News

HTC One with Android 4.3 gets Bluetooth 4.0 certification

July 8th, 2013

Via Android Central:

HTC One

Google Play edition handset spotted at Bluetooth SIG with new Android version

At this point it’s no great secret that Android 4.3 is right around the corner, and that among other things it’ll bring Bluetooth 4.0 support as a standard OS feature. So it’s just as unsurprising to see the the Google Play edition HTC One dropping by the Bluetooth Special Interest Group with support for version 4.0 of the wireless standard.

The device detailed in the certification listing is referred to as “PN071xx_Android 4.3_G” — that’s the HTC One’s model number, and the “G” likely denotes the Google Play edition as opposed to the common-or-garden HTC One running Sense 5. (After all, that device has only just been updated to Android 4.2.)

The listing also shows AVRCP 1.3 support, another Bluetooth feature said to be coming in the next version of Android.

For more on what’s new in Android 4.3, check out our walkthrough of the pre-release build which recently leaked out for the Google Play edition Galaxy S4.


Making sense of the latest Android ‘Master Key’ security scare

July 8th, 2013

Via Android Central:

Security

No spin, no bullshit, just clear simple talk about what’s going on this time

Some real talk about this exploit that the Bluebox security team discovered is needed. The first thing to know is that you’re probably affected. It’s an exploit that works on every device that’s not been patched since Android 1.6. If you’ve rooted and ROM’d your phone, you can freely ignore all of this. None of this counts for you, because there is a whole different set of security concerns that comes with root and custom ROMs for you to worry about.

If you don’t have the infamous “Unknown Sources” permission box checked off in your settings, this all means nothing to you. Carry on, and feel free to be a little smug and self-righteous — you deserve it for eschewing sideloading all this time in case something like this could happen. If you don’t know what this means, ask someone.

For the rest of us, read past the break.

More: IDG News Service.

Special thanks to the whole Android Central Ambassador team for helping me make sense of this!

What is it?

All apps on your Android are signed with a cryptographic key. When it’s time to update that app, the new version must have the same digital signature as the old or it won’t overwrite. You can’t update it, in other words. There are no exceptions, and developers who lose their signing key have to create a brand new app that we have to download all over again. That means starting from zero. All new downloads, all new reviews and ratings. It’s not a trivial matter.

The system apps — the ones that came installed on your phone from HTC or Samsung or Google — also have a key. These apps often have complete administrator access to everything on your phone, because they are trusted apps from the manufacturer. But they’re still just apps.

Still following me?

What we’re talking about now, what Bluebox is talking about, is a method to tear open an Android app and change the code without disturbing the cryptographic key. We cheer when hackers get around locked bootloaders, and this is the same sort of exploit. When you lock something, others will find a way in if they try hard enough. And when your platform is the most popular on the planet, people try very hard.

So, someone can take a system application from a phone. Just pull it right out. Using this exploit, they can edit it to do nasty things — give it a new version number, and pack it back together while keeping the same, valid signing key. You could then potentially install this app right overtop your existing copy, and you now have an app designed to do bad things and it has complete access to your entire system. The whole time, the app will look and behave normally — you’ll never know something fishy is going on.

Yikes.

What’s being done about it?

The folks at Bluebox told the entire Open Handset Alliance about this back in February. Google and OEMs are responsible for patching things to prevent it. Samsung did its part with the Galaxy S4, but every other phone they sell is vulnerable. HTC and the One didn’t make the cut, so all of HTC’s phones are vulnerable. In fact, every phone except the Samsung Touchwiz version Galaxy S4 is vulnerable.

Google hasn’t yet updated Android to patch this issue. I imagine they’re working hard on it — see the issues Chainfire has went through rooting Android 4.3. But Google didn’t sit idly by and ignore it either. The Google Play store has been “patched” so that no tampered apps can be uploaded to Google’s servers. That means any app you download from Google Play is clean — at least where this particular exploit is concerned. But places like Amazon, Slide Me, and of course all those cracked APK forums out there are wide open and every application could have bad JuJu inside it.

So this is a really big deal?

Yes it’s a huge deal. And at the same time, no, it’s really not.

Google will patch the way Android updates apps or the way they are signed. In this cat-and-mouse game, this is a normal occurrence. Google releases software, hackers (both the good kind and the bad kind) try to exploit it, and when they do Google changes the code. That’s how software works, and this sort of thing should be expected when you have enough smart people trying to break in.

On the other hand, the phone you have now may not ever see an update to fix this. Hell, it took Samsung almost a year to patch the browser against an exploit that could erase all your user data on just some of its phones. If you have a phone that you expect to be updated to Android 4.3, you will probably get patched. If not, it’s anybody’s guess. That’s bad — very bad. I’m not trying to slag on the people who make our phones, but truth is truth.

What can I do?

