OnePlus just published a recap of its second "Open Ears Forum" from all the way back in May. At the event, it gathered a handful of developers and fans central to the OnePlus community to solicit their feedback. Four months later, the company has revealed a set of changes influenced by that feedback, including more timely kernel sources for Open Betas and a new bounty program for reporting vulnerabilities. Most importantly for customers, though, OnePlus has promised to finally fix how aggressive its software is at killing apps in the background. Read More
Back in October, Google announced a rewards program that would give financial incentives for "down-to-earth, proactive improvements" to security across third-party open-source projects that Google deems "vital to the health of the entire Internet."
Starting with core infrastructure services, Chrome foundations and other "high impact libraries," Google vowed to expand the program soon. Today, in an entry to the official security blog, Google announced that the program has been expanded in scope to include open-source bits of Android, found in AOSP, and several other projects.
We started with a fairly conservative scope, but said we would expand the program soon. Today, we are adding the following to the list of projects that are eligible for rewards:
- All the open-source components of Android: Android Open Source Project
- Widely used web servers: Apache httpd, lighttpd, nginx
- Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot
- Virtual private networking: OpenVPN
- Network time: University of Delaware NTPD
- Additional core libraries: Mozilla NSS, libxml2
- Toolchain security improvements for GCC, binutils, and llvm
According to the patch rewards guidelines, rewards can range from $500 to $3,133.70, with higher rewards going to solutions with unusually high impact or solutions to exceedingly complex issues. Read More
Winning a $450 bounty and the hearts of Droid RAZR/MAXX users, Dan Rosenberg has found a successful root method for the phone's 4.1 JellyBean OTA, which began rolling out last Christmas Eve.
Some readers are likely familiar with Mr. Rosenberg's work, as he's rooted everything in sight from the Droid RAZR/MAXX HD to the RAZR M, all the way back to the LG Spectrum. As a security researcher, he's even given (and published) a helpful presentation on rooting and modding for the security conscious.
Not only can Droid RAZR/MAXX owners now root their Jelly Bean powered handsets, they can do it with ease – the process is as simple as connecting the phone and running a .bat file. Read More
Update: You can download a batch script to root your DROID 4 now (you'll need to have USB debugging and Unknown Sources enabled in the Application settings menu). Find the file on this page, and if you can spare it, take the time to donate to Dan Rosenberg for finding the exploit. All proceeds will go directly to charity, in this case, the American Red Cross.
Widely known and respected security researcher Dan Rosenberg has evidently uncovered a root method for the Droid 4, in addition to a universal Motorola root method. Though the Droid 4's root access was discovered less than a day after its release, both exploits are being withheld until a $500 bounty is raised. Read More
It looks like the HP Touchpad isn't the only tablet to have a bounty placed on its head - Kindle Fire Forum is now offering a substantial reward to the first person who's able to provide a reliable, reversible root method, or either a Honeycomb or Ice Cream Sandwich port for Amazon's Android tablet.
The forum is offering a prize of $200 for a root method, and a whopping $800 for a "Basic" Honeycomb or ICS port. The original post outlines the goals like so:
Reliable Reversable Root Method - This one is self explanatory.
Basic Android Port – The stock Android home screen and apps boot.