A few weeks ago the "Master Key" APK verification vulnerability rocked the Android security landscape... then immediately stopped rocking it, once Google revealed that they had patched the vulnerability months ago. Still, that's little comfort to users who aren't on a brand-new 4.2 phone (or, you know, a Nexus device that gets real updates). CyanogenMod has responded by patching all of its official ROMs (twice), and now noted security firm Duo has teamed up with Northeastern University's SecLab to do the same for all Android rooted users, regardless of their device.
Hot on the heels of Bluebox's disclosure of the "Master Key" exploit, a Chinese blog has posted details of a similar vulnerability. This attack also sidesteps a bug in the signature verification step and allows seemingly innocent APKs to include a potentially dangerous payload; and like its brethren, Google has already patched the flaw and posted it to the Android Open Source Project (AOSP). The information comes to us from a China-based group (or possibly individual) calling itself the Android Security Squad.
In a turn of events that no one could have predicted, Google introduced, in partnership with HTC and Samsung, two versions of highly anticipated and desirable phones that are stripped of their manufacturer skins entirely and are devoted purely to stock Android. Equally unpredictably, this created a chasm in the Android community as the Nexus Warriors took up arms against the mudblood HTC One and Galaxy S4.
There were no survivors.
I've taken a less conventional path into the world of Android. I owned a Honeycomb tablet long before I finally got my hands on my first smartphone, and before that, my first Android device was a Nook Color (I booted CyanogenMod from a microSD card, so it was legit). It is due to this background that I am sad to see Barnes & Noble end in-house development of its Nook line of tablets.
Have you ever refused to install an app because it wants too many permissions? Yeah, a lot of people have, and we don't blame them. A little too much trust can lead to stolen information, mysterious charges on your cellular bill, or worse. Thanks to developer M66B, we've got a simple way to lock down potentially misbehaving software. His new mod, XPrivacy, can block several types of activities and queries, despite the permissions granted at installation.
This is the app roundup. The game roundup from this week can be found here.
If an official AOSP build and CyanogenMod support have got you hot and bothered to try out Sony's latest entry into the tablet world, there's good news. The Xperia Tablet Z is now officially available through Sony's partner channels worldwide, according to a press release issued this morning. This much-anticipated 1080p tablet is the larger brother to the Xperia Z smartphone, in both design and hardware terms. Sony's US store still shows a pre-order doesn't list any retailers, but Amazon shows the 16GB and 32GB models at $499 and $599, respectively, arriving on Friday the 24th.
It was only yesterday that Cyanogen definitively confirmed AT&T's treacherous move to lock down the Galaxy S4's bootloader, but there is light at the end of that tunnel. No thanks to AT&T but to security researcher extraordinaire and a person I admire Dan Rosenberg, a.k.a. the magician, a.k.a. the root whisperer.
Dan, who is responsible for numerous root and unlock exploits, tweeted this photo of his Galaxy S4 earlier today:
There are no instructions or blog posts explaining the unlock at Dan's blog yet - these should be coming in the future.
After some teasing, Paranoid Android has unveiled (in a lovely promo image) their plan for multi-window functionality on Android, which they promise to "get right," – Halo.
The premise is simple, yet extremely ambitious in scope – allow apps to give you notifications right on top of your screen, which allow you to pop into that app without leaving the one you're in (no matter what it is), take care of business, and resume your experience uninterrupted.