Related
OK, I did search for this before I posted so I hope I don't get anybody mad for starting a new thread if this has been covered.
Regarding security threats and android phones. I did see the thread about a malware program out of Russia affecting android phones (installed via a movie program?). But in general, security issues do not seem to be a big issue.
The other threads I've found seem to have conflicting opinions.
So my question(s) is, how much do you all worry about security issues? Does anybody use Lookout (free mobile security app)? I did see that it has high ratings on the market, but I put more stock in what this community has for opinions than the market users.
Again, if this has been covered to death and I missed it, I apologize.
I do have concerns over security and therefore really don't install many apps. Since I have had an android phone, my gmail account has been compromised once, allowing spam to be sent from my gmail account and also spam to be placed on my Blogger site. While I cannot be certain it was something on my phone that allowed this, I rarely use my computer to access any of my Google apps. I also had never had issues with any email or other accounts being compromised for as long as I've had a computer. I also rarely get spam. So while I can't be certain, the fact it showed my account being logged into by a mobile device in Malaysia makes me very suspicious.
Sent from my HERO200 using XDA App
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
I haven't tried it in the past, as I'm skeptical too. I went ahead and installed it though after my post just to see. It is now being installed by some of the carriers by default apparently and I guess has won some awards, so hopefully it's been poked at a bit by people to where it itself isn't a large threat. Figure if it doesn't impact performance a lot there can't be any harm in trying it. Now, as for how effective it really is, I'd imagine that's something many people will never know.
Sent from my HERO200 using XDA App
Again, thanks for your input.
Performance impact is basically what I was worried about. I actually installed it the other day but when I realized it was on ALL the time, I uninstalled it before really giving it a chance.
I guess it's worth a shot. I'll install it again tonight and run a couple before and after quadrant benchmarks to see how much of an impact.
If I don't get anybody else posting here, I'll still post my experience in a couple/few days, so if you're interested, check back later in the week.
Thanks dpeeps, have a good one.
Paranoid much?
Sent from my HERO200 using XDA App
Eric_1966_FXE said:
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
Click to expand...
Click to collapse
seriously? lookout is featured in a Droid commercial for verizon. (i think its verizon anyhow)
i use it, i really haven't noticed any effect on the performance.
Vandelay007 said:
Paranoid much?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Not paranoid .... just cautious.
There is so much good information on this site that when I search for something that sounds too good (for free), and I can't find anything, yes, I'm going to "err on the side of caution".
ngholson, thanks for the input.
Eric_1966_FXE said:
ngholson, thanks for the input.
Click to expand...
Click to collapse
you are welcome. i use it mostly for the lost feature. if i lose it i can activate the gps and locate it that way, and i can also make it scream (caution this is really loud, and the only way to stop it is a battery pull) if it is somewhere close to me. it is very effective.
EDIT: they changed the scream feature, now it will scream for 1 minute and you can stop it by turning the volume down on the phone.
Samsung USA has tweeted the Market availability of GPSSamsungRestore, a GPS optimization app. Tweets have indicated that it is for the Vibrant and Captivate:
http://twitter.com/samsungtweets
maybe , some one using AT&T can help and upload the apk maybe ?
Hmmmm... I assume that it is only on the market in the USA because I searched for it under the names GPSSamsungRestore, GPS Samsung Restore, GPS Restore, etc. and I cannot find it on the market here in Canada.
I am assuming that us poor Canadians will not see this app anytime soon but I have posted a question on the Samsung Mobile Canada facebook page and I will see if they answer it. I doubt it though cause they NEVER answer ANYTHING!!!
Sure would be nice if this is the "fix" weve been waiting for...
The apk is posted in the vibrant general forum, 1st post
Sent from my GT-I9000 using Tapatalk
Someone tried on Galaxy S ?
yubnub said:
The apk is posted in the vibrant general forum, 1st post
Sent from my GT-I9000 using Tapatalk
Click to expand...
Click to collapse
From that post, it says the app only restore the gps settings back to default...
sufox said:
Someone tried on Galaxy S ?
