I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.
These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison. Read More
The Droid 3 is the most powerful Droid to date -- its 1Ghz dual-core OMAP processor and Android 2.3.4 make it a speedy and capable device. As with most devices, D3 owners wanted root access in order to take full advantage of all that it had to offer. That day has finally arrived, as the D3 has been rooted by developer drjbliss from the XDA forums.
The rooting process seems to be rather easy, granted you have ADB set up and know how to use it. Read More
Regardless of where you sit in the tech world, there is one thing that affects us all: security vulnerabilities. Unfortunately, our little green robot is no exception this rule, and The Register recently dropped a report on a potentially bad exploit.
Apparently, in Android 2.3.3 and below, there is a vulnerability that would allow attackers to collect digital tokens that are stored on the device after users login to Google Calendar, Facebook, Twitter, and "several other accounts."
Here's how it works: when you login to an account, an authToken is stored locally on your device for 14 days, allowing you to re-access the service without hassle. Read More
Skype released an update to its Android app this morning, remedying the vulnerability which exposed tons of personal info that we revealed last week. Our own Justin Case who originally found the issue has taken a look at the updated version of the app and confirmed that the exploit he developed to demonstrate the vulnerability no longer functions.
Specifically, Skype has changed the permissions of the databases (which contain the personal information) in question. Read More
Update #1: Skype is investigating the issue, we've been told.
Update #2: Skype's official first response can be found here.
The safety of our personal information is often a concern of mine - who has my email address, my phone number, my date of birth? How can I keep my private information safe while still enjoying the internet? These concerns have prompted me to take a deeper look at Android apps more than once, and often this can yield some frightening information. Read More
A new report from eWeek came out today stating that another researcher, Xuxian Jiang, this time from North Carolina State University, stepped forward with a tweak to the very same vulnerability Google reportedly patched. Read More
A few days ago, the code for the Nexus One's 2.2.1 update went AOSP (Android Open Source Project), meaning that the source code became available to developers. It was comprised mostly of bugfixes and other things that weren't major... oh, and it also patched the exploits that allowed Universal Androot to unlock your device. We had a short conversation about it on Twitter with Cyanogen (the conversation starts at the bottom and goes up):
As if breaking Universal Androot wasn't enough, apparently the new update also prevents existing installations of Swype and some other aftermarket keyboards from working. Read More