iAndroidCentral

Researchers at North Carolina State University revealed some major findings regarding Android devices. Using a tool called “Woodpecker” that was developed the researchers, they found noteworthy vulnerabilities on HTC, Samsung and Motorola smartphones. The specific phones studied were the HTC Legend, EVO 4G, and Wildfire S; the Motorola Droid and Droid X; the Samsung Epic 4G; and the Google Nexus One and Nexus S. Woodpecker analyzed the pre-loaded pieces of software on each phone, probing for capacity leaks– sensitive application and operating system privileges left exposed to other applications in ways that would allow them to be accessed by a malicious app without requesting permission from the device user. The researchers were “surprised to find out these stock phone images [on the devices tested] do not properly enforce [Android's] permission-based security model”.

Basically the capacity leaks fell into two categories, explicit and implicit. Explicit leaks allows applications to exploit a public interface or service of another app without making a permission request. Implicit leaks allows other applications to inherit permissions from another application signed with the same digital certificate (this allows applications from the same developer to automatically interact with each other). They found that while implicit leaks were not as serious a problem, explicit leaks were. Sensitive information such as geo-location, address book, SMS messages, etc.– were leaked on the pre-installed apps. Moreover the researchers found “an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations—all without asking for any permission”. This study is definitely eye-opening, but not surprising as there are examples of some HTC phones and Motorola DROIDs being vulnerable.

So what do you as an Android owner take from this study? First pay close attention to the permissions that each and everyone of your applications of your smartphone or tablet may have. Remember gang, we have a nice little tip sheet for how to spot questionable applications and verify permissions in order to keep your Android protected. Second– Android manufacturers (and even Google) will need to take software security much more seriously. Hopefully the new generation of Android devices will alleviate our fears and concerns for these software holes found in the Android OS.

Syndicated from: North Carolina State University Uses “Woodpecker” To Peck Holes In Security Of Android Smartphones

Let's say you're trying to save money on messaging.

When getting a plan from Sprint, most HTC EVO users are going to choose the Everything Data option (for individual plans). This incorporates unlimited messaging and there really isn't a dance you can do to include voice and data only for an EVO on Sprint. But what if you have a rooted EVO running on a prepaid network? What if you have friends in international locations? What if you want to text from your EVO View 4G?

A free texting solution would be nice in these situations, and a fairly new app called JaxtrSMS may be right for you. There are other options out there, sure, but the competition has several issues.

JaxtrSMS works on Android, iOS, Blackberry, Symbian, and is coming to Windows Phone soon, which can't be said of all the alternatives. Other apps are cross-platform, but normally you all need the same app to text each other. And let's face it. Not everybody is going to have this app. Don't worry! JaxtrSMS sends the message as a text message to your friend if they don't have it installed, and it shows up as your phone number.

This means that your friends have no weird new numbers to save and don't even have to download the app. 

If you're looking for the catch, this is it: the app is free, but every message you send includes a 20+ character advertisement/spam that declares just how cheap you are. Another downer, which could easily be addressed in future versions, is that there is no group messaging options. 

If you don't like the message spam (and really, who does?), then you probably won't like the app and you should stick to paying an extra $10 bucks/month for messaging and using something else for your international friends and tablet.

However, both of these flaws aside, this is a great app and it is free! At the very least, JaxtrSMS is worth checking out.

Links: Market (EVO) | Market (web)

[AddictiveTips]

Syndicated from: JaxtrSMS lets you send text messages for free worldwide

Last week, we told you that a group of devs who call themselves Team Evil were working to crack the HTC EVO 3D's HBOOT 1.50 to give users a way to root the phone without HTC knowing about it (and being forced to void the warranty to remove CIQ).

It's been a fascinating to follow the development over the past few days, as exploits were fashioned, their servers were hacked, hospitals were visited, phones were donated, $10 was raised and refunded, and Monster energy drinks were consumed by the cartload, but a working S-OFF for locked EVO 3Ds with HBOOT 1.50 has still not been achieved.

In a post saying it was just taking too long, Team Evil has asked for any ideas, developer or n00b, to be brought to the table and discussed in a forum rather than emailed and tweeted constantly. While the input this forum may end up being useless in the end, it should still be interesting to see what ideas get bounced around.