Click to expand...
Click to collapse
Yup, gives an error saying it wont work with the i9000 model
brendonsled said:
Yup, gives an error saying it wont work with the i9000 model
Click to expand...
Click to collapse
You can change the .apk to .rar and extract the content.
If you can provide the .apk we could take a look into it
Edit: it was posted here:
http://forum.xda-developers.com/attachment.php?attachmentid=453181&d=1291153281
I'm gonna take a look tomorow but if someone else want to take a look, might be interessting!
t1mman said:
You can change the .apk to .rar and extract the content.
If you can provide the .apk we could take a look into it
Edit: it was posted here:
http://forum.xda-developers.com/attachment.php?attachmentid=453181&d=1291153281
I'm gonna take a look tomorow but if someone else want to take a look, might be interessting!
Click to expand...
Click to collapse
How would you modify the contents without the developers key?
I understand you can open the APK, but I thought that was only to remove/replace images
EDIT:
with some digging, i found the settings it replaces
#Generated by GpsLocationProvider.
#Tue Nov 16 04:14:48 EST 2010
SSL_TYPE=0
SSL=0
OPERATION_TEST_MODE=0
POSITION_MODE=7
ACCURACY=50
SESSION_TYPE=2
ENABLE_NMEA=false
SERVER_MODE=0
START_MODE=WARM
GPS_LOGGING=0
DYNAMIC_ACCURACY=1
AGPS_MODE=0
ADDRESS_MODE=1
OPERATION_MODE=MS BASED
USE_DEFAULT=true
DYNAMIC_ACCURACY_VALUE=50
SUPL_PORT=7275
ENABLE_XTRA=true
TIMEOUT=1000
NUM_OF_FIX=999999999
SUPL_HOST=lbs.geo.t-mobile.com
TIME_BTW_FIX=1
As you see this is for t-mobile,
you may need to replace a couple values to get it working on your carrier
hosnestly no need to install this ;
# Does the application contain new values for GPS?
* No. The application only resets settings to factory defaults and then writes data in setting file.
youhou ...
I'm going to chime in as one of those "my GPS has been working fine". Only been using Froyo for the last week so I don't know if it will get worse. However, so far it's been good.
Does anybody have the apk. for the captivate? Cant download it from the market
nicoloco said:
hosnestly no need to install this ;
# Does the application contain new values for GPS?
* No. The application only resets settings to factory defaults and then writes data in setting file.
youhou ...
Click to expand...
Click to collapse
Right so I think what this app is for is to reset the gps so it works and then as time passes and it gets bad again you run the app again to start from scratch so it works again... Lather, rinse, repeat...
Im just guessing here and its not the greatest solution but if thats how it works it would be better than nothing...
Sent from my GT-I9000M using XDA App
yiannisthegreek said:
Right so I think what this app is for is to reset the gps so it works
Click to expand...
Click to collapse
I think the app is for reset the settings to factory setting after aplying all the "fixes" we can read on the forums and doesn't do anything.
I doubt GPS can be fixed as Samsung is showing every day
Oletros said:
I think the app is for reset the settings to factory setting after aplying all the "fixes" we can read on the forums and doesn't do anything.
I doubt GPS can be fixed as Samsung is showing every day
Click to expand...
Click to collapse
Exactly. Samsung have probably been receiving complaints by many people who are gps "experts", so they wanted to provide support with an easy approach for dealing with them.
I wouldn't expect new drivers are anything like that, I'd simply expect it to reset the GPS setting file.
Auzy said:
Exactly. Samsung have probably been receiving complaints by many people who are gps "experts", so they wanted to provide support with an easy approach for dealing with them.
I wouldn't expect new drivers are anything like that, I'd simply expect it to reset the GPS setting file.
Click to expand...
Click to collapse
Is Samsung was receiving complaints from GPS "experts" then dont you think that these "experts" would have already stated "definitively" that the GPS cannot be fixed?
