Android Police

Articles Tagged:



[Update: Fix now available] ES File Explorer vulnerability leaves your files exposed to anyone on the same network

In the early days of Android, ES File Explorer was one of the better ways to manage your storage. That hasn't been true for a long time, though. Not only is the app rather cluttered and buggy, security researcher Elliot Alderson (@fs0c131y on Twitter) points out this app makes your files vulnerable to theft. All you have to do is open it once.

Read More

[Update: Google shares network security tips] Internet tricksters hijack Chromecasts to promote PewDiePie

The internet-connected devices in our homes can make life more enjoyable, but they can also provide an in for internet ne'er-do-wells. A pair of jokers has undertaken a campaign of Chromecast hacking ostensibly to warn people about their vulnerability. Although, they're also promoting PewDiePie for some reason.

Read More

Another T-Mobile website bug allowed anyone to access customer info using just a phone number

T-Mobile customers, your data has been put at risk by your carrier, once again. In what seems like copypasta at this point, a security researcher recently found a bug in a publicly discoverable subdomain on T-Mobile's website that gave anyone access to customer data using just a phone number. It's almost like T-Mobile wants to award those bug bounties.

Read More

T-Mobile website bug exposed customer logins to hackers, carrier says no accounts compromised

In the words of a famous disc jockey: "Another one." A young hacker-turned-security researcher in England found a critical vulnerability on T-Mobile's website that basically left records of user logins exposed online for hackers to pillage. The bug was reported and patched in December, and T-Mobile says no customer information was compromised as a result of this flaw.

Read More

T-Mobile bug gave hackers access to customer data using only a phone number

A security researcher has revealed that a recently patched hole in T-Mobile's security made it possible for hackers to vacuum up all your personal account information, and all they needed was your phone number. And you probably give that out all the time. T-Mobile says the vulnerability has been corrected, but there's some question as to how severe the data breach might have been.

Read More

Broadcom WiFi vulnerability allows remote code execution, affects almost all Android devices

We of a certain age remember the days before WiFi was widespread. It sucked. Now, there's a wireless network on every corner bringing you all the wonders (and horrors) of the internet. They can also bring you something else: hacks. A researcher from Google's Project Zero security team has revealed an exploit for Broadcom WiFi chips that can allow an attacker to execute code on your device. They just have to be on the same WiFi network as you.

Read More

[Security] Vulnerability In Firefox For Android Discovered That Allows Hackers To Steal Files From The SD Card And Firefox's Privately Stored Data [Update]

The security of our mobile apps and private data is a very serious matter. This is particularly true for high value targets like web browsers, which often store login credentials that can be used to access many of the websites we use on a regular basis. Unfortunately, browsers are also very complicated applications with an extensive set of features that are difficult to lock down completely. Sebastián Guerrero Selma of viaForensics recently posted a video demonstrating a newly discovered vulnerability in Firefox for Android which would allow hackers to access both the contents of the SD card and the browser's private data.

Read More

PwnMyMoto Roots And Bypasses Write Protection On Moto X, Droid Ultra, Mini, And Maxx, Makes Flashing Custom ROMs A Reality

That didn't take long. Just 2 days after Justin Case released a root method for the Moto X, Droid Ultra, Droid Mini, and Droid Maxx, he's already back with a hack that bypasses write protection. By disabling the write protection afforded by the bootloader, it becomes possible to flash 3rd-party ROMs, themes, and other mods. In other words, the flood gates are open for the modding community.

Much like MotoRoot, PwnMyMoto is packaged as a single app that must be sideloaded with adb. After running it and waiting through 2-3 reboots, your phone will be set up to boot into either the standard write-protected mode (recommended for daily use) or with write protection disabled.

Read More

Apktool Updated To 1.5.1, Brings Android 4.2 Support, The Latest Smali/Baksmali, & Bugfixes

Apktool is a Windows/Mac/Linux utility for reverse engineering Android apps. It allows you to decode an app, change something, rebuild it, and pray it still runs. You're going to need something like this if you're into theming apps, hacking a feature onto someone else's app, finding security holes, or just want to hunt for info.

Apktool has been freshly updated to version 1.5.1, with the new headline feature being "Android 4.2 support." Here's the full changelog.

  • Android 4.2 support
  • Added -a / -aapt command on rebuild to specify location of aapt
  • Updated unit tests for 4.2 support
  • Closed file-handler when writing frameworks to file system.
Read More

See All Your Purchased Android Apps In One Place With The Legacy Play Store

Since time immemorial, the Android Market app let you see a list of just your purchased apps under a "Not installed" section. When the Play Store change happened, that list was still there. Then at some point with all the stealth updates, that list of paid apps went away. Thanks to Paul O'Brien over at Modaco, we have the Legacy Play app that solves that problem by bringing back the "Not installed" list.

legacyss1 legacyss2

O'Brien was able to retrieve an old version of the Play Store client and hack around to make it run alongside the official Play Store. In the Legacy Play Store your My Apps screen will again have a handy list of all your paid apps that are not installed on the device.

Read More