It's no surprise that Google's latest update to our favorite operating system is in instant demand amongst power users and enthusiasts. Without fail, the people eagerly installing 4.3 are frequently the same ones who consider root privileges a necessity for a good Android experience. Unfortunately, it seems a wrench has been thrown into the works when it comes to exposing ultimate access, and people are experiencing more than a few hiccups because of it.
Following the announcement of Android 4.3, the new Nexus 7, and the Chromecast, Google just started pushing the Android 4.3 open source code to AOSP (Android Open Source Project) under the tag android-4.3_r2.1. The push began several minutes ago and is expected to complete within a few hours. Additionally, factory images are already available for the Nexus 4, 7, 10, and the Galaxy Nexus.
Update 11:04am: According to JBQ, the push is complete: "All the files have been replicated to the git servers.
Several hours ago, an Android 4.3 system dump was leaked for the Nexus 4. As it turns out, even though the bootloader and the radios weren't included, the system dump is totally bootable. I'm running it right now. If you want to try it out, it's easy to do so, but be prepared to have your bootloader unlocked and flash some zips via a custom recovery. If you don't know what any of this means, I suggest you get familiarized with Android flashing first.
A few weeks ago the "Master Key" APK verification vulnerability rocked the Android security landscape... then immediately stopped rocking it, once Google revealed that they had patched the vulnerability months ago. Still, that's little comfort to users who aren't on a brand-new 4.2 phone (or, you know, a Nexus device that gets real updates). CyanogenMod has responded by patching all of its official ROMs (twice), and now noted security firm Duo has teamed up with Northeastern University's SecLab to do the same for all Android rooted users, regardless of their device.
Hot on the heels of Bluebox's disclosure of the "Master Key" exploit, a Chinese blog has posted details of a similar vulnerability. This attack also sidesteps a bug in the signature verification step and allows seemingly innocent APKs to include a potentially dangerous payload; and like its brethren, Google has already patched the flaw and posted it to the Android Open Source Project (AOSP). The information comes to us from a China-based group (or possibly individual) calling itself the Android Security Squad.
In a turn of events that no one could have predicted, Google introduced, in partnership with HTC and Samsung, two versions of highly anticipated and desirable phones that are stripped of their manufacturer skins entirely and are devoted purely to stock Android. Equally unpredictably, this created a chasm in the Android community as the Nexus Warriors took up arms against the mudblood HTC One and Galaxy S4.
There were no survivors.
I've taken a less conventional path into the world of Android. I owned a Honeycomb tablet long before I finally got my hands on my first smartphone, and before that, my first Android device was a Nook Color (I booted CyanogenMod from a microSD card, so it was legit). It is due to this background that I am sad to see Barnes & Noble end in-house development of its Nook line of tablets.
Have you ever refused to install an app because it wants too many permissions? Yeah, a lot of people have, and we don't blame them. A little too much trust can lead to stolen information, mysterious charges on your cellular bill, or worse. Thanks to developer M66B, we've got a simple way to lock down potentially misbehaving software. His new mod, XPrivacy, can block several types of activities and queries, despite the permissions granted at installation.