And if Samsung had been dealing with GPS "experts" then why would they release a software that would IMMEDIATELY be squashed by these same GPS "experts"?
I would like to think that Samsung may be finally listening to us all complaining and that this could even be just step 1 in the right direction to a useable GPS on this device. Wishful thinking I know but I sure hope so...
yiannisthegreek said:
Is Samsung was receiving complaints from GPS "experts" then dont you think that these "experts" would have already stated "definitively" that the GPS cannot be fixed?
And if Samsung had been dealing with GPS "experts" then why would they release a software that would IMMEDIATELY be squashed by these same GPS "experts"?
I would like to think that Samsung may be finally listening to us all complaining and that this could even be just step 1 in the right direction to a useable GPS on this device. Wishful thinking I know but I sure hope so...
Click to expand...
Click to collapse
I think that "experts" is a sarcastic way of talking about all the thread playing with setting that doesn't nothing but changing configurations at random and only A-GPS settings.
Hello, I've found a few threads around these forums discussing malware in Roms, and I was wondering if G2 users have had any bad experiences?
I've been playing around with a few of the ICS roms the last week, and out of nowhere my FB password was compromised and I have no idea how. Is there any security software I should be looking at installing? Is this a common thing to happen, or should I just chalk it up as coincidence?
if you download random APK's on the internet outside of XDA then you're more likely to find some malicious code. So always remember to check discussions or people commenting on the software for your best bet to stay clean. Most of the stuff on XDA should not have malware, atleast not intentionally. If you suspect anything immediately, you should probably post it in the correct thread you got it from to get input from other users.
Although, regarding your FB getting compromised, it might not be limited to your apps, I've gotten it compromised before highly suspecting that was from using public wifi.
Do the antivirus softwares from the market work?
Sent from my MSM using XDA App
e183348 said:
Do the antivirus softwares from the market work?
Sent from my MSM using XDA App
Click to expand...
Click to collapse
They're just snaike oil.
Rantanplan1980 said:
They're just snaike oil.
Click to expand...
Click to collapse
I use Lookout for the GPS tracking capability, but they are useless if you have half a brain. Don't download "Pretty Sexy Girls!?!" from obscure chinese developer in the market and you'll be fine. Trusted apps from trusted devs.
Well that's nice, I was watching a youtube video and android system media crashed, figured it didn't mater since stagefright had been patched. I was wrong, seconds later apps began installing themselves on my phone, I didn't get any notification other then when the shortcuts were created. They were appearing so fast they some didn't even show up in my draw, they just were added to my home screen.
I'm on the latest version, and just this morning my phone was wiped. I got the message "deleting", but it looked like it was because someone kept trying passwords.
Mu number was transferred over from T-Mobile, only unusual thing. (but that was months ago)
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
autoprime said:
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
Click to expand...
Click to collapse
Well that's disappointing
autoprime said:
It's not fully patched... was only patched against the first known set of vulnerabilities.
https://blog.zimperium.com/zimperiu...me-new-vulnerability-processing-mp3mp4-media/
I'd assume there will be even more in the weeks and months to come. And as for making use of the exploit... I assume everything can be fully automated... and fairly easy to generate phone numbers and scan thru millions... so probably won't matter what carrier you're on etc etc.
Click to expand...
Click to collapse
Just ran the stage fright detector, I'm vulnerable to eveything but 3828. My OnePlus one is way older and isn't. °-°
Aaahh said:
Just ran the stage fright detector, I'm vulnerable to eveything but 3828. My OnePlus one is way older and isn't. °-°
Click to expand...
Click to collapse
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's possibly the most effective remote attack to date.
Frightening isn't it?
autoprime said:
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's probably the most effective remote attack to date.
Frightening isn't it?
Click to expand...
Click to collapse
Its frightening to know where it's being exploited, so much for privacy. That being said, how were the apps installed?
Assuming I was owned by an old hack
The first bug 1538 doesn't give you access to everything, just camera, mic and things.
Or am I wrong to assume that, and you actually more access with it?
