It seems that ever since the Heartbleed bug was published earlier this Spring, OpenSSL just hasn't been able to catch a break. Today, it was announced that seven additional vulnerabilities had been discovered affecting OpenSSL 0.9.8, 1.0.0, 1.0.1, and 1.0.2 (meaning all versions, basically).
Unless you blacked out all of the news from yesterday to avoid a deluge of stories about what has been happening in Cupertino, you probably caught wind that there's a brand new update to Android. Whether you're manually installing the latest OTA or going all out with the factory images, you might be interested to know what is actually different. Thanks to Al Sutton, we've got a brand new changelog compiled from the list of code commits submitted to the Android Open Source Project (AOSP).
This means you can remount /system as read-write, just as before, change build.prop, push APKs to /system/app, and do whatever you want without rebooting into recovery.
For now, you're safe. But probably not for long. And when the hammer drops, we'll have yet another reason to opt in for a custom ROM or kernel, because nobody can take our freedom, not even the mighty El Goog.
Following the release of full factory images for all supported Nexus devices, Google has begun pushing Android 4.4.3 to the Android Open Source Project (AOSP). The push is ongoing and should be complete within an hour or two.
The build numbers are KTU84M for the Nexus 5 and KTU84L for the rest of the Nexus devices. The AOSP branch is kitkat-mr2-release, with the tag most likely named android-4.4.3_r1 expected to arrive shortly.
The FreeXperia team of contributors help maintain CyanogenMod support for Xperia devices, and they've done such a great job that Sony has decided to hire one of the group's developers. Alin Jerpelea was one of FreeXperia's founders in 2010, and he is now the newest member of Sony's Developer Program. Having already built up a reputation for his work bringing the freshest CyanogenMod ROMs to Sony devices, he will now help the company with its open source initiatives.
Over the years, Google has been shoring up security on Android in a bid to make the operating system more attractive to governments and businesses, and to reduce the threat of malware for regular users. Unfortunately, these changes often come at the expense of flexibility in our beloved platform. As we close in on the next major release of Android, due to be announced next month, SuperSU developer Chainfire has discovered a set of commits to the Android Open Source Project (AOSP) that may seriously impact some of the functionality currently enjoyed by many root users.