[Team Evil's S-OFF Think Tank]

Syndicated from: Team Evil opens up discussion forum on HBOOT 1.50 S-OFF

I don't know about you, but I'm pretty sick of hearing about Carrier IQ every other day. But it seems that they've really dug themselves into a hole this time, and people are beginning to trust them less and less as it becomes more and more apparent that they might not be so honest and innocent as they most recently claimed.

This controversy has been going on for several months now (we first reported on it in August), and as recently as last week, security researcher and developer Trevor Eckhart was in some serious legal trouble for the claims he made against the company that creates this software in question. So Trevor has decided to fight back.

A recent article in The Register sums everything up quite nicely:

In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software.

Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the search giant's request that he share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query – again, “hello world” – even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to encrypt data sent between the device and the servers.

“We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,” the 25-year-old Eckhart says.

These findings are in direct opposition of Carrier IQ's most recent claims. In any case, you can watch Trevor's YouTube video above and read his complete write-up of his findings at the link below, and then make up your own mind. To be honest, though, things aren't looking too good for Carrier IQ.

Update #1: Forbes is reporting that Carrier IQ has likely violated wiretap laws in millions of cases, opening up the possibility for a class action lawsuit. (Thanks, Timmy!)

Update #2: The US Senate has launched an investigation into Carrier IQ, thanks to Senator Al Franken.

[Android Security Test] Thanks, anonymous!

Syndicated from: And the HTC EVO/Carrier IQ saga continues [Updated]

A couple weeks ago, HTC announced that the HTC EVO 3D would officially be getting Android 4.0, Ice Cream Sandwich, sometime in early 2012. And one of the new features of Ice Cream Sandwich that Google has been touting is its revamped keyboard, which improves on Gingerbread's auto-correction, multi-touch features, and more.

But why wait for ICS to officially get here, when you can get this new keyboard now? And who knows if HTC will even allow this keyboard to make the cut? (Chances are, HTC will implement their own version, similar to what they've done on all EVOs up to today.)

Lucky for us, developer johntami has pulled the apk for the keyboard directly from ICS, and made it available for download right now from the Android Market. Even non-rooted users can install this and get a taste of Ice Cream Sandwich today.

So be sure to check it out at the links below, and let us know how it's working out for you!

Links: Market (EVO) | Market (web)

Syndicated from: Get the latest ICS keyboard now on your HTC EVO

Google Maps has received quite a few nice updates in the past few months, bringing a slew of minor adjustments and enhancements. But this latest update is just too cool to gloss over. In honor of Google Maps's sixth birthday, Google just released version 6.0 yesterday for the HTC EVO and other Android devices, finally bringing the great indoors to your phone.

With this latest update, Google Maps has taken the initiative to actually map out many popular indoor locations, including shopping malls, retail stores, airports, and other public spaces. The floor plans, if available, will automatically appear when you view your location on a map and zoom in to building-level. Supposedly, the app will even tell you what floor you're on.

The update comes with a few other cool features, such as easier switching between features, and a new Places home screen. But, in my opinion, indoor maps trumps everything else. I'm just curious how well GPS will work in many of the places Google has mapped, but I'll have to wait and see since I haven't gotten a chance to try this out myself yet.

If you haven't already automatically received the update, just open Android Market and go to your installed apps – the update should be waiting for you.

[Google]

Syndicated from: Google Maps moves indoors and points you to the nearest bathroom

On your boring, unrooted HTC EVO 3D there are essentially no window animations. Most ROMs don't include custom window animations as well. If you don't believe me, go ahead and unlock your EVO 3D, go to the home screen, hit Menu, then hit the Back button. That little white box disappears with no snazz (for most ROMs). 

Thanks to some ROMs (Eternity comes to mind) and some devs, however, you can now spice these up. 

First up are some Ice Cream Sandwich transitions thanks to Bamba1260. There are flashable .zips for many popular ROMs and he says he's willing to make more for others. Meanwhile, another dev named thesparky007 has made some MetaMorph themes for other window animations that should work on all CDMA EVO 3D ROMs and may work for GSM ROMs as well. If you are new to MetaMorph themes, here's a good YouTube video to help you install them. 

Syndicated from: Get some cool window animations for your rooted HTC EVO 3D