Aaahh said:
Its frightening to know where it's being exploited, so much for privacy. That being said, how were the apps installed?
Assuming I was owned by an old hack
The first bug 1538 doesn't give you access to everything, just camera, mic and things.
Or am I wrong to assume that, and you actually more access with it?
Click to expand...
Click to collapse
not fully up on the chain of attacks possible with it to be honest... but pretty sure some of them can manage to get root... or at least system access... and from there you can do all sorts of things.
If I have to take a wild guess (and that's all this is)... I could imagine using a remote attack and gaining system/root access then downloading a compressed file containing a set of apps/scripts it wanted to install/run.. unzip.. install.. and does whatever it needs to. Kinda odd they weren't very stealth about it.. letting you see apps being installed on the homescreen.
Curious... what sort of apps were installed? And were they installed in data or in system?
autoprime said:
not fully up on the chain of attacks possible with it to be honest... but pretty sure some of them can manage to get root... or at least system access... and from there you can do all sorts of things.
If I have to take a wild guess (and that's all this is)... I could imagine using a remote attack and gaining system/root access then downloading a compressed file containing a set of apps/scripts it wanted to install/run.. unzip.. install.. and does whatever it needs to. Kinda odd they weren't very stealth about it.. letting you see apps being installed on the homescreen.
Curious... what sort of apps were installed? And were they installed in data or in system?
Click to expand...
Click to collapse
That's why I wasn't as frightened at first
They were stupid apps like knights of hearts and go90(what's this?) And rhysop something
Data
Aaahh said:
That's why I wasn't as frightened at first
They were stupid apps like knights of hearts and go90(what's this?) And rhysop something
Data
Click to expand...
Click to collapse
hmm go90 is a new verizon app coming out today. so maybe it was verizon pushing that. not sure on others.
https://www.go90app.com/
http://www.usatoday.com/story/tech/2015/10/01/verizon-launches-go90-mobile-video-service/73138654/
autoprime said:
hmm go90 is a new verizon app coming out today. so maybe it was verizon pushing that. not sure on others.
https://www.go90app.com/
http://www.usatoday.com/story/tech/2015/10/01/verizon-launches-go90-mobile-video-service/73138654/
Click to expand...
Click to collapse
I knew it sounded familiar, but I can't justify the other apps. II know g4 comes with games but not that rpshuo music player
The go90 didn't have a shortcut, too bad I erased it.
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
No?
I read this morning that T-mobile USA has been hacked and the hackers got data since Sept. 2013 lol.
Looks like they got some german IT specialists.
http://www.t-mobile.com/landing/experian-data-breach.html?icid=WOR_NA_CLRSKY_GP21HHC35JV3079
In the midst of an attack, what's the quickest way to stop it (airplane mode?) then a factory reset?
Sent from my LGLS991 using Tapatalk
Cozmos23 said:
No?
I read this morning that T-mobile USA has been hacked and the hackers got data since Sept. 2013 lol.
Looks like they got some german IT specialists.
http://www.t-mobile.com/landing/experian-data-breach.html?icid=WOR_NA_CLRSKY_GP21HHC35JV3079
Click to expand...
Click to collapse
This is completely unrelated to stagefright. The Tmobile hack is actually an attack on Experian..
bitbitbit said:
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
Click to expand...
Click to collapse
Anyone want to answer this question ?
---------- Post added at 09:01 AM ---------- Previous post was at 08:49 AM ----------
autoprime said:
the stagefright detector only detects what is patched so far as well... the link I posted mentions newer exploits not yet assigned CVE's and still no patch... and until patch is available from Google they won't have a fully up-to-date detector.
So even if OPO isn't vuln to what's currently being scanned.. it still may be open to others not yet able to be detected.
Of course that doesn't excuse Verizon from not keeping up to date on patches either. Many G4's have had recent OTA's to patch everything "known to date" (but will still require a new patch for the most recent findings)... I guess it's just Verizon being slow on updates as usual.