Vulnerable

 

  • Don’t download any apps outside of Google Play.
  • Don’t download any apps outside of Google Play.
  • Don’t download any apps outside of Google Play.
  • In fact, go ahead and turn off the Unknown Sources permission if you like. I did. Anything else leaves you vulnerable. Some “Anti-Virus” apps will check if you have unknown sources enabled if you’re not sure. Get into the forums and find out which one everyone says is the best if you need to.
  • Express your displeasure at not getting essential security updates for your phone. Especially if you’re still on that two-year (or three-year — hello Canada!) contract.
  • Root your phone, and install a ROM that has some sort of fix — the popular ones will likely have on very soon.

So don’t panic. But be proactive and use some common sense. Now is a really good time to stop installing cracked apps, because the people doing the cracking are the same sort of people who could put evil code into the app. If you get any update notices that come from a place other than Google Play, tell somebody. Tell us if you need to. Figure out the people who are trying to pass on these exploits and give them a heavy dose of public shaming and exposure. Cockroaches hate the light.

This will pass like security scares always do, but another will step in to fill its shoes. That’s the nature of the beast. Stay safe guys.


How to make your smartphone look like stock Android without rooting

July 8th, 2013

Via Android Authority:

nexus-4-jelly-bean

Android handsets are purchased on a daily basis, whether we’re talking about that shiny new HTC One, a mid-range device like the Galaxy S4 Mini, or any other phone for that matter.

However, far too many people come to be disappointed with their purchase due to the modifications on top of Android that ruin the experience for them. This problem can be solved by rooting andflashing a custom ROM, but that’s hardly a solution for everyone. But there’s another way to get that vanilla Android experience on a smartphone without rooting.

Developers have been hard at work creating solutions to feed our stock Android craving, in the form of launchers, icon packs, keyboards, and other apps. We’re going to walk you through some of the most useful and show you how to transform the interface into a vanilla-like one, without root and without hassle.

Launchers

There are a lot of cool launchers out there. Action Launcher Pro combined with the Stark icon pack is one of my favorites, however, there are a lot of offerings to get that stock Android feel.

So the first step is to choose a launcher. For that, we’re going to take a look at Nova LauncherApex Launcher, and Holo Launcher HD. Alternatively, you can use Holo Launcher Plus to achieve stock Android for Ice Cream Sandwich.

Nova Launcher is a free download, however, paying for the Prime version of the app will give you access to a few more features. Apex Launcher and Holo Launcher HD are both free downloads, but they have pro versions for added features as well.

launchers-ss-aa

Before and after

When it comes down to it, you’re going to need to choose which one you’re most comfortable and satisfied with. In my case, I went with Nova Launcher. After you have a launcher downloaded, simply hit the Home button on your device. A pop-up window will appear, and you’re going to need to set your chosen launcher as the default (instead of TouchWiz, Sense, etc). Alternatively, open up the Nova Settings, and, on the first page, there’ll be an option to set the Nova Launcher as the default launcher.

Once that’s done, your home screen should, more or less, look like the image above.

Lock screens

Custom lock screens on Android are a fickle thing, as they’re often filled with bugs and are unreliable. However, there are a couple that’ll get the job done, though not many.

Holo Locker Plus is a good a Jelly Bean locker to use when paired with a Jelly Bean-themed wallpaper. If you don’t want to pay for anything, a great alternative is the GO Locker, which will require you to download two apps, the base GO Locker app and then a theme addon, namely a Jelly Bean one.

Once GO Locker is downloaded, adding the Jelly Bean theme is pretty self-explanatory. However, Holo Locker Plus is another story — it’s easy to enable Holo Locker, but in my findings, it does not come with a Jelly Bean wallpaper. So you’re going to need to find your own. To do that, you need the Plus version of Holo Locker to access the features that let you add a custom wallpaper to the lock screen. You can use any wallpaper you’d like, but, to get the coveted stock Android feel, a Jelly Bean wallpaper would be ideal.

lock-screen-aa-final

If you’re looking to achieve stock Android with Ice Cream Sandwich, GO Locker is your best bet with this theme.

If you’re using Holo Locker, the final outcome should look like the image above.

Keyboards and Wallpapers

best android keyboards

Nexy, you need a new keyboard and wallpaper to finalize the makeshift vanilla Android experience we’ve created. A Jelly Bean wallpaper package can be easily found in the Play Store. Anyone will do, but I used this one. A Ice Cream Sandwich wallpaper package can be found in the Play Store easily as well. Lastly, we need a new keyboard.

When it comes to keyboards, you really don’t need a Jelly Bean one in particular. Any kind will do as long as you’re comfortable with it, even if its your manufacturer’s stock keyboard. However, a lot of people tend to go for things like SwiftKey or Swype. If you insist on a stock Jelly Bean keyboard though, Google recently brought it to Google Play.

Final thoughts

It should only take you a few minutes to complete these steps. After you do though, you’ll have an awesome makeshift vanilla Android experience on any device of your choosing. If you’d like to break away from stock Android a tad bit, I like to download the Stark icon pack to freshen things up a little bit. It’s not a requirement though, it just looks nice.

Finally, to show you that this was all done using apps through the Google Play Store, we used Root Checker to prove that there was no rooting or flashing involved.

rootcheck

Do you plan on using this method for a makeshift vanilla Android experience? If you went ahead with it, how did it work out for you?