have this vuneralablity... If you're gonna continue to publish them without replacing them with the sept security patch you may as well put a damn virus in you're roms cause that's basically what you're doing...
Click to expand...
Click to collapse
With some custom ROMs whether or not the have the Sept security patch is probably the least of your problems, if security is a concern of yours... you should be more concerned with things like;
- what keys are they using to sign their ROM (Apks included). Did they generate their own private signing keys and platform keys, or did they just use a devkeys or keys provided in the SDK?
- what changes have they made to aosp sources or not integrate (or revert) that could reduce security?
- have they messed with android's security or permissions model?
- have they included legacy code (like forward porting), that may have been dropped in the first place do to being insecure (legacy mediaserver without seccomp integration).
- have they modified selinux policies in ways that potentially could open up attack vectors.
- does the ROM have odexing enabled? The fact is, odexing while useful for booting/loading programs faster, also has the side benefit of making an apk harder to tamper with...
- have any changes that have been made been audited, or verified for correctness?
...and the list goes on. You are worried about a monthly security patch, with a handful or two of fixes for CVEs, yet make no mention of far bigger concerns that may be present in XYZ custom ROM.
Just saying.
contribute to Android’s protections. Is one thing which is lacking from what I see... I hope you understand that there are underaged people who don't know any better about what's best for them and come running off to try to be the cool kids by rooting or adding unsecured software on their phones.. rooting is so crazy to do now a days you're all really going to the extremes by bypassing security features just so you can have root... That's not the message the younger generation should be taught... They should be taught the importance of how security works not 50 ways to bypass it... There's not a feature out there which Google wouldn't consider adding officially but also Google doesn't go off and use unofficial code to pull features from it would look bad for their business..
And as long as there's a community of underaged people who do go off and root and install unsecured software you might wanna lead by example and provide them with the best security you can... A child with unsecured software is scary that someone would open up security holes for them to be a possible victim and the best you're actually willing to do is try to remove yourself from the responsibility of being responsible for it by saying if you install our software you are responsible for any damages. You can't just publish something then go out and say you take no responsibility when by law you're still responsible for any damages cause you never legally got you're software that way...
Since you're the ones distributing the software you're liable for damages if there was a defect in you're product which was distributed.. security flaws and security bypasses count as defects in a product..
Distributorship and Liability
Even though the distributor is not responsible for manufacturing a product, it can be held liable in the event of defects. Under strict product liability laws, the seller, distributor, and manufacturer of a defective product can be held liable if a person is injured due to the defect. Though manufacturers are typically most responsible since they created the product, the liability can also fall to those that distribute or sell the defective items.
This liability law prevents the plaintiff from the need to prove the chain of supply. In order for any entity in the line of distribution to prove it has no fault, it would need to show which entity is actually responsible for the defect
I suggest you stick with Windows dude
The only thing your posts are good for is making people spit their coffee with humour, and embarrassing yourself.
Sent from my Pixel using XDA-Developers Legacy app