So you might have heard about the Stagefright vulnerability that was published yesterday. While there's no evidence of a widely-used hack, the potential for malicious MMS attacks via Android's built-in media handling system (which could theoretically affect the majority of Android devices currently in operation) is certainly cause for concern. As reported on our original post, Google has known about the vulnerability since April and has been working on patches to fix the problem.
In a blog post published today by the researchers at Zimperium Mobile Security, the group divulged an extremely widespread security vulnerability that can be exploited with nothing more than a targeted MMS message. The hole exists in the part of the Android operating system called Stagefright, which handles the processing of certain types of multimedia.
How it works
If targeted, the hypothetical hacker needs only to send an MMS message, which in many cases doesn't even need to be read before the attacker gains access to the victim's microphone and camera.
Nextbit hasn't been in the news much since its public debut last year, but that's mostly because its services are geared toward OEMs. The last we heard from Nextbit, its Baton multi-device app sync service was entering the testing phase on CyanogenMod. That was last year, but now the company is taking on a new challenge—hardware. Nextbit plans to launch a phone.
The OnePlus One is no stranger to touchscreen issues. Problems with inaccurate taps have been affecting some users almost since the initial release a year ago - the company has issuednolessthansevendifferent"fixes" for the problem across CyanogenMod S and Oxygen OS. The latest problem is easily the most glaring, and it's been documented by our own fearless leader Artem Russakovskii. Basically, the entire touchscreen seems to be shutting off randomly.
Artem isn't the only one experiencing this: his wife had the same issue shortly beforehand on her own OnePlus One. If you're wondering, he's running firmware version YNG1TAS2I3, and he had been using the phone outside (but not in any particularly intense heat) before seeing the problem crop up.
While the experience isn't felt across the board, many OnePlus One owners have been plagued by touchscreen issues since making the decision to never settle. As a result, the company has pushed out update after update aimed at alleviating an issue that seems to have a tendency to resurface.
Now it has released another one, OxygenOS version 1.01. A link to download the firmware is available directly inside the announcement. The forum post doesn't contain a changelog, but it does mention "a patch for the touchscreen issue."
There's also a tool available for folks who have not yet installed OxygenOS that should let them flash the latest version directly from CyanogenMod 11 or 12 without data loss.
Despite the continuing tense relationship between Cyanogen and OnePlus, the former seems to be making new partnerships all the time, particularly with low-cost phone suppliers in emerging markets. The latest to run the company's custom build of Android is a carrier phone from Indonesian company Smartfren, the Andromax Q. Despite having a name that sounds like some kind of multi-gendered Replicant, it will be Indonesia's first phone running Cyanogen "OS."
The specs on the Andromax Q are decidedly low-end - here in the states it would probably cost $100-150 off-contract, and it will sell for 1.3 million Rupiah (about $97 USD) from Smartfren.
OnePlus' breakup with Cyanogen Inc. was neither amicable nor expected, which seems to have left OnePlus in a bit of a bind. The company has managed to get its Lollipop-based OxygenOS ROM out the door for OnePlus One owners, but those hoping for a quick update to Android 5.1 will be disappointed. That's not happening until after the OnePlus 2 is released. The new Cyanogen OS is coming soon, though.
Google's initiative to put privacy and security back into the hands of users through a revised permission system has received generally positive responses. It's no secret that this approach closely matches the way iOS prompts users for access to things like the contacts or location. Aside from the possibility that permission requests could become annoying with too much frequency, this has proven to be a pretty effective approach. However, since the announcement, one sticking point seems to have emerged around access to the Internet. As it turns out, users will never be asked to grant access to the outside world, and it's not even possible to revoke it, even if they wanted to.