Stagefright framework seems to be like swiss cheese when it comes to remote attacks... thankfully companies like zimperium are on the case. But if I were a criminal enterprise.. I'd be focusing all my work on finding new remote attacks against the framework... it's possibly the most effective remote attack to date.
Frightening isn't it?
Click to expand...
Click to collapse
The main vector is still "specially crafted MP3 or MP4 files can lead to arbitrary code execution".
That was known back in April. So if you can prevent such files ending up on your device then there is no problem.
The way to do that AFAIK is disabling auto retrieve of MMS.
Sorry to hear man. Did it wipe SD card data too?
Sent From My LG G4
Nevermind, I got the answer.
bitbitbit said:
Anyone knows if turning off auto retrieve MMS is enough to protect my phone against the new stagefright hacks?
Click to expand...
Click to collapse
I dont think so, an attacker could lead you to a website containing specially crafted media files...
For more information on the stagefright vulnerability and the (un)likelyhood of getting hacked I found this article on Android Central:
http://www.androidcentral.com/stagefright
Reading through that, OP, it seems possible you could have picked up a virus somewhere that started downloading all that software. Have you ever downloaded or clicked on a link other than a trusted site?
FadeFx said:
I dont think so, an attacker could lead you to a website containing specially crafted media files...
Click to expand...
Click to collapse
Would it make a difference if I don't click on play? I guess I can't always tell if a media file has been tampered with, but at least if not playing the file can help, I can avoid doing that on sketchy websites.
Did anyone see what this actually does? Does this unlock the bootloader? Just wondering.
Verizon probably forgot to remove it. I doubt it does anything
android.wonderhowto.com/inspiration/why-you-should-enable-oem-unlocking-android-even-if-you-dont-plan-rooting-0167840
Found this link that provides some details. I was curious too!
Yeah I saw that too, wondering if anyone could try anything with it??
giusemc said:
Yeah I saw that too, wondering if anyone could try anything with it??
Click to expand...
Click to collapse
no you can't do anything else. Also i know that your provider can tell if you have this option enabled because i was trying to get support for intermittent wifi and they asked me why i had it enabled.
jackscagnetti said:
no you can't do anything else. Also i know that your provider can tell if you have this option enabled because i was trying to get support for intermittent wifi and they asked me why i had it enabled.
Click to expand...
Click to collapse
Wow... sneaky bastards!
All phones on Marshmallow have this option by default even if it does nothing. It's a feature that Google is using for phones with unlockable bootloaders for increased security and it just happened to make its way here and on multiple other phones that don't allow unlocking.
Sent from my SM-G935V using Tapatalk
You can enable the toggle, if it makes you feel better! :laugh:
NetworkingPro said:
You can enable the toggle, if it makes you feel better! :laugh:
Click to expand...
Click to collapse
It's like the dummy thermostat put on the wall behind the counter at banks.
Tellers are some of the fussiest folks when it comes to temperatures.
The HVAC management company never allows them to change settings.
So to stop complaints, they put a dummy thermostat up.
And it gets adjusted many times during the day.
And they feel better about it.
:laugh:
cpufrost said:
It's like the dummy thermostat put on the wall behind the counter at banks.
Tellers are some of the fussiest folks when it comes to temperatures.
The HVAC management company never allows them to change settings.
So to stop complaints, they put a dummy thermostat up.
And it gets adjusted many times during the day.
And they feel better about it.
:laugh:
Click to expand...
Click to collapse
Really? That's pretty funny.
http://forum.xda-developers.com/verizon-s7-edge/help/frp-oh-t3410575
Had he had this option selected, that wouldn't have happened.
Oh god no wonder why cyanogenmod is dead and xda is dying with all the false knowledge on these forums. These guys are the type of people who call their check engine light a idiot light. Then wonder why they broke down in traffic. No
Seems Nobody knows what ONE Unlock is for.
Hey guys the unlock toggle what it does is when you enable it and you do a factory resett on your phone it makes it so there is no locking setup on your phone you do not have to verify through google or any pin that usrd to br established
Sent from my SM-N930V using XDA-Developers Legacy app