« Posts under Android

The Woz Holding An Android?

You have got to love this!

Google Nexus Woz

AppFence: Protecting User Data from Android Applications

A promising new technology called AppFence is currently being developed to mitigate the risks of misappropriation of the user’s data by today’s Android applications by a team of researchers at the University of Washington. AppFence implements two privacy controls that convertly substitue shadow data in place of data that the user wants to keep private and blocks network transmissions that contain data the user made available to the application for on-device use only. The source code is not available at this time but I’m looking forward to the product of their research.

Of course, if you’re running CyanogenMod7, this capability is available now. In the nightly builds of CyanogenMod7, the CyanogenMod team introduced the ability to revoke app permissions. With the ability to revoke permissions, an application can be installed and it’s access to features such as your contact list revoked, allowing you to use the app without worry about that component of security being exposed. However, revoking their access is likely to cause a force close unless the app is well-coded to handle this scenario.

To accommodate these apps the new feature also supports transparent “spoofing” of access for certain permission such as phone state and phone ID. This allows the system to return false data rather than deny access, which circumvents the force close issue in many cases.

Anyways, take a look at AppFence and the associated research data.

For paranoid Androids, Guardian Project offers smartphone security

The Guardian Project is an open source initiative which aims to take advantage of Google’s Android operating system to bring smartphones the same sort of security and privacy that savvy users have come to expect from laptops and desktops. Featuring capabilities like full-disk encryption, secure instant messaging, and anonymous Web browsing, the project hopes to give people better control of their personal information on mobile devices.

Read more…

Google Android update redistributed with ‘suspicious’ code

The article put out by V3.co.uk is a little misleading. V3 states, “Malware writers have injected code into repackaged versions of a recent Google Android security fix.” The version in the Android market is clean and straight from Google. There’s another version on alternate (Chinese) app stores with the same name and icon, but this version is injected with malicious code.

There’s actually no reason to download this application anyway. Google will use this tool automatically whenever they do a security sweep to detect malicious content that has been installed on devices upon discovery of malicious packages in the market.

Just as V3 states in their article, users should always obtain Android updates directly from known and trusted sources.

Stolen Java Code Shipping with Android…Maybe Not

Reported earlier on FOSSPatents by Florian Mueller (as well as Engadget), Oracle supposedly had new evidence to support their suit against Google for patent infringement. 43 source files that were written specifically for Java turned up in Android’s source code. The over zealous patent troll also made the following claim:

“In light of the evidence I found (and which anyone can verify by downloading the original material), I believe some commentators grossly overrated Google’s defense when they interpreted it as accusing Oracle of manipulating or manufacturing evidence.”

Well, stop the press.

It seems that after further analysis of the files in question, Ed Burnette of ZDNet has concluded that there are in fact no instances of copied code shipping directly with Android. It appears the first set of 7 files are in the unit test area of the source code tree for running internal tests by developers. The second set of 37 files is actually zipped up into one file called MMAPI.zip and tucked away in a directory used for native code audio drivers for one particular type of chip set. The files were evidently used for development and neither set of files actually shipped with Android.

NOOKcolor is B&N’s Best Selling Product This Season

NookColor

I wasn’t surprised by this news. Since the eReader can be turned into viable tablet, it has landed itself the number one spot on Barnes & Noble’s holiday best seller list this year.

After rooting the device, you can install Kindle and Google Books from the Market to give you flexibility to hang on to all the other books you have already purchased. Don’t forget you can also side load any non-DRM books too.

Of course, this is only the start of what you can turn your eReadertablet into.

New Android Trojan Found

Just when you thought it was safe to run around installing any apk you can get your hands on. Not saying you should do this anyway. A report has come out about a new trojan that is making the rounds, dubbed “Geinimi”. It’s essentially being “grafted” on to legitimate applications, mainly games, and distributed into third party App stores. So far, it has only been downloaded from applications hosted by Chinese App Markets.

Lookout researchers, which posted a writeup on Geinimi, have found that it has been wrapped into legitimate free and paid games for Android users with those games’ developers unaware their applications are being used as a lure.

Read more…

Nookcolor

NookColor

OK, this is where I’ve been and what I’ve been doing. I recently got a NookColor and have been spending a lot of time playing. No, it’s not a tablet. It’s an eReader but if you are willing to root your device, you will be happy to know that full Android market access has now been achieved. Thanks to the guys over at XDA Developers rooting has been made easy even for the novice.

The NookColor has just about what I wanted in a functional eReader and I was completely satisfied with what I got for $249. However, with a little work I got a decent tablet at a decent price.

Here’s a couple of links to get you started.
NookColor tablet
NookColor